Analysis
-
max time kernel
0s -
max time network
95s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
25-11-2022 08:38
Static task
static1
Behavioral task
behavioral1
Sample
4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral2
Sample
4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral3
Sample
4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral4
Sample
4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
Resource
debian9-mipsel-20221111-en
General
-
Target
4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
-
Size
35KB
-
MD5
92fc64f05b1b0597acc58b7cc839a33b
-
SHA1
f9b3668004fb6810a3a6a44e31fb027782233dfc
-
SHA256
4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
-
SHA512
58431bb60c834224b567727db06c1f6adf0845b76aec00aa18200a0e5a1758e2422695c2ad7268db22e77ea57748adb05affb90bec56bd397d62416c4f885094
-
SSDEEP
384:EQQwQHDf6lpTWg3vM4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdUeUoJpJydIDbS:oFNB48Fkc2zq0xvcGGIZ3L8eW
Malware Config
Signatures
-
Deletes system logs 1 TTPs 1 IoCs
Processes:
rmdescription ioc process /var/log/syslog /var/log/syslog rm -
Adds new SSH keys 1 IoCs
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
Processes:
catdescription ioc process /root/.ssh/authorized_keys /root/.ssh/authorized_keys cat -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder 1 TTPs 2 IoCs
Processes:
ufwdescription ioc process /usr/bin/pyvenv.cfg /usr/bin/pyvenv.cfg ufw /usr/sbin/ufw /usr/sbin/ufw ufw -
Reads CPU attributes 1 TTPs 11 IoCs
Processes:
killpspspspspspspspspspsdescription ioc process /sys/devices/system/cpu/online /sys/devices/system/cpu/online kill /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps -
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes:
modprobedescription ioc process /sys/module/ip6_tables/initstate /sys/module/ip6_tables/initstate modprobe /sys/module/x_tables/initstate /sys/module/x_tables/initstate modprobe -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
pspspspspspspsps4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612pspsmvdescription ioc process /proc/29/status /proc/29/status ps /proc/83/cmdline /proc/83/cmdline ps /proc/19/stat /proc/19/stat ps /proc/569/status /proc/569/status ps /proc/16/status /proc/16/status ps /proc/158/stat /proc/158/stat ps /proc/11/status /proc/11/status ps /proc/541/status /proc/541/status ps /proc/14/cmdline /proc/14/cmdline ps /proc/35/status /proc/35/status ps /proc/159/cmdline /proc/159/cmdline ps /proc/899/stat /proc/899/stat ps /proc/127/cmdline /proc/127/cmdline ps /proc/252/cmdline /proc/252/cmdline ps /proc/32/cmdline /proc/32/cmdline ps /proc/569/stat /proc/569/stat ps /proc/158/cmdline /proc/158/cmdline ps /proc/82/stat /proc/82/stat ps /proc/169/status /proc/169/status ps /proc/167/stat /proc/167/stat ps /proc/28/stat /proc/28/stat ps /proc/370/cmdline /proc/370/cmdline ps /proc/571/status /proc/571/status ps /proc/157/stat /proc/157/stat ps /proc/23/stat /proc/23/stat ps /proc/sys/vm/nr_hugepages /proc/sys/vm/nr_hugepages 4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612 /proc/stat /proc/stat ps /proc/3/cmdline /proc/3/cmdline ps /proc/27/stat /proc/27/stat ps /proc/882/cmdline /proc/882/cmdline ps /proc/310/stat /proc/310/stat ps /proc/393/stat /proc/393/stat ps /proc/meminfo /proc/meminfo ps /proc/32/stat /proc/32/stat ps /proc/168/cmdline /proc/168/cmdline ps /proc/193/cmdline /proc/193/cmdline ps /proc/20/status /proc/20/status ps /proc/19/cmdline /proc/19/cmdline ps /proc/29/stat /proc/29/stat ps /proc/85/cmdline /proc/85/cmdline ps /proc/23/stat /proc/23/stat ps /proc/26/status /proc/26/status ps /proc/14/status /proc/14/status ps /proc/23/stat /proc/23/stat ps /proc/85/cmdline /proc/85/cmdline ps /proc/8/stat /proc/8/stat ps /proc/394/cmdline /proc/394/cmdline ps /proc/156/cmdline /proc/156/cmdline ps /proc/2/cmdline /proc/2/cmdline ps /proc/15/cmdline /proc/15/cmdline ps /proc/156/cmdline /proc/156/cmdline ps /proc/10/status /proc/10/status ps /proc/36/status /proc/36/status ps /proc/82/stat /proc/82/stat ps /proc/sys/kernel/osrelease /proc/sys/kernel/osrelease ps /proc/10/stat /proc/10/stat ps /proc/6/cmdline /proc/6/cmdline ps /proc/892/status /proc/892/status ps /proc/filesystems /proc/filesystems mv /proc/167/cmdline /proc/167/cmdline ps /proc/25/stat /proc/25/stat ps /proc/meminfo /proc/meminfo ps /proc/391/cmdline /proc/391/cmdline ps /proc/16/cmdline /proc/16/cmdline ps -
Writes file to tmp directory 6 IoCs
Malware often drops required files in the /tmp directory.
