xorddos | 8990c690ba23b4aa59e900084dd27c71b59728857dc30626892d495487791cb3

Analysis

max time kernel
149s
max time network
152s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
29-07-2024 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a5fbd54bcfacae5b6b7ba089e7ff543_JaffaCakes118
Size

537KB
MD5

5a5fbd54bcfacae5b6b7ba089e7ff543
SHA1

b92b3bf25c0a8246355177bfac4aba5831893827
SHA256

8990c690ba23b4aa59e900084dd27c71b59728857dc30626892d495487791cb3
SHA512

53c36bdd8f2d228e4a4014eb42e982cc32047ea8651912c7dc7926c697df0fbe9fd54df3b9c80a445f0c786d46f3a33b976c21c1ff109b34233035971a5a0b80
SSDEEP

12288:ISraVbNYn/gpq5xnFeEu1eZ1gVcxfwbuHvh3u6yp5k:Im8bKEWt0EucZ1gVcxfwa53U

Score

10^/10

xorddos botnet downloader persistence

Malware Config

Extracted

Family

xorddos

topbannersun.com:5414

wowapplecar.com:5414

Attributes

crc_polynomial
CDB88320

xor.plain

Signatures

XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 1 IoCs

resource	yara_rule
behavioral1/files/fstream-2.dat	family_xorddos

Deletes itself 64 IoCs

pid
1398
1405
1408
1414
1411
1417
1420
1426
1429
1432
1435
1474
1477
1480
1483
1486
1489
1492
1495
1498
1501
1504
1507
1510
1513
1516
1519
1522
1525
1528
1531
1534
1537
1540
1543
1546
1549
1552
1555
1558
1561
1564
1567
1570
1573
1576
1579
1582
1585
1588
1591
1594
1597
1600
1603
1606
1609
1612
1615
1618
1621
1624
1627
1630

Executes dropped EXE 64 IoCs

ioc	pid	Process
/usr/bin/klqotdhrob	1400	klqotdhrob
/usr/bin/hqngmzwln	1404	hqngmzwln
/usr/bin/obhyjdftjuwmp	1407	obhyjdftjuwmp
/usr/bin/reyvsssusb	1410	reyvsssusb
/usr/bin/rxphsnxv	1413	rxphsnxv
/usr/bin/xezcxiw	1416	xezcxiw
/usr/bin/xnjoshjkccgufd	1419	xnjoshjkccgufd
/usr/bin/uuvhuqetufwt	1425	uuvhuqetufwt
/usr/bin/upniybah	1428	upniybah
/usr/bin/jotguytztquc	1431	jotguytztquc
/usr/bin/mifiod	1434	mifiod
/usr/bin/qacjiu	1473	qacjiu
/usr/bin/swhqiaibpa	1476	swhqiaibpa
/usr/bin/flvpamlwjrij	1479	flvpamlwjrij
/usr/bin/ajdjtzmlwudg	1482	ajdjtzmlwudg
/usr/bin/njmncraxjbku	1485	njmncraxjbku
/usr/bin/toierinus	1488	toierinus
/usr/bin/vetrawz	1491	vetrawz
/usr/bin/mljzncck	1494	mljzncck
/usr/bin/dwicpymtpv	1497	dwicpymtpv
/usr/bin/lpogvj	1500	lpogvj
/usr/bin/zwabgggik	1503	zwabgggik
/usr/bin/efoknsgctms	1506	efoknsgctms
/usr/bin/amkitik	1509	amkitik
/usr/bin/mlznmftvogtulj	1512	mlznmftvogtulj
/usr/bin/zbmdwz	1515	zbmdwz
/usr/bin/qzkcidkugxfhmt	1518	qzkcidkugxfhmt
/usr/bin/focnjybt	1521	focnjybt
/usr/bin/awrfvqalrkobp	1524	awrfvqalrkobp
/usr/bin/vxxcejwtrm	1527	vxxcejwtrm
/usr/bin/ewwhrchntoilp	1530	ewwhrchntoilp
/usr/bin/mgtmeqkgxv	1533	mgtmeqkgxv
/usr/bin/orrvppci	1536	orrvppci
/usr/bin/mvnagz	1539	mvnagz
/usr/bin/egtqmoc	1542	egtqmoc
/usr/bin/gozdkdxywptne	1545	gozdkdxywptne
/usr/bin/vwktkkzlcftxv	1548	vwktkkzlcftxv
/usr/bin/xyrozxyeuydluq	1551	xyrozxyeuydluq
/usr/bin/sooehaoinqngp	1554	sooehaoinqngp
/usr/bin/mahmuxntxt	1557	mahmuxntxt
/usr/bin/wwbsptmdhqk	1560	wwbsptmdhqk
/usr/bin/gvmvtjwlarzdzr	1563	gvmvtjwlarzdzr
/usr/bin/jajizs	1566	jajizs
/usr/bin/pjegjktjf	1569	pjegjktjf
/usr/bin/fsvydtmd	1572	fsvydtmd
/usr/bin/ngmhxxhgfgy	1575	ngmhxxhgfgy
/usr/bin/vjyeslxeqzj	1578	vjyeslxeqzj
/usr/bin/wjnrxselas	1581	wjnrxselas
/usr/bin/xpzdxh	1584	xpzdxh
/usr/bin/temriheilvjwf	1587	temriheilvjwf
/usr/bin/fvwfnbqotk	1590	fvwfnbqotk
/usr/bin/surmyx	1593	surmyx
/usr/bin/gwtlxpwfyksulo	1596	gwtlxpwfyksulo
/usr/bin/rmqqbozriun	1599	rmqqbozriun
/usr/bin/oyhuuchru	1602	oyhuuchru
/usr/bin/wsqqmbf	1605	wsqqmbf
/usr/bin/utakxqm	1608	utakxqm
/usr/bin/agebouzx	1611	agebouzx
/usr/bin/vazowfmovcczjl	1614	vazowfmovcczjl
/usr/bin/ngcdusfaygqs	1617	ngcdusfaygqs
/usr/bin/okeqksmpecnj	1620	okeqksmpecnj
/usr/bin/mgfaafcnnu	1623	mgfaafcnnu
/usr/bin/cewhyxuwlrapg	1626	cewhyxuwlrapg
/usr/bin/bsyegls	1629	bsyegls

Creates/modifies Cron job 1 TTPs 1 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task/Job

T1053

description	ioc	Process
File opened for modification	/etc/cron.hourly/borhdtoqlk.sh	klqotdhrob

Modifies init.d 1 TTPs 1 IoCs

Adds/modifies system service, likely for persistence.

persistence

Boot or Logon Autostart Execution

T1547

description	ioc	Process
File opened for modification	/etc/init.d/borhdtoqlk	klqotdhrob