Processes:
chattrrmrmrmrm4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612description ioc process /tmp/ /tmp/ chattr /tmp/addres* /tmp/addres* rm /tmp/walle* /tmp/walle* rm /tmp/keys /tmp/keys rm /tmp/.null /tmp/.null rm /tmp/4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612 /tmp/4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612 4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
Processes
-
/tmp/4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612/tmp/4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b6121⤵
- Reads runtime system information
- Writes file to tmp directory
PID:571 -
/bin/syncsync2⤵PID:572
-
/bin/catcat /var/spool/cron/2⤵
- Creates/modifies Cron job
PID:578 -
/bin/catcat /root/.ssh/authorized_keys2⤵
- Adds new SSH keys
PID:579 -
/bin/mvmv /usr/bin/curl /usr/bin/url2⤵PID:580
-
/bin/mvmv /usr/bin/url /usr/bin/cd12⤵PID:581
-
/bin/mvmv /usr/bin/wget /usr/bin/get2⤵
- Reads runtime system information
PID:582 -
/bin/mvmv /usr/bin/get /usr/bin/wd12⤵PID:583
-
/bin/rmrm -rf /var/log/syslog2⤵
- Deletes system logs
PID:584 -
/usr/bin/chattrchattr -iua /tmp/2⤵
- Writes file to tmp directory
PID:585 -
/usr/bin/chattrchattr -iua /var/tmp/2⤵PID:586
-
/usr/sbin/ufwufw disable2⤵
- Write file to user bin folder
PID:587 -
/sbin/iptables/sbin/iptables -V3⤵PID:588
-
/lib/ufw/ufw-init/lib/ufw/ufw-init force-stop3⤵PID:589
-
/sbin/ip6tablesip6tables -L INPUT -n4⤵PID:590
-
/sbin/iptablesiptables -F ufw-logging-deny4⤵PID:595
-
/sbin/iptablesiptables -F ufw-logging-allow4⤵PID:598
-
/sbin/iptablesiptables -F ufw-not-local4⤵PID:599
-
/sbin/iptablesiptables -F ufw-user-logging-input4⤵PID:600
-
/sbin/iptablesiptables -F ufw-user-limit-accept4⤵PID:601
-
/sbin/iptablesiptables -F ufw-user-limit4⤵PID:602
-
/sbin/iptablesiptables -F ufw-skip-to-policy-input4⤵PID:603
-
/sbin/iptablesiptables -F ufw-reject-input4⤵PID:604
-
/sbin/iptablesiptables -F ufw-after-logging-input4⤵PID:605
-
/sbin/iptablesiptables -F ufw-after-input4⤵PID:606
-
/sbin/iptablesiptables -F ufw-user-input4⤵PID:607
-
/sbin/iptablesiptables -F ufw-before-input4⤵PID:608
-
/sbin/iptablesiptables -F ufw-before-logging-input4⤵PID:609
-
/sbin/iptablesiptables -F ufw-skip-to-policy-forward4⤵PID:610
-
/sbin/iptablesiptables -F ufw-reject-forward4⤵PID:611
-
/sbin/iptablesiptables -F ufw-after-logging-forward4⤵PID:612
-
/sbin/iptablesiptables -F ufw-after-forward4⤵PID:613
-
/sbin/iptablesiptables -F ufw-user-logging-forward4⤵PID:614
-
/sbin/iptablesiptables -F ufw-user-forward4⤵PID:615
-
/sbin/iptablesiptables -F ufw-before-forward4⤵PID:616
-
/sbin/iptablesiptables -F ufw-before-logging-forward4⤵PID:617
-
/sbin/iptablesiptables -F ufw-track-forward4⤵PID:618
-
/sbin/iptablesiptables -F ufw-track-output4⤵PID:619
-
/sbin/iptablesiptables -F ufw-track-input4⤵PID:620
-
/sbin/iptablesiptables -F ufw-skip-to-policy-output4⤵PID:621
-
/sbin/iptablesiptables -F ufw-reject-output4⤵PID:622
-
/sbin/iptablesiptables -F ufw-after-logging-output4⤵PID:623
-
/sbin/iptablesiptables -F ufw-after-output4⤵PID:624
-
/sbin/iptablesiptables -F ufw-user-logging-output4⤵PID:625
-
/sbin/iptablesiptables -F ufw-user-output4⤵PID:626
-
/sbin/iptablesiptables -F ufw-before-output4⤵PID:627
-
/sbin/iptablesiptables -F ufw-before-logging-output4⤵PID:628
-
/sbin/iptablesiptables -Z ufw-logging-deny4⤵PID:629
-
/sbin/iptablesiptables -Z ufw-logging-allow4⤵PID:630
-
/sbin/iptablesiptables -Z ufw-not-local4⤵PID:631
-
/sbin/iptablesiptables -Z ufw-user-logging-input4⤵PID:632
-
/sbin/iptablesiptables -Z ufw-user-limit-accept4⤵PID:633