Write file to user bin folder 1 TTPs 64 IoCs

Hijack Execution Flow

T1574

description	ioc	Process
File opened for modification	/usr/bin/bkesfducxdy	klqotdhrob
File opened for modification	/usr/bin/focnjybt	klqotdhrob
File opened for modification	/usr/bin/giadei	klqotdhrob
File opened for modification	/usr/bin/uqgytukzxwg	klqotdhrob
File opened for modification	/usr/bin/uoaiastzpvw	klqotdhrob
File opened for modification	/usr/bin/ifdaxs	klqotdhrob
File opened for modification	/usr/bin/ywisliefihkwaf	klqotdhrob
File opened for modification	/usr/bin/zqxiaqjsjxq	klqotdhrob
File opened for modification	/usr/bin/hccnqo	klqotdhrob
File opened for modification	/usr/bin/borhdtoqlk	klqotdhrob
File opened for modification	/usr/bin/swhqiaibpa	klqotdhrob
File opened for modification	/usr/bin/sduckx	klqotdhrob
File opened for modification	/usr/bin/lzvyjv	klqotdhrob
File opened for modification	/usr/bin/rlmmuuyu	klqotdhrob
File opened for modification	/usr/bin/toxophmp	klqotdhrob
File opened for modification	/usr/bin/jerrcdet	klqotdhrob
File opened for modification	/usr/bin/tkfnailyifnyd	klqotdhrob
File opened for modification	/usr/bin/siqzuxpogrf	klqotdhrob
File opened for modification	/usr/bin/toierinus	klqotdhrob
File opened for modification	/usr/bin/qwusavhehhfc	klqotdhrob
File opened for modification	/usr/bin/knuyirvz	klqotdhrob
File opened for modification	/usr/bin/egtqmoc	klqotdhrob
File opened for modification	/usr/bin/surmyx	klqotdhrob
File opened for modification	/usr/bin/wcynkicqjwiay	klqotdhrob
File opened for modification	/usr/bin/qrozxavayjfk	klqotdhrob
File opened for modification	/usr/bin/orrvppci	klqotdhrob
File opened for modification	/usr/bin/lbutyb	klqotdhrob
File opened for modification	/usr/bin/eaqcnyowa	klqotdhrob
File opened for modification	/usr/bin/mohqetun	klqotdhrob
File opened for modification	/usr/bin/coejwts	klqotdhrob
File opened for modification	/usr/bin/odearxdn	klqotdhrob
File opened for modification	/usr/bin/vzcwzbnbcjwsi	klqotdhrob
File opened for modification	/usr/bin/vxxcejwtrm	klqotdhrob
File opened for modification	/usr/bin/kkiuwo	klqotdhrob
File opened for modification	/usr/bin/aeiroyeyivxtd	klqotdhrob
File opened for modification	/usr/bin/dnulmowqpaxdsp	klqotdhrob
File opened for modification	/usr/bin/pnaacx	klqotdhrob
File opened for modification	/usr/bin/oovcjowwmyh	klqotdhrob
File opened for modification	/usr/bin/rguizpqoflay	klqotdhrob
File opened for modification	/usr/bin/reyvsssusb	klqotdhrob
File opened for modification	/usr/bin/qzkcidkugxfhmt	klqotdhrob
File opened for modification	/usr/bin/vwktkkzlcftxv	klqotdhrob
File opened for modification	/usr/bin/qmwvshi	klqotdhrob
File opened for modification	/usr/bin/sszjuor	klqotdhrob
File opened for modification	/usr/bin/ujunbrkfrzp	klqotdhrob
File opened for modification	/usr/bin/muirhgwvekwl	klqotdhrob
File opened for modification	/usr/bin/pbunuiapx	klqotdhrob
File opened for modification	/usr/bin/mljzncck	klqotdhrob
File opened for modification	/usr/bin/zwabgggik	klqotdhrob
File opened for modification	/usr/bin/pjegjktjf	klqotdhrob
File opened for modification	/usr/bin/sspxwensrpwoyu	klqotdhrob
File opened for modification	/usr/bin/gvoozfszr	klqotdhrob
File opened for modification	/usr/bin/cylkzl	klqotdhrob
File opened for modification	/usr/bin/hiphgbhefbifn	klqotdhrob
File opened for modification	/usr/bin/agebouzx	klqotdhrob
File opened for modification	/usr/bin/labxmjgl	klqotdhrob
File opened for modification	/usr/bin/hsibbqddu	klqotdhrob
File opened for modification	/usr/bin/dtrcijsou	klqotdhrob
File opened for modification	/usr/bin/bofvxjsg	klqotdhrob
File opened for modification	/usr/bin/pcqbdpucgrcd	klqotdhrob
File opened for modification	/usr/bin/cpbjrs	klqotdhrob
File opened for modification	/usr/bin/rltkitsdrjon	klqotdhrob
File opened for modification	/usr/bin/uzbojgfdi	klqotdhrob
File opened for modification	/usr/bin/tobqboma	klqotdhrob

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/meminfo	5a5fbd54bcfacae5b6b7ba089e7ff543_JaffaCakes118
File opened for reading	/proc/meminfo	klqotdhrob

Writes file to shm directory 2 IoCs

Malware can drop malicious files in the shm directory which will run directly from RAM.

description	ioc	Process
File opened for modification	/dev/shm/sem.bjxkvc	klqotdhrob
File opened for modification	/dev/shm/sem.Nn7eQc	klqotdhrob

/tmp/5a5fbd54bcfacae5b6b7ba089e7ff543_JaffaCakes118
/tmp/5a5fbd54bcfacae5b6b7ba089e7ff543_JaffaCakes118
1⤵
- Reads runtime system information
PID:1397

/usr/bin/klqotdhrob
/usr/bin/klqotdhrob
1⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Modifies init.d
- Write file to user bin folder
- Reads runtime system information
- Writes file to shm directory
PID:1400
- /usr/bin/dnboiguge
  /usr/bin/dnboiguge -d 1401
  2⤵
  PID:1682
- /usr/bin/nsvkko
  /usr/bin/nsvkko -d 1401
  2⤵
  PID:2207
- /usr/bin/wayphuieokdz
  /usr/bin/wayphuieokdz -d 1401
  2⤵
  PID:2213
- /usr/bin/hqmvqacumaeuz
  /usr/bin/hqmvqacumaeuz -d 1401
  2⤵
  PID:2243
- /usr/bin/hfgufdcvcrd
  /usr/bin/hfgufdcvcrd -d 1401
  2⤵
  PID:2274
- /usr/bin/shxwrbslx
  /usr/bin/shxwrbslx -d 1401
  2⤵
  PID:2298
- /usr/bin/masbbdbjuyntcs
  /usr/bin/masbbdbjuyntcs -d 1401
  2⤵
  PID:2304

/usr/bin/hqngmzwln
/usr/bin/hqngmzwln -d 1401
1⤵
- Executes dropped EXE
PID:1404

/usr/bin/obhyjdftjuwmp
/usr/bin/obhyjdftjuwmp -d 1401
1⤵
- Executes dropped EXE
PID:1407

/usr/bin/reyvsssusb
/usr/bin/reyvsssusb -d 1401
1⤵
- Executes dropped EXE
PID:1410