-
/sbin/iptablesiptables -Z ufw-user-limit4⤵PID:634
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-input4⤵PID:635
-
/sbin/iptablesiptables -Z ufw-reject-input4⤵PID:636
-
/sbin/iptablesiptables -Z ufw-after-logging-input4⤵PID:637
-
/sbin/iptablesiptables -Z ufw-after-input4⤵PID:638
-
/sbin/iptablesiptables -Z ufw-user-input4⤵PID:639
-
/sbin/iptablesiptables -Z ufw-before-input4⤵PID:640
-
/sbin/iptablesiptables -Z ufw-before-logging-input4⤵PID:641
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-forward4⤵PID:642
-
/sbin/iptablesiptables -Z ufw-reject-forward4⤵PID:643
-
/sbin/iptablesiptables -Z ufw-after-logging-forward4⤵PID:644
-
/sbin/iptablesiptables -Z ufw-after-forward4⤵PID:645
-
/sbin/iptablesiptables -Z ufw-user-logging-forward4⤵PID:646
-
/sbin/iptablesiptables -Z ufw-user-forward4⤵PID:647
-
/sbin/iptablesiptables -Z ufw-before-forward4⤵PID:648
-
/sbin/iptablesiptables -Z ufw-before-logging-forward4⤵PID:649
-
/sbin/iptablesiptables -Z ufw-track-forward4⤵PID:650
-
/sbin/iptablesiptables -Z ufw-track-output4⤵PID:651
-
/sbin/iptablesiptables -Z ufw-track-input4⤵PID:652
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-output4⤵PID:653
-
/sbin/iptablesiptables -Z ufw-reject-output4⤵PID:654
-
/sbin/iptablesiptables -Z ufw-after-logging-output4⤵PID:655
-
/sbin/iptablesiptables -Z ufw-after-output4⤵PID:656
-
/sbin/iptablesiptables -Z ufw-user-logging-output4⤵PID:657
-
/sbin/iptablesiptables -Z ufw-user-output4⤵PID:658
-
/sbin/iptablesiptables -Z ufw-before-output4⤵PID:659
-
/sbin/iptablesiptables -Z ufw-before-logging-output4⤵PID:660
-
/sbin/iptablesiptables -X ufw-logging-deny4⤵PID:661
-
/sbin/iptablesiptables -X ufw-logging-allow4⤵PID:662
-
/sbin/iptablesiptables -X ufw-not-local4⤵PID:663
-
/sbin/iptablesiptables -X ufw-user-logging-input4⤵PID:664
-
/sbin/iptablesiptables -X ufw-user-logging-output4⤵PID:665
-
/sbin/iptablesiptables -X ufw-user-logging-forward4⤵PID:666
-
/sbin/iptablesiptables -X ufw-user-limit-accept4⤵PID:667
-
/sbin/iptablesiptables -X ufw-user-limit4⤵PID:668
-
/sbin/iptablesiptables -X ufw-user-input4⤵PID:669
-
/sbin/iptablesiptables -X ufw-user-forward4⤵PID:670
-
/sbin/iptablesiptables -X ufw-user-output4⤵PID:671
-
/sbin/iptablesiptables -X ufw-skip-to-policy-input4⤵PID:672
-
/sbin/iptablesiptables -X ufw-skip-to-policy-output4⤵PID:673
-
/sbin/iptablesiptables -X ufw-skip-to-policy-forward4⤵PID:674
-
/sbin/iptablesiptables -P INPUT ACCEPT4⤵PID:675
-
/sbin/iptablesiptables -P OUTPUT ACCEPT4⤵PID:676
-
/sbin/iptablesiptables -P FORWARD ACCEPT4⤵PID:677
-
/sbin/ip6tablesip6tables -F ufw6-logging-deny4⤵PID:678
-
/sbin/ip6tablesip6tables -F ufw6-logging-allow4⤵PID:679
-
/sbin/ip6tablesip6tables -F ufw6-not-local4⤵PID:680
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-input4⤵PID:681
-
/sbin/ip6tablesip6tables -F ufw6-user-limit-accept4⤵PID:682
-
/sbin/ip6tablesip6tables -F ufw6-user-limit4⤵PID:683
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-input4⤵PID:684
-
/sbin/ip6tablesip6tables -F ufw6-reject-input4⤵PID:685
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-input4⤵PID:686
-
/sbin/ip6tablesip6tables -F ufw6-after-input4⤵PID:687
-
/sbin/ip6tablesip6tables -F ufw6-user-input4⤵PID:688
-
/sbin/ip6tablesip6tables -F ufw6-before-input4⤵PID:689
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-input4⤵PID:690
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-forward4⤵PID:691
-
/sbin/ip6tablesip6tables -F ufw6-reject-forward4⤵PID:692
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-forward4⤵PID:693
-
/sbin/ip6tablesip6tables -F ufw6-after-forward4⤵PID:694
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-forward4⤵PID:695
-
/sbin/ip6tablesip6tables -F ufw6-user-forward4⤵PID:696
-
/sbin/ip6tablesip6tables -F ufw6-before-forward4⤵PID:697
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-forward4⤵PID:698
-
/sbin/ip6tablesip6tables -F ufw6-track-forward4⤵PID:699
-
/sbin/ip6tablesip6tables -F ufw6-track-output4⤵PID:700
-
/sbin/ip6tablesip6tables -F ufw6-track-input4⤵PID:701
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-output4⤵PID:702
-
/sbin/ip6tablesip6tables -F ufw6-reject-output4⤵PID:703
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-output4⤵PID:704
-
/sbin/ip6tablesip6tables -F ufw6-after-output4⤵PID:705
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-output4⤵PID:706
-
/sbin/ip6tablesip6tables -F ufw6-user-output4⤵PID:707
-
/sbin/ip6tablesip6tables -F ufw6-before-output4⤵PID:708
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-output4⤵PID:709
-
/sbin/ip6tablesip6tables -Z ufw6-logging-deny4⤵PID:710
-
/sbin/ip6tablesip6tables -Z ufw6-logging-allow4⤵PID:711
-
/sbin/ip6tablesip6tables -Z ufw6-not-local4⤵PID:712
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-input4⤵PID:713
-
/sbin/ip6tablesip6tables -Z ufw6-user-limit-accept4⤵PID:714
-
/sbin/ip6tablesip6tables -Z ufw6-user-limit4⤵PID:715
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-input4⤵PID:716
-
/sbin/ip6tablesip6tables -Z ufw6-reject-input4⤵PID:717
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-input4⤵PID:718
-
/sbin/ip6tablesip6tables -Z ufw6-after-input4⤵PID:719
-
/sbin/ip6tablesip6tables -Z ufw6-user-input4⤵PID:720
-
/sbin/ip6tablesip6tables -Z ufw6-before-input4⤵PID:721
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-input4⤵PID:722
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-forward4⤵PID:723
-
/sbin/ip6tablesip6tables -Z ufw6-reject-forward4⤵PID:724
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-forward4⤵PID:725
-
/sbin/ip6tablesip6tables -Z ufw6-after-forward4⤵PID:726
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-forward4⤵PID:727
-
/sbin/ip6tablesip6tables -Z ufw6-user-forward4⤵PID:728
-
/sbin/ip6tablesip6tables -Z ufw6-before-forward4⤵PID:729
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-forward4⤵PID:730
-
/sbin/ip6tablesip6tables -Z ufw6-track-forward4⤵PID:731
-
/sbin/ip6tablesip6tables -Z ufw6-track-output4⤵PID:732
-
/sbin/ip6tablesip6tables -Z ufw6-track-input4⤵PID:733
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-output4⤵PID:734
-
/sbin/ip6tablesip6tables -Z ufw6-reject-output4⤵PID:735
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-output4⤵PID:736
-
/sbin/ip6tablesip6tables -Z ufw6-after-output4⤵PID:737
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-output4⤵PID:738
-
/sbin/ip6tablesip6tables -Z ufw6-user-output4⤵PID:739
-
/sbin/ip6tablesip6tables -Z ufw6-before-output4⤵PID:740
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-output4⤵PID:741
-
/sbin/ip6tablesip6tables -X ufw6-logging-deny4⤵PID:742
-
/sbin/ip6tablesip6tables -X ufw6-logging-allow4⤵PID:743
-
/sbin/ip6tablesip6tables -X ufw6-not-local4⤵PID:744
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-input4⤵PID:745
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-output4⤵PID:746
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-forward4⤵PID:747
-
/sbin/ip6tablesip6tables -X ufw6-user-limit-accept4⤵PID:748
-
/sbin/ip6tablesip6tables -X ufw6-user-limit4⤵PID:749
-
/sbin/ip6tablesip6tables -X ufw6-user-input4⤵PID:750