/usr/bin/rxphsnxv
/usr/bin/rxphsnxv -d 1401
1⤵
- Executes dropped EXE
PID:1413

/usr/bin/xezcxiw
/usr/bin/xezcxiw -d 1401
1⤵
- Executes dropped EXE
PID:1416

/usr/bin/xnjoshjkccgufd
/usr/bin/xnjoshjkccgufd -d 1401
1⤵
- Executes dropped EXE
PID:1419

/usr/bin/uuvhuqetufwt
/usr/bin/uuvhuqetufwt -d 1401
1⤵
- Executes dropped EXE
PID:1425

/usr/bin/upniybah
/usr/bin/upniybah -d 1401
1⤵
- Executes dropped EXE
PID:1428

/usr/bin/jotguytztquc
/usr/bin/jotguytztquc -d 1401
1⤵
- Executes dropped EXE
PID:1431

/usr/bin/mifiod
/usr/bin/mifiod -d 1401
1⤵
- Executes dropped EXE
PID:1434

/usr/bin/qacjiu
/usr/bin/qacjiu -d 1401
1⤵
- Executes dropped EXE
PID:1473

/usr/bin/swhqiaibpa
/usr/bin/swhqiaibpa -d 1401
1⤵
- Executes dropped EXE
PID:1476

/usr/bin/flvpamlwjrij
/usr/bin/flvpamlwjrij -d 1401
1⤵
- Executes dropped EXE
PID:1479

/usr/bin/ajdjtzmlwudg
/usr/bin/ajdjtzmlwudg -d 1401
1⤵
- Executes dropped EXE
PID:1482

/usr/bin/njmncraxjbku
/usr/bin/njmncraxjbku -d 1401
1⤵
- Executes dropped EXE
PID:1485

/usr/bin/toierinus
/usr/bin/toierinus -d 1401
1⤵
- Executes dropped EXE
PID:1488

/usr/bin/vetrawz
/usr/bin/vetrawz -d 1401
1⤵
- Executes dropped EXE
PID:1491

/usr/bin/mljzncck
/usr/bin/mljzncck -d 1401
1⤵
- Executes dropped EXE
PID:1494

/usr/bin/dwicpymtpv
/usr/bin/dwicpymtpv -d 1401
1⤵
- Executes dropped EXE
PID:1497

/usr/bin/lpogvj
/usr/bin/lpogvj -d 1401
1⤵
- Executes dropped EXE
PID:1500

/usr/bin/zwabgggik
/usr/bin/zwabgggik -d 1401
1⤵
- Executes dropped EXE
PID:1503

/usr/bin/efoknsgctms
/usr/bin/efoknsgctms -d 1401
1⤵
- Executes dropped EXE
PID:1506

/usr/bin/amkitik
/usr/bin/amkitik -d 1401
1⤵
- Executes dropped EXE
PID:1509

/usr/bin/mlznmftvogtulj
/usr/bin/mlznmftvogtulj -d 1401
1⤵
- Executes dropped EXE
PID:1512

/usr/bin/zbmdwz
/usr/bin/zbmdwz -d 1401
1⤵
- Executes dropped EXE
PID:1515

/usr/bin/qzkcidkugxfhmt
/usr/bin/qzkcidkugxfhmt -d 1401
1⤵
- Executes dropped EXE
PID:1518

/usr/bin/focnjybt
/usr/bin/focnjybt -d 1401
1⤵
- Executes dropped EXE
PID:1521

/usr/bin/awrfvqalrkobp
/usr/bin/awrfvqalrkobp -d 1401
1⤵
- Executes dropped EXE
PID:1524

/usr/bin/vxxcejwtrm
/usr/bin/vxxcejwtrm -d 1401
1⤵
- Executes dropped EXE
PID:1527

/usr/bin/ewwhrchntoilp
/usr/bin/ewwhrchntoilp -d 1401
1⤵
- Executes dropped EXE
PID:1530

/usr/bin/mgtmeqkgxv
/usr/bin/mgtmeqkgxv -d 1401
1⤵
- Executes dropped EXE
PID:1533

/usr/bin/orrvppci
/usr/bin/orrvppci -d 1401
1⤵
- Executes dropped EXE
PID:1536

/usr/bin/mvnagz
/usr/bin/mvnagz -d 1401
1⤵
- Executes dropped EXE
PID:1539

/usr/bin/egtqmoc
/usr/bin/egtqmoc -d 1401
1⤵
- Executes dropped EXE
PID:1542

/usr/bin/gozdkdxywptne
/usr/bin/gozdkdxywptne -d 1401
1⤵
- Executes dropped EXE
PID:1545

/usr/bin/vwktkkzlcftxv
/usr/bin/vwktkkzlcftxv -d 1401
1⤵
- Executes dropped EXE
PID:1548

/usr/bin/xyrozxyeuydluq
/usr/bin/xyrozxyeuydluq -d 1401
1⤵
- Executes dropped EXE
PID:1551

/usr/bin/sooehaoinqngp
/usr/bin/sooehaoinqngp -d 1401
1⤵
- Executes dropped EXE
PID:1554

/usr/bin/mahmuxntxt
/usr/bin/mahmuxntxt -d 1401
1⤵
- Executes dropped EXE
PID:1557

/usr/bin/wwbsptmdhqk
/usr/bin/wwbsptmdhqk -d 1401
1⤵
- Executes dropped EXE
PID:1560

/usr/bin/gvmvtjwlarzdzr
/usr/bin/gvmvtjwlarzdzr -d 1401
1⤵
- Executes dropped EXE
PID:1563

/usr/bin/jajizs
/usr/bin/jajizs -d 1401
1⤵
- Executes dropped EXE
PID:1566

/usr/bin/pjegjktjf
/usr/bin/pjegjktjf -d 1401
1⤵
- Executes dropped EXE
PID:1569

/usr/bin/fsvydtmd
/usr/bin/fsvydtmd -d 1401
1⤵
- Executes dropped EXE
PID:1572

/usr/bin/ngmhxxhgfgy
/usr/bin/ngmhxxhgfgy -d 1401
1⤵
- Executes dropped EXE
PID:1575

/usr/bin/vjyeslxeqzj
/usr/bin/vjyeslxeqzj -d 1401
1⤵
- Executes dropped EXE
PID:1578

/usr/bin/wjnrxselas
/usr/bin/wjnrxselas -d 1401
1⤵
- Executes dropped EXE
PID:1581

/usr/bin/xpzdxh
/usr/bin/xpzdxh -d 1401
1⤵
- Executes dropped EXE
PID:1584

/usr/bin/temriheilvjwf
/usr/bin/temriheilvjwf -d 1401
1⤵
- Executes dropped EXE
PID:1587

/usr/bin/fvwfnbqotk
/usr/bin/fvwfnbqotk -d 1401
1⤵
- Executes dropped EXE
PID:1590

/usr/bin/surmyx
/usr/bin/surmyx -d 1401
1⤵
- Executes dropped EXE
PID:1593

/usr/bin/gwtlxpwfyksulo
/usr/bin/gwtlxpwfyksulo -d 1401
1⤵
- Executes dropped EXE
PID:1596

/usr/bin/rmqqbozriun
/usr/bin/rmqqbozriun -d 1401
1⤵
- Executes dropped EXE
PID:1599

/usr/bin/oyhuuchru
/usr/bin/oyhuuchru -d 1401
1⤵
- Executes dropped EXE
PID:1602

/usr/bin/wsqqmbf
/usr/bin/wsqqmbf -d 1401
1⤵
- Executes dropped EXE
PID:1605

/usr/bin/utakxqm
/usr/bin/utakxqm -d 1401
1⤵
- Executes dropped EXE
PID:1608

/usr/bin/agebouzx
/usr/bin/agebouzx -d 1401
1⤵
- Executes dropped EXE
PID:1611

/usr/bin/vazowfmovcczjl
/usr/bin/vazowfmovcczjl -d 1401
1⤵
- Executes dropped EXE
PID:1614

/usr/bin/ngcdusfaygqs
/usr/bin/ngcdusfaygqs -d 1401
1⤵
- Executes dropped EXE
PID:1617

/usr/bin/okeqksmpecnj
/usr/bin/okeqksmpecnj -d 1401
1⤵
- Executes dropped EXE
PID:1620

/usr/bin/mgfaafcnnu
/usr/bin/mgfaafcnnu -d 1401
1⤵
- Executes dropped EXE
PID:1623

/usr/bin/cewhyxuwlrapg
/usr/bin/cewhyxuwlrapg -d 1401
1⤵
- Executes dropped EXE
PID:1626