-
/sbin/ip6tablesip6tables -X ufw6-user-forward4⤵PID:751
-
/sbin/ip6tablesip6tables -X ufw6-user-output4⤵PID:752
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-input4⤵PID:753
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-output4⤵PID:754
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-forward4⤵PID:755
-
/sbin/ip6tablesip6tables -P INPUT ACCEPT4⤵PID:756
-
/sbin/ip6tablesip6tables -P OUTPUT ACCEPT4⤵PID:757
-
/sbin/ip6tablesip6tables -P FORWARD ACCEPT4⤵PID:758
-
/sbin/iptablesiptables -F2⤵PID:759
-
/usr/sbin/userdeluserdel akay2⤵PID:760
-
/usr/sbin/userdeluserdel vfinder2⤵PID:761
-
/bin/rmrm -rf "/tmp/addres*"2⤵
- Writes file to tmp directory
PID:762 -
/bin/rmrm -rf "/tmp/walle*"2⤵
- Writes file to tmp directory
PID:763 -
/bin/rmrm -rf /tmp/keys2⤵
- Writes file to tmp directory
PID:764 -
/bin/rmrm -f /tmp/.null2⤵
- Writes file to tmp directory
PID:765 -
/sbin/sysctlsysctl -w "vm.nr_hugepages=128"2⤵PID:766
-
/bin/grepgrep 185.71.65.2382⤵PID:768
-
/usr/bin/awkawk "{print \$7}"2⤵PID:769
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:770
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:771
-
/bin/grepgrep 140.82.52.872⤵PID:773
-
/usr/bin/awkawk "{print \$7}"2⤵PID:774
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:775
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:776
-
/bin/grepgrep :4432⤵PID:778
-
/usr/bin/awkawk "{print \$7}"2⤵PID:779
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:780
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:782
-
/bin/grepgrep -v -2⤵PID:781
-
/bin/grepgrep :232⤵PID:784
-
/usr/bin/awkawk "{print \$7}"2⤵PID:785
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:786
-
/bin/grepgrep -v -2⤵PID:787
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:788
-
/bin/grepgrep :4432⤵PID:790
-
/usr/bin/awkawk "{print \$7}"2⤵PID:791
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:792
-
/bin/grepgrep -v -2⤵PID:793
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:794
-
/bin/grepgrep :1432⤵PID:796
-
/usr/bin/awkawk "{print \$7}"2⤵PID:797
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:798
-
/bin/grepgrep -v -2⤵PID:799
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:800
-
/bin/grepgrep :22222⤵PID:802
-
/usr/bin/awkawk "{print \$7}"2⤵PID:803
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:804
-
/bin/grepgrep -v -2⤵PID:805
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:806
-
/bin/grepgrep :33332⤵PID:808
-
/usr/bin/awkawk "{print \$7}"2⤵PID:809
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:810
-
/bin/grepgrep -v -2⤵PID:811
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:812
-
/bin/grepgrep :33892⤵PID:814
-
/usr/bin/awkawk "{print \$7}"2⤵PID:815
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:816
-
/bin/grepgrep -v -2⤵PID:817
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:818
-
/bin/grepgrep :55552⤵PID:820
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:822
-
/usr/bin/awkawk "{print \$7}"2⤵PID:821
-
/bin/grepgrep -v -2⤵PID:823
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:824
-
/bin/grepgrep :66662⤵PID:826
-
/usr/bin/awkawk "{print \$7}"2⤵PID:827
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:828
-
/bin/grepgrep -v -2⤵PID:829
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:830
-
/bin/grepgrep :66652⤵PID:832
-
/usr/bin/awkawk "{print \$7}"2⤵PID:833
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:834
-
/bin/grepgrep -v -2⤵PID:835
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:836
-