/usr/bin/bsyegls
/usr/bin/bsyegls -d 1401
1⤵
- Executes dropped EXE
PID:1629

/usr/bin/sspxwensrpwoyu
/usr/bin/sspxwensrpwoyu -d 1401
1⤵
PID:1632

/usr/bin/sszjuor
/usr/bin/sszjuor -d 1401
1⤵
PID:1635

/usr/bin/rkqxsd
/usr/bin/rkqxsd -d 1401
1⤵
PID:1638

/usr/bin/hvkyuh
/usr/bin/hvkyuh -d 1401
1⤵
PID:1641

/usr/bin/hzuywkwsxrnych
/usr/bin/hzuywkwsxrnych -d 1401
1⤵
PID:1644

/usr/bin/uzggpeysw
/usr/bin/uzggpeysw -d 1401
1⤵
PID:1647

/usr/bin/pgfkpitpesnqqf
/usr/bin/pgfkpitpesnqqf -d 1401
1⤵
PID:1650

/usr/bin/tbcleykrms
/usr/bin/tbcleykrms -d 1401
1⤵
PID:1670

/usr/bin/fcgltdewwnk
/usr/bin/fcgltdewwnk -d 1401
1⤵
PID:1673

/usr/bin/zfrylhnek
/usr/bin/zfrylhnek -d 1401
1⤵
PID:1676

/usr/bin/rrsckewk
/usr/bin/rrsckewk -d 1401
1⤵
PID:1679

/usr/bin/wiwnjhwwo
/usr/bin/wiwnjhwwo -d 1401
1⤵
PID:1685

/usr/bin/qfajjkphvkl
/usr/bin/qfajjkphvkl -d 1401
1⤵
PID:1688

/usr/bin/lbutyb
/usr/bin/lbutyb -d 1401
1⤵
PID:1691

/usr/bin/susokbx
/usr/bin/susokbx -d 1401
1⤵
PID:1694

/usr/bin/znrstrbeeqmbbz
/usr/bin/znrstrbeeqmbbz -d 1401
1⤵
PID:1697

/usr/bin/wcynkicqjwiay
/usr/bin/wcynkicqjwiay -d 1401
1⤵
PID:1700

/usr/bin/yyxvymqmkn
/usr/bin/yyxvymqmkn -d 1401
1⤵
PID:1703

/usr/bin/ujunbrkfrzp
/usr/bin/ujunbrkfrzp -d 1401
1⤵
PID:1706

/usr/bin/ijzsjxkjy
/usr/bin/ijzsjxkjy -d 1401
1⤵
PID:1709

/usr/bin/gyvylfljcvgp
/usr/bin/gyvylfljcvgp -d 1401
1⤵
PID:1712

/usr/bin/zzfrbx
/usr/bin/zzfrbx -d 1401
1⤵
PID:1715

/usr/bin/cfceznbjyb
/usr/bin/cfceznbjyb -d 1401
1⤵
PID:1718

/usr/bin/eaqcnyowa
/usr/bin/eaqcnyowa -d 1401
1⤵
PID:1721

/usr/bin/eplerqxs
/usr/bin/eplerqxs -d 1401
1⤵
PID:1724

/usr/bin/qwusavhehhfc
/usr/bin/qwusavhehhfc -d 1401
1⤵
PID:1727

/usr/bin/mydqljjddbk
/usr/bin/mydqljjddbk -d 1401
1⤵
PID:1730

/usr/bin/sduckx
/usr/bin/sduckx -d 1401
1⤵
PID:1733

/usr/bin/iwywmpgvhno
/usr/bin/iwywmpgvhno -d 1401
1⤵
PID:1736

/usr/bin/cnjsaubdxd
/usr/bin/cnjsaubdxd -d 1401
1⤵
PID:1739

/usr/bin/wxtqbfneolc
/usr/bin/wxtqbfneolc -d 1401
1⤵
PID:1742

/usr/bin/yruvbhl
/usr/bin/yruvbhl -d 1401
1⤵
PID:1745

/usr/bin/japcbjfgjkwhjr
/usr/bin/japcbjfgjkwhjr -d 1401
1⤵
PID:1748

/usr/bin/kxmonaszam
/usr/bin/kxmonaszam -d 1401
1⤵
PID:1751

/usr/bin/xncivmj
/usr/bin/xncivmj -d 1401
1⤵
PID:1754

/usr/bin/qmwvshi
/usr/bin/qmwvshi -d 1401
1⤵
PID:1757

/usr/bin/ucgwkkqgqdcucs
/usr/bin/ucgwkkqgqdcucs -d 1401
1⤵
PID:1760

/usr/bin/ollyqhunqnitqk
/usr/bin/ollyqhunqnitqk -d 1401
1⤵
PID:1763

/usr/bin/jerrcdet
/usr/bin/jerrcdet -d 1401
1⤵
PID:1766

/usr/bin/uworzg
/usr/bin/uworzg -d 1401
1⤵
PID:1769

/usr/bin/psdpknkyf
/usr/bin/psdpknkyf -d 1401
1⤵
PID:1772

/usr/bin/iypsnazeu
/usr/bin/iypsnazeu -d 1401
1⤵
PID:1775

/usr/bin/kauwwtkpsqij
/usr/bin/kauwwtkpsqij -d 1401
1⤵
PID:1778

/usr/bin/lzvyjv
/usr/bin/lzvyjv -d 1401
1⤵
PID:1781

/usr/bin/ifdaxs
/usr/bin/ifdaxs -d 1401
1⤵
PID:1784

/usr/bin/wzwajww
/usr/bin/wzwajww -d 1401
1⤵
PID:1787

/usr/bin/tplsiorj
/usr/bin/tplsiorj -d 1401
1⤵
PID:1790

/usr/bin/rslnzgdqqmz
/usr/bin/rslnzgdqqmz -d 1401
1⤵
PID:1793

/usr/bin/ftnxmtaa
/usr/bin/ftnxmtaa -d 1401
1⤵
PID:1796

/usr/bin/ttzmdpdm
/usr/bin/ttzmdpdm -d 1401
1⤵
PID:1799

/usr/bin/wgpjhvoxn
/usr/bin/wgpjhvoxn -d 1401
1⤵
PID:1802

/usr/bin/ywisliefihkwaf
/usr/bin/ywisliefihkwaf -d 1401
1⤵
PID:1805

/usr/bin/okptwtp
/usr/bin/okptwtp -d 1401
1⤵
PID:1808

/usr/bin/kblhpk
/usr/bin/kblhpk -d 1401
1⤵
PID:1811

/usr/bin/jtddfljmtq
/usr/bin/jtddfljmtq -d 1401
1⤵
PID:1814

/usr/bin/steqhohdn
/usr/bin/steqhohdn -d 1401
1⤵
PID:1817

/usr/bin/qvvszhdpeylg
/usr/bin/qvvszhdpeylg -d 1401
1⤵
PID:1820

/usr/bin/kqlxyqkhxc
/usr/bin/kqlxyqkhxc -d 1401
1⤵
PID:1823

/usr/bin/awtclrld
/usr/bin/awtclrld -d 1401
1⤵
PID:1826

/usr/bin/gvoozfszr
/usr/bin/gvoozfszr -d 1401
1⤵
PID:1829

/usr/bin/udqfdoynxxpoyo
/usr/bin/udqfdoynxxpoyo -d 1401
1⤵
PID:1832

/usr/bin/czdnestzihyn
/usr/bin/czdnestzihyn -d 1401
1⤵
PID:1835

/usr/bin/zgcuksbpjzcgx
/usr/bin/zgcuksbpjzcgx -d 1401
1⤵
PID:1838

/usr/bin/wvhgxilmmdfm
/usr/bin/wvhgxilmmdfm -d 1401
1⤵
PID:1841

/usr/bin/nmyoohqirl
/usr/bin/nmyoohqirl -d 1401
1⤵
PID:1844

/usr/bin/gulkaid
/usr/bin/gulkaid -d 1401
1⤵
PID:1847

/usr/bin/fevsqkv
/usr/bin/fevsqkv -d 1401
1⤵
PID:1856

/usr/bin/yikkgbant
/usr/bin/yikkgbant -d 1401
1⤵
PID:1859

/usr/bin/geuoyf
/usr/bin/geuoyf -d 1401
1⤵
PID:1862

/usr/bin/bpeaurhyozqaun
/usr/bin/bpeaurhyozqaun -d 1401
1⤵
PID:1865

/usr/bin/cylkzl
/usr/bin/cylkzl -d 1401
1⤵
PID:1868

/usr/bin/uizqxxvxakdagw
/usr/bin/uizqxxvxakdagw -d 1401
1⤵
PID:1871