/bin/grepgrep :66672⤵PID:838
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:840
-
/usr/bin/awkawk "{print \$7}"2⤵PID:839
-
/bin/grepgrep -v -2⤵PID:841
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:842
-
/bin/grepgrep :77772⤵PID:844
-
/usr/bin/awkawk "{print \$7}"2⤵PID:845
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:846
-
/bin/grepgrep -v -2⤵PID:847
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:848
-
/bin/grepgrep :84442⤵PID:850
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:852
-
/usr/bin/awkawk "{print \$7}"2⤵PID:851
-
/bin/grepgrep -v -2⤵PID:853
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:854
-
/bin/grepgrep :33472⤵PID:856
-
/usr/bin/awkawk "{print \$7}"2⤵PID:857
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:858
-
/bin/grepgrep -v -2⤵PID:859
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:860
-
/bin/grepgrep -v grep2⤵PID:862
-
/bin/grepgrep :33332⤵PID:863
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:861 -
/usr/bin/awkawk "{print \$2}"2⤵PID:864
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:865
-
/bin/grepgrep -v grep2⤵PID:867
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:866 -
/usr/bin/awkawk "{print \$2}"2⤵PID:869
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:870
-
/bin/grepgrep :55552⤵PID:868
-
/bin/grepgrep -v grep2⤵PID:872
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:871 -
/bin/grepgrep "kworker -c\\"2⤵PID:873
-
/usr/bin/awkawk "{print \$2}"2⤵PID:874
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:875
-
/bin/grepgrep -v grep2⤵PID:877
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:876 -
/bin/grepgrep log_2⤵PID:878
-
/usr/bin/awkawk "{print \$2}"2⤵PID:879
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:880
-
/bin/grepgrep -v grep2⤵PID:882
-
/bin/grepgrep systemten2⤵PID:883
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:881 -
/usr/bin/awkawk "{print \$2}"2⤵PID:884
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:885
-
/bin/grepgrep -v grep2⤵PID:887
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:886 -
/bin/grepgrep netns2⤵PID:888
-
/usr/bin/awkawk "{print \$2}"2⤵PID:889
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:890
-
/usr/local/sbin/killkill -9 143⤵PID:891
-
/usr/local/bin/killkill -9 143⤵PID:891
-
/usr/sbin/killkill -9 143⤵PID:891
-
/usr/bin/killkill -9 143⤵PID:891
-
/sbin/killkill -9 143⤵PID:891
-
/bin/killkill -9 143⤵
- Reads CPU attributes
PID:891 -
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:892 -
/bin/grepgrep voltuned2⤵PID:894
-
/bin/grepgrep -v grep2⤵PID:893
-
/usr/bin/awkawk "{print \$2}"2⤵PID:895
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:896
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:897 -
/bin/grepgrep -v grep2⤵PID:898
-
/bin/grepgrep darwin2⤵PID:899
-
/usr/bin/awkawk "{print \$2}"2⤵PID:900
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:901
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:902 -
/bin/grepgrep -v grep2⤵PID:903
-
/bin/grepgrep /tmp/dl2⤵PID:904
-
/usr/bin/awkawk "{print \$2}"2⤵PID:905
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:906
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:907 -
/bin/grepgrep -v grep2⤵PID:908
-
/bin/grepgrep /tmp/ddg2⤵PID:909
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:911
-
/usr/bin/awkawk "{print \$2}"2⤵PID:910
-
/bin/grepgrep -v grep2⤵PID:913
-
/bin/psps aux2⤵PID:912
-
/bin/grepgrep /tmp/pprt2⤵PID:914
-
/sbin/modprobe/sbin/modprobe ip6_tables1⤵
- Enumerates kernel/hardware configuration
PID:591