/usr/bin/eliwlej
/usr/bin/eliwlej -d 1401
1⤵
PID:1874

/usr/bin/ihxtiivdedc
/usr/bin/ihxtiivdedc -d 1401
1⤵
PID:1877

/usr/bin/cbracddcjcmpn
/usr/bin/cbracddcjcmpn -d 1401
1⤵
PID:1880

/usr/bin/labxmjgl
/usr/bin/labxmjgl -d 1401
1⤵
PID:1883

/usr/bin/cadyvmyhmgzd
/usr/bin/cadyvmyhmgzd -d 1401
1⤵
PID:1886

/usr/bin/mahihzfkuqxya
/usr/bin/mahihzfkuqxya -d 1401
1⤵
PID:1889

/usr/bin/ojntlnw
/usr/bin/ojntlnw -d 1401
1⤵
PID:1892

/usr/bin/kkiuwo
/usr/bin/kkiuwo -d 1401
1⤵
PID:1895

/usr/bin/bbibiql
/usr/bin/bbibiql -d 1401
1⤵
PID:1898

/usr/bin/xvfnudpit
/usr/bin/xvfnudpit -d 1401
1⤵
PID:1901

/usr/bin/xnjlluxy
/usr/bin/xnjlluxy -d 1401
1⤵
PID:1904

/usr/bin/rwtnyu
/usr/bin/rwtnyu -d 1401
1⤵
PID:1907

/usr/bin/bepmnmjs
/usr/bin/bepmnmjs -d 1401
1⤵
PID:1910

/usr/bin/dxsotqlibytvw
/usr/bin/dxsotqlibytvw -d 1401
1⤵
PID:1913

/usr/bin/nqtaonzpt
/usr/bin/nqtaonzpt -d 1401
1⤵
PID:1916

/usr/bin/cgclaf
/usr/bin/cgclaf -d 1401
1⤵
PID:1919

/usr/bin/zxdsnqcqpw
/usr/bin/zxdsnqcqpw -d 1401
1⤵
PID:1922

/usr/bin/lpoyhj
/usr/bin/lpoyhj -d 1401
1⤵
PID:1925

/usr/bin/vyalrppztcz
/usr/bin/vyalrppztcz -d 1401
1⤵
PID:1928

/usr/bin/rawwvm
/usr/bin/rawwvm -d 1401
1⤵
PID:1931

/usr/bin/xeevspninurqq
/usr/bin/xeevspninurqq -d 1401
1⤵
PID:1934

/usr/bin/rdiishduicojbm
/usr/bin/rdiishduicojbm -d 1401
1⤵
PID:1937

/usr/bin/nbbthzm
/usr/bin/nbbthzm -d 1401
1⤵
PID:1940

/usr/bin/mumgocy
/usr/bin/mumgocy -d 1401
1⤵
PID:1943

/usr/bin/bofvxjsg
/usr/bin/bofvxjsg -d 1401
1⤵
PID:1946

/usr/bin/grmuvbyyvfx
/usr/bin/grmuvbyyvfx -d 1401
1⤵
PID:1949

/usr/bin/elfqsvsqbqsrv
/usr/bin/elfqsvsqbqsrv -d 1401
1⤵
PID:1952

/usr/bin/oehwspngmkkkjh
/usr/bin/oehwspngmkkkjh -d 1401
1⤵
PID:1955

/usr/bin/iqvuvl
/usr/bin/iqvuvl -d 1401
1⤵
PID:1958

/usr/bin/rgeuwyntqby
/usr/bin/rgeuwyntqby -d 1401
1⤵
PID:1961

/usr/bin/asnnyzyilj
/usr/bin/asnnyzyilj -d 1401
1⤵
PID:1964

/usr/bin/ethapfndwvk
/usr/bin/ethapfndwvk -d 1401
1⤵
PID:1967

/usr/bin/tkfnailyifnyd
/usr/bin/tkfnailyifnyd -d 1401
1⤵
PID:1970

/usr/bin/wozhfdcn
/usr/bin/wozhfdcn -d 1401
1⤵
PID:1973

/usr/bin/svxqqhkmupzu
/usr/bin/svxqqhkmupzu -d 1401
1⤵
PID:1976

/usr/bin/muirhgwvekwl
/usr/bin/muirhgwvekwl -d 1401
1⤵
PID:1979

/usr/bin/cnhhhb
/usr/bin/cnhhhb -d 1401
1⤵
PID:1982

/usr/bin/ftxodj
/usr/bin/ftxodj -d 1401
1⤵
PID:1985

/usr/bin/sifruzzlj
/usr/bin/sifruzzlj -d 1401
1⤵
PID:1988

/usr/bin/jejudw
/usr/bin/jejudw -d 1401
1⤵
PID:1991

/usr/bin/fmvmvwtapq
/usr/bin/fmvmvwtapq -d 1401
1⤵
PID:1994

/usr/bin/uzbojgfdi
/usr/bin/uzbojgfdi -d 1401
1⤵
PID:1997

/usr/bin/qrozxavayjfk
/usr/bin/qrozxavayjfk -d 1401
1⤵
PID:2000

/usr/bin/ugepitfbpg
/usr/bin/ugepitfbpg -d 1401
1⤵
PID:2003

/usr/bin/dplluvsm
/usr/bin/dplluvsm -d 1401
1⤵
PID:2006

/usr/bin/inoijoju
/usr/bin/inoijoju -d 1401
1⤵
PID:2009

/usr/bin/tdsbhhm
/usr/bin/tdsbhhm -d 1401
1⤵
PID:2012

/usr/bin/onsuswjehfbbrq
/usr/bin/onsuswjehfbbrq -d 1401
1⤵
PID:2015

/usr/bin/eeupudksyn
/usr/bin/eeupudksyn -d 1401
1⤵
PID:2018

/usr/bin/cutoxhbsdwooax
/usr/bin/cutoxhbsdwooax -d 1401
1⤵
PID:2021

/usr/bin/bykthpxdesg
/usr/bin/bykthpxdesg -d 1401
1⤵
PID:2024

/usr/bin/kffxjcs
/usr/bin/kffxjcs -d 1401
1⤵
PID:2027

/usr/bin/bcatfw
/usr/bin/bcatfw -d 1401
1⤵
PID:2030

/usr/bin/uyenceyvon
/usr/bin/uyenceyvon -d 1401
1⤵
PID:2033

/usr/bin/uyubzfsmq
/usr/bin/uyubzfsmq -d 1401
1⤵
PID:2036

/usr/bin/eqgshn
/usr/bin/eqgshn -d 1401
1⤵
PID:2039

/usr/bin/tobqboma
/usr/bin/tobqboma -d 1401
1⤵
PID:2042

/usr/bin/wbmpvljymqqz
/usr/bin/wbmpvljymqqz -d 1401
1⤵
PID:2045

/usr/bin/ufxdyeqazf
/usr/bin/ufxdyeqazf -d 1401
1⤵
PID:2048

/usr/bin/qireiyfgzrvxc
/usr/bin/qireiyfgzrvxc -d 1401
1⤵
PID:2051

/usr/bin/pvqqcmvbpv
/usr/bin/pvqqcmvbpv -d 1401
1⤵
PID:2054

/usr/bin/ivhpzzxqehojnq
/usr/bin/ivhpzzxqehojnq -d 1401
1⤵
PID:2057

/usr/bin/ipfooujemnr
/usr/bin/ipfooujemnr -d 1401
1⤵
PID:2060

/usr/bin/idbqykhxkg
/usr/bin/idbqykhxkg -d 1401
1⤵
PID:2063

/usr/bin/clapiqnkhpyj
/usr/bin/clapiqnkhpyj -d 1401
1⤵
PID:2066

/usr/bin/pnaacx
/usr/bin/pnaacx -d 1401
1⤵
PID:2069

/usr/bin/uywweerfxr
/usr/bin/uywweerfxr -d 1401
1⤵
PID:2072

/usr/bin/aeiroyeyivxtd
/usr/bin/aeiroyeyivxtd -d 1401
1⤵
PID:2075

/usr/bin/ifolewffu
/usr/bin/ifolewffu -d 1401
1⤵
PID:2078

/usr/bin/jzxryqxyvfsj
/usr/bin/jzxryqxyvfsj -d 1401
1⤵
PID:2081

/usr/bin/wkoujjzxsglfki
/usr/bin/wkoujjzxsglfki -d 1401
1⤵
PID:2084

/usr/bin/pcqbdpucgrcd
/usr/bin/pcqbdpucgrcd -d 1401
1⤵
PID:2087

/usr/bin/umetyunhemg
/usr/bin/umetyunhemg -d 1401
1⤵
PID:2090

/usr/bin/ssdecpwgizmxt
/usr/bin/ssdecpwgizmxt -d 1401
1⤵
PID:2093

/usr/bin/lpfdulhkhougar
/usr/bin/lpfdulhkhougar -d 1401
1⤵
PID:2096

/usr/bin/sxnkdybapl
/usr/bin/sxnkdybapl -d 1401
1⤵
PID:2099

/usr/bin/kbwxml
/usr/bin/kbwxml -d 1401
1⤵
PID:2102

/usr/bin/siqzuxpogrf
/usr/bin/siqzuxpogrf -d 1401
1⤵
PID:2105

/usr/bin/jcxwivximleqxh
/usr/bin/jcxwivximleqxh -d 1401
1⤵
PID:2108

/usr/bin/vuazoirpcrfqxy
/usr/bin/vuazoirpcrfqxy -d 1401
1⤵
PID:2111

/usr/bin/giadei
/usr/bin/giadei -d 1401
1⤵
PID:2114

/usr/bin/sooxfogrjcrkqb
/usr/bin/sooxfogrjcrkqb -d 1401
1⤵
PID:2117

/usr/bin/gdvnvsl
/usr/bin/gdvnvsl -d 1401
1⤵
PID:2120

/usr/bin/atvgzdidvxtuej
/usr/bin/atvgzdidvxtuej -d 1401
1⤵
PID:2123

/usr/bin/tcssxcccg
/usr/bin/tcssxcccg -d 1401
1⤵
PID:2126

/usr/bin/oplvir
/usr/bin/oplvir -d 1401
1⤵
PID:2129

/usr/bin/dlvwwvpzjs
/usr/bin/dlvwwvpzjs -d 1401
1⤵
PID:2132

/usr/bin/yunaphztjcz
/usr/bin/yunaphztjcz -d 1401
1⤵
PID:2135

/usr/bin/ensskal
/usr/bin/ensskal -d 1401
1⤵
PID:2138

/usr/bin/fxhbtersnjol
/usr/bin/fxhbtersnjol -d 1401
1⤵
PID:2141

/usr/bin/dnulmowqpaxdsp
/usr/bin/dnulmowqpaxdsp -d 1401
1⤵
PID:2144

/usr/bin/abazkcso
/usr/bin/abazkcso -d 1401
1⤵
PID:2147

/usr/bin/mdgcongdi
/usr/bin/mdgcongdi -d 1401
1⤵
PID:2150

/usr/bin/rypkpphsiyk
/usr/bin/rypkpphsiyk -d 1401
1⤵
PID:2153

/usr/bin/eucakvfwe
/usr/bin/eucakvfwe -d 1401
1⤵
PID:2156

/usr/bin/yqzythhxyljo
/usr/bin/yqzythhxyljo -d 1401
1⤵
PID:2159

/usr/bin/hiphgbhefbifn
/usr/bin/hiphgbhefbifn -d 1401
1⤵
PID:2162

/usr/bin/mljrlbqkwytty
/usr/bin/mljrlbqkwytty -d 1401
1⤵
PID:2165

/usr/bin/coejwts
/usr/bin/coejwts -d 1401
1⤵
PID:2168

/usr/bin/bizcsgrvvcg
/usr/bin/bizcsgrvvcg -d 1401
1⤵
PID:2171

/usr/bin/ojfafftydacueo
/usr/bin/ojfafftydacueo -d 1401
1⤵
PID:2174

/usr/bin/xgvrifsmy
/usr/bin/xgvrifsmy -d 1401
1⤵
PID:2177

/usr/bin/gvviciwnp
/usr/bin/gvviciwnp -d 1401
1⤵
PID:2180

/usr/bin/uqtzqwtukk
/usr/bin/uqtzqwtukk -d 1401
1⤵
PID:2183

/usr/bin/mohqetun
/usr/bin/mohqetun -d 1401
1⤵
PID:2186

/usr/bin/kogvcfgyuxlji
/usr/bin/kogvcfgyuxlji -d 1401
1⤵
PID:2189

/usr/bin/zstmyhgwtvfmbb
/usr/bin/zstmyhgwtvfmbb -d 1401
1⤵
PID:2192

/usr/bin/qqqfyljft
/usr/bin/qqqfyljft -d 1401
1⤵
PID:2195

/usr/bin/zqxiaqjsjxq
/usr/bin/zqxiaqjsjxq -d 1401
1⤵
PID:2198

/usr/bin/epozuacvhtnz
/usr/bin/epozuacvhtnz -d 1401
1⤵
PID:2201

/usr/bin/nljseurxtbx
/usr/bin/nljseurxtbx -d 1401
1⤵
PID:2204

/usr/bin/zepwfstonjn
/usr/bin/zepwfstonjn -d 1401
1⤵
PID:2210

/usr/bin/vuhgkyfppdw
/usr/bin/vuhgkyfppdw -d 1401
1⤵
PID:2216

/usr/bin/xkugzjcah
/usr/bin/xkugzjcah -d 1401
1⤵
PID:2219

/usr/bin/hccnqo
/usr/bin/hccnqo -d 1401
1⤵
PID:2222

/usr/bin/rlmmuuyu
/usr/bin/rlmmuuyu -d 1401
1⤵
PID:2225

/usr/bin/pkdltcxqi
/usr/bin/pkdltcxqi -d 1401
1⤵
PID:2228

/usr/bin/zmzjgglivdyl
/usr/bin/zmzjgglivdyl -d 1401
1⤵
PID:2231

/usr/bin/lziftjcv
/usr/bin/lziftjcv -d 1401
1⤵
PID:2234

/usr/bin/mamhclxkixyji
/usr/bin/mamhclxkixyji -d 1401
1⤵
PID:2237

/usr/bin/rtomymauxzffv
/usr/bin/rtomymauxzffv -d 1401
1⤵
PID:2240

/usr/bin/xexkcmk
/usr/bin/xexkcmk -d 1401
1⤵
PID:2247

/usr/bin/jldqgtzwguogz
/usr/bin/jldqgtzwguogz -d 1401
1⤵
PID:2250

/usr/bin/sbopatvjcupbe
/usr/bin/sbopatvjcupbe -d 1401
1⤵
PID:2253

/usr/bin/pqrzcvr
/usr/bin/pqrzcvr -d 1401
1⤵
PID:2256

/usr/bin/orjwnzfm
/usr/bin/orjwnzfm -d 1401
1⤵
PID:2259

/usr/bin/znyqprna
/usr/bin/znyqprna -d 1401
1⤵
PID:2262

/usr/bin/ipzmiofa
/usr/bin/ipzmiofa -d 1401
1⤵
PID:2265

/usr/bin/jxhtla
/usr/bin/jxhtla -d 1401
1⤵
PID:2268

/usr/bin/knepaoqn
/usr/bin/knepaoqn -d 1401
1⤵
PID:2271

/usr/bin/obrlhvnezgj
/usr/bin/obrlhvnezgj -d 1401
1⤵
PID:2277

/usr/bin/cpbjrs
/usr/bin/cpbjrs -d 1401
1⤵
PID:2280

/usr/bin/hkrhpcywbiuoyw
/usr/bin/hkrhpcywbiuoyw -d 1401
1⤵
PID:2283

/usr/bin/jfdzjefu
/usr/bin/jfdzjefu -d 1401
1⤵
PID:2286

/usr/bin/ijarbsdkcustw
/usr/bin/ijarbsdkcustw -d 1401
1⤵
PID:2289

/usr/bin/rzamobk
/usr/bin/rzamobk -d 1401
1⤵
PID:2292

/usr/bin/kpbjafpueze
/usr/bin/kpbjafpueze -d 1401
1⤵
PID:2295

/usr/bin/eoqgce
/usr/bin/eoqgce -d 1401
1⤵
PID:2301

/usr/bin/hsibbqddu
/usr/bin/hsibbqddu -d 1401
1⤵
PID:2307

/usr/bin/bcfkth
/usr/bin/bcfkth -d 1401
1⤵
PID:2310

/usr/bin/odearxdn
/usr/bin/odearxdn -d 1401
1⤵
PID:2313

/usr/bin/jutzbarld
/usr/bin/jutzbarld -d 1401
1⤵
PID:2316

/usr/bin/biyxezzjmuq
/usr/bin/biyxezzjmuq -d 1401
1⤵
PID:2319

/usr/bin/lwalnxqbyaxrza
/usr/bin/lwalnxqbyaxrza -d 1401
1⤵
PID:2322

/usr/bin/toxophmp
/usr/bin/toxophmp -d 1401
1⤵
PID:2325

/usr/bin/oovcjowwmyh
/usr/bin/oovcjowwmyh -d 1401
1⤵
PID:2328

/usr/bin/vzcwzbnbcjwsi
/usr/bin/vzcwzbnbcjwsi -d 1401
1⤵
PID:2331

/usr/bin/hpyybmnzoypmwb
/usr/bin/hpyybmnzoypmwb -d 1401
1⤵
PID:2334

/usr/bin/nksphzmgo
/usr/bin/nksphzmgo -d 1401
1⤵
PID:2337

/usr/bin/jqwrtjlu
/usr/bin/jqwrtjlu -d 1401
1⤵
PID:2340

/usr/bin/qyccqobm
/usr/bin/qyccqobm -d 1401
1⤵
PID:2343

/usr/bin/pnrfzlw
/usr/bin/pnrfzlw -d 1401
1⤵
PID:2346

/usr/bin/kinazw
/usr/bin/kinazw -d 1401
1⤵
PID:2349

/usr/bin/xpkgaeltepvud
/usr/bin/xpkgaeltepvud -d 1401
1⤵
PID:2352

/usr/bin/gtowmvvxrchb
/usr/bin/gtowmvvxrchb -d 1401
1⤵
PID:2355

/usr/bin/hbpyagk
/usr/bin/hbpyagk -d 1401
1⤵
PID:2358

/usr/bin/hqucvkzppx
/usr/bin/hqucvkzppx -d 1401
1⤵
PID:2361

/usr/bin/knuyirvz
/usr/bin/knuyirvz -d 1401
1⤵
PID:2364

/usr/bin/hwtzntxagty
/usr/bin/hwtzntxagty -d 1401
1⤵
PID:2367

/usr/bin/uqgytukzxwg
/usr/bin/uqgytukzxwg -d 1401
1⤵
PID:2370

/usr/bin/svzfhvm
/usr/bin/svzfhvm -d 1401
1⤵
PID:2373

/usr/bin/rltkitsdrjon
/usr/bin/rltkitsdrjon -d 1401
1⤵
PID:2376

/usr/bin/umvowvntb
/usr/bin/umvowvntb -d 1401
1⤵
PID:2379

/usr/bin/lyvsgsfjj
/usr/bin/lyvsgsfjj -d 1401
1⤵
PID:2382

/usr/bin/etbxme
/usr/bin/etbxme -d 1401
1⤵
PID:2385

/usr/bin/vuexpqtf
/usr/bin/vuexpqtf -d 1401
1⤵
PID:2388

/usr/bin/qvkrrxpm
/usr/bin/qvkrrxpm -d 1401
1⤵
PID:2391

/usr/bin/vgvhqnllqlzxc
/usr/bin/vgvhqnllqlzxc -d 1401
1⤵
PID:2394

/usr/bin/rguizpqoflay
/usr/bin/rguizpqoflay -d 1401
1⤵
PID:2397

/usr/bin/xoqnlw
/usr/bin/xoqnlw -d 1401
1⤵
PID:2400

/usr/bin/uoaiastzpvw
/usr/bin/uoaiastzpvw -d 1401
1⤵
PID:2403

/usr/bin/dtrcijsou
/usr/bin/dtrcijsou -d 1401
1⤵
PID:2406

/usr/bin/myqcqfqpsm
/usr/bin/myqcqfqpsm -d 1401
1⤵
PID:2409

/usr/bin/uufmphcmflqye
/usr/bin/uufmphcmflqye -d 1401
1⤵
PID:2412

/usr/bin/honxkhljxo
/usr/bin/honxkhljxo -d 1401
1⤵
PID:2415

/usr/bin/fgozsut
/usr/bin/fgozsut -d 1401
1⤵
PID:2418

/usr/bin/zfegjtow
/usr/bin/zfegjtow -d 1401
1⤵
PID:2421

/usr/bin/mbfvrusbcgmbum
/usr/bin/mbfvrusbcgmbum -d 1401
1⤵
PID:2424

/usr/bin/wqpqdg
/usr/bin/wqpqdg -d 1401
1⤵
PID:2427

/usr/bin/uzcvujuri
/usr/bin/uzcvujuri -d 1401
1⤵
PID:2430

/usr/bin/brqtvvh
/usr/bin/brqtvvh -d 1401
1⤵
PID:2433

/usr/bin/kaopglh
/usr/bin/kaopglh -d 1401
1⤵
PID:2436

/usr/bin/bkesfducxdy
/usr/bin/bkesfducxdy -d 1401
1⤵
PID:2439

/usr/bin/onupelibipxt
/usr/bin/onupelibipxt -d 1401
1⤵
PID:2442

/usr/bin/mkxzrvcdzuk
/usr/bin/mkxzrvcdzuk -d 1401
1⤵
PID:2445

/usr/bin/pbunuiapx
/usr/bin/pbunuiapx -d 1401
1⤵
PID:2448

/usr/bin/cfhkwhfntrnuk
/usr/bin/cfhkwhfntrnuk -d 1401
1⤵
PID:2451

/usr/bin/wojralirocf
/usr/bin/wojralirocf -d 1401
1⤵
PID:2454

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/dev/shm/sem.Nn7eQc

Filesize
16B

MD5
076933ff9904d1110d896e2c525e39e5

SHA1
4188442577fa77f25820d9b2d01cc446e30684ac

SHA256
4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0

SHA512
6fcee9a7b7a7b821d241c03c82377928bc6882e7a08c78a4221199bfa220cdc55212273018ee613317c8293bb8d1ce08d1e017508e94e06ab85a734c99c7cc34

Download Submit
/etc/cron.hourly/borhdtoqlk.sh

Filesize
159B

MD5
9f9b4e6f0806589abe112cfe9e781112

SHA1
642d453ce102ccd7eb5c361077d87268015ddd85

SHA256
8f8a084626e303ae0dcea9e9a0673e219915fd04e1cd4f4d24b4d9dd517da7a8

SHA512
d372812ef32b74a7c805c158ff0a923466ab603d219470ffc07dd2c011729c9d685c929ba7de9e85edb332e3c2f265748b62fbc558fc438e3346b5b2f72b81f9

Download Submit
/etc/daemon.cfg

Filesize
32B

MD5
303ccaf57a974622a2fb8914f171e5ac

SHA1
e05816187d231cad611699cef00486d4b42635bf

SHA256
c45b9aa26108a0468990bd187dd5d865df675a3e7b77f68b47dfe39ea38edbb7

SHA512
7b775d1e3f27039d79f65e63ee8b23bfd895d954ac0df5848f5a762b5bc9dd276e381f616c54eae37db3fbd3e006eab77fe05eaea14f2f74afea4ed8d975f4a8

Download Submit
/etc/init.d/borhdtoqlk

Filesize
346B

MD5
3f81f4788c72ffe064a0b6134c2cb27a

SHA1
92437bb7946e9bf731dae1d7e85aca07d040ce12

SHA256
e6d0eeab5d57972b588b1f9e5880230b55cb4bcb8e7660ee1a5a9479cdb0d7cf

SHA512
ddd952a9822c31874e6b8fd5a42c09823512a02bfb2c7dc984d2130a06147b190b93ee09b2ee25186c9134148e205df74aaba60e7dc41b5bebcf9792c1253a27

Download Submit
/usr/bin/klqotdhrob

Filesize
537KB

MD5
c53f64e4db85e8afa65326c75573810f

SHA1
fee900e336610939c2c7551345b5d3f8f1466403

SHA256
d3935983315ac1c9b258645783d7c0b99583cf0e047a8ee6c8d2e10b2c6c511c

SHA512
4028ffad3eb559f23806e7bfc391ecd994211f494878c24ab9b7787826b4ffffadbb8c59d583e80d7debb0d5d1038fecce11035a27a5636356047066a20d95e4

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads