Loading ...

Play interactive tourEdit tour

Analysis Report init0

Overview

General Information

Joe Sandbox Version:27.0.0 Red Agate
Analysis ID:180632
Start date:03.10.2019
Start time:22:52:39
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 10m 38s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:init0
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Detection:MAL
Classification:mal52.evad.mine.lin@0/3@0/0
Warnings:
Show All
  • Excluded IPs from analysis (whitelisted): 91.189.92.38, 91.189.92.20, 91.189.92.19, 91.189.92.41
  • Excluded domains from analysis (whitelisted): api.snapcraft.io
  • Report size exceeded maximum capacity and may have missing behavior information.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold520 - 100falsemalicious

Classification

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and Control
Valid AccountsCommand-Line Interface11Hidden Files and Directories1Port MonitorsHidden Files and Directories1Credential DumpingProcess Discovery1Application Deployment SoftwareData from Local SystemData CompressedData Obfuscation
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesFile Deletion1Network SniffingSecurity Software Discovery1Remote ServicesData from Removable MediaExfiltration Over Other Network MediumFallback Channels
Drive-by CompromiseWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureSystem Information Discovery3Windows Remote ManagementData from Network Shared DriveAutomated ExfiltrationCustom Cryptographic Protocol

Signature Overview

Click to jump to signature section


Bitcoin Miner:

barindex
Found strings related to Crypto-MiningShow sources
Source: init0String found in binary or memory: rm -rf /tmp/root.sh /tmp/pools.txt /tmp/libapache /tmp/config.json /tmp/bashf /tmp/bashg /tmp/libapache
Source: init0String found in binary or memory: ps auxf|grep -v grep|grep "monerohash.com"|awk '{print $2}'|xargs kill -9
Source: init0String found in binary or memory: pkill -f cryptonight
Source: init0String found in binary or memory: ps auxf|grep -v grep|grep "mine.moneropool.com"|awk '{print $2}'|xargs kill -9
Source: init0String found in binary or memory: killall xmrig
Stdout / stderr contain strings indicative of a mining clientShow sources
Source: sh "/tmp/init0"Stderr: xmrig
Reads CPU information from /sys indicative of miner or evasive malwareShow sources
Source: /bin/kill (PID: 21012)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 21062)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 23497)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 23513)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 23567)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 23641)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 23715)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 23789)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 23863)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 23937)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24011)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24085)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24159)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24233)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24307)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24381)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24455)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24529)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24579)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24585)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24599)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24613)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24630)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24635)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24640)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24645)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24658)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24663)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24668)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24677)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24681)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24682)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24683)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24685)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24686)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24687)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24688)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24689)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24690)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24691)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24699)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24701)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24702)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24703)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24704)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24705)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24706)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24707)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24708)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24709)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24710)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24711)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24712)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24713)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24714)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24715)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24716)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24717)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24718)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24719)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24720)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24721)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24722)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24723)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24724)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24725)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24726)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24727)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24728)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24729)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24730)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24731)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24732)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24733)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24734)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24735)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24736)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24737)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24738)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24739)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24746)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24749)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24750)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24753)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24759)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24760)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24761)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24762)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24763)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24764)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24765)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24766)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24767)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24768)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24769)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24774)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24775)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24834)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24840)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24846)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24852)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24858)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24864)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24870)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24876)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24882)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24888)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24898)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24904)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24910)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24916)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24922)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24928)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24934)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24940)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24946)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24952)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24958)Reads CPU info from /sys: /sys/devices/system/cpu/online

Networking:

barindex
Urls found in memory or binary dataShow sources
Source: init0String found in binary or memory: https://pastebin.com/jRerGP1u
Source: init0String found in binary or memory: https://pastebin.com/pxc1sXYZ

System Summary:

barindex
Sample contains strings that are potentially command stringsShow sources
Source: Initial samplePotential command found: killall -9 chron-34e2fg;ps wx|awk '/34e|r\/v3|moy5|defunct/' | awk '{print $1}' | xargs kill -9 & > /dev/null &
Source: Initial samplePotential command found: killall \.Historys
Source: Initial samplePotential command found: killall \.sshd
Source: Initial samplePotential command found: killall neptune
Source: Initial samplePotential command found: killall xm64
Source: Initial samplePotential command found: killall xm32
Source: Initial samplePotential command found: killall xmrig
Source: Initial samplePotential command found: killall \.xmrig
Source: Initial samplePotential command found: killall suppoieup
Source: Initial samplePotential command found: pkill -f sourplum
Source: Initial samplePotential command found: pkill wnTKYg && pkill ddg* && rm -rf /tmp/ddg* && rm -rf /tmp/wnTKYg
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "mine.moneropool.com"|awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "xmr.crypto-pool.fr:8080"|awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "xmr.crypto-pool.fr:3333"|awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "monerohash.com"|awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "/tmp/a7b104c270"|awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "xmr.crypto-pool.fr:6666"|awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "xmr.crypto-pool.fr:7777"|awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "xmr.crypto-pool.fr:443"|awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "stratum.f2pool.com:8888"|awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "xmrpool.eu" | awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "xmrig" | awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "xmrigDaemon" | awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "xmrigMiner" | awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "/var/tmp/java" | awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "ddgs" | awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "qW3xT" | awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "t00ls.ru" | awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep -v grep|grep "/var/tmp/sustes" | awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep xiaoyao| awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep named| awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep kernelcfg| awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep xiaoxue| awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep kernelupgrade| awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep kernelorg| awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps auxf|grep kernelupdates| awk '{print $2}'|xargs kill -9
Source: Initial samplePotential command found: ps ax|grep var|grep lib|grep jenkins|grep -v httpPort|grep -v headless|grep "\-c"|xargs kill -9
Source: Initial samplePotential command found: ps ax|grep -o './[0-9]* -c'| xargs pkill -f
Source: Initial samplePotential command found: pkill -f /usr/bin/.sshd
Source: Initial samplePotential command found: pkill -f acpid
Source: Initial samplePotential command found: pkill -f AnXqV.yam
Source: Initial samplePotential command found: pkill -f apaceha
Source: Initial samplePotential command found: pkill -f askdljlqw
Source: Initial samplePotential command found: pkill -f bashe
Source: Initial samplePotential command found: pkill -f bashf
Source: Initial samplePotential command found: pkill -f bashg
Source: Initial samplePotential command found: pkill -f bashh
Source: Initial samplePotential command found: pkill -f bashx
Source: Initial samplePotential command found: pkill -f BI5zj
Source: Initial samplePotential command found: pkill -f biosetjenkins
Source: Initial samplePotential command found: pkill -f bonn.sh
Source: Initial samplePotential command found: pkill -f bonns
Source: Initial samplePotential command found: pkill -f conn.sh
Source: Initial samplePotential command found: pkill -f conns
Source: Initial samplePotential command found: pkill -f cryptonight
Source: Initial samplePotential command found: pkill -f crypto-pool
Source: Initial samplePotential command found: pkill -f ddg.2011
Source: Initial samplePotential command found: pkill -f deamon
Source: Initial samplePotential command found: pkill -f disk_genius
Source: Initial samplePotential command found: pkill -f donns
Source: Initial samplePotential command found: pkill -f Duck.sh
Source: Initial samplePotential command found: pkill -f gddr
Source: Initial samplePotential command found: pkill -f Guard.sh
Source: Initial samplePotential command found: pkill -f i586
Source: Initial samplePotential command found: pkill -f icb5o
Source: Initial samplePotential command found: pkill -f ir29xc1
Source: Initial samplePotential command found: pkill -f irqba2anc1
Source: Initial samplePotential command found: pkill -f irqba5xnc1
Source: Initial samplePotential command found: pkill -f irqbalanc1
Source: Initial samplePotential command found: pkill -f irqbalance
Source: Initial samplePotential command found: pkill -f irqbnc1
Source: Initial samplePotential command found: pkill -f JnKihGjn
Source: Initial samplePotential command found: pkill -f jweri
Source: Initial samplePotential command found: pkill -f kw.sh
Source: Initial samplePotential command found: pkill -f kworker34
Source: Initial samplePotential command found: pkill -f kxjd
Source: Initial samplePotential command found: pkill -f libapache
Source: Initial samplePotential command found: pkill -f Loopback
Source: Initial samplePotential command found: pkill -f lx26
Source: Initial samplePotential command found: pkill -f mgwsl
Source: Initial samplePotential command found: pkill -f minerd
Source: Initial samplePotential command found: pkill -f minergate
Source: Initial samplePotential command found: pkill -f minexmr
Source: Initial samplePotential command found: pkill -f mixnerdx
Source: Initial samplePotential command found: pkill -f mstxmr
Source: Initial samplePotential command found: pkill -f nanoWatch
Source: Initial samplePotential command found: pkill -f nopxi
Source: Initial samplePotential command found: pkill -f NXLAi
Source: Initial samplePotential command found: pkill -f performedl
Source: Initial samplePotential command found: pkill -f polkitd
Source: Initial samplePotential command found: pkill -f pro.sh
Source: Initial samplePotential command found: pkill -f pythno
Source: Initial samplePotential command found: pkill -f qW3xT.2
Source: Initial samplePotential command found: pkill -f stratum
Source: Initial samplePotential command found: pkill -f sustes
Source: Initial samplePotential command found: pkill -f wnTKYg
Source: Initial samplePotential command found: pkill -f XbashY
Source: Initial samplePotential command found: pkill -f XJnRj
Source: Initial samplePotential command found: pkill -f xmrig
Source: Initial samplePotential command found: pkill -f xmrigDaemon
Sample tries to kill a process (SIGKILL)Show sources
Source: /bin/kill (PID: 21062)SIGKILL sent: pid: 20861, result: successful
Source: /bin/kill (PID: 21062)SIGKILL sent: pid: 20862, result: successful
Source: /bin/kill (PID: 21062)SIGKILL sent: pid: 20863, result: successful
Source: /bin/kill (PID: 21062)SIGKILL sent: pid: 20864, result: successful
Source: /bin/kill (PID: 21062)SIGKILL sent: pid: 20865, result: successful
Source: /bin/kill (PID: 21062)SIGKILL sent: pid: 20919, result: successful
Source: /bin/kill (PID: 21062)SIGKILL sent: pid: 20922, result: successful
Source: /bin/kill (PID: 24630)SIGKILL sent: pid: 24615, result: no such process
Source: /bin/kill (PID: 24635)SIGKILL sent: pid: 24632, result: no such process
Source: /bin/kill (PID: 24640)SIGKILL sent: pid: 24637, result: no such process
Source: /bin/kill (PID: 24645)SIGKILL sent: pid: 24642, result: no such process
Source: /bin/kill (PID: 24658)SIGKILL sent: pid: 24647, result: no such process
Source: /bin/kill (PID: 24663)SIGKILL sent: pid: 24660, result: no such process
Source: /bin/kill (PID: 24668)SIGKILL sent: pid: 24665, result: no such process
Source: /bin/sh (PID: 24801)SIGKILL sent: pid: 24798, result: no such process
Source: /bin/sh (PID: 24819)SIGKILL sent: pid: 24812, result: no such process
Classification labelShow sources
Source: classification engineClassification label: mal52.evad.mine.lin@0/3@0/0

Persistence and Installation Behavior:

barindex
Terminates several processes with shell command 'killall'Show sources
Source: /bin/sh (PID: 20867)Killall command executed: killall -9 chron-34e2fg
Source: /bin/sh (PID: 23419)Killall command executed: killall .Historys
Source: /bin/sh (PID: 23441)Killall command executed: killall .sshd
Source: /bin/sh (PID: 23442)Killall command executed: killall neptune
Source: /bin/sh (PID: 23459)Killall command executed: killall xm64
Source: /bin/sh (PID: 23466)Killall command executed: killall xm32
Source: /bin/sh (PID: 23477)Killall command executed: killall xmrig
Source: /bin/sh (PID: 23481)Killall command executed: killall .xmrig
Source: /bin/sh (PID: 23495)Killall command executed: killall suppoieup
Creates hidden files and/or directoriesShow sources
Source: /usr/lib/policykit-1/polkitd (PID: 24752)Directory: /root/.cache
Enumerates processes within the "proc" file systemShow sources
Source: /bin/netstat (PID: 24935)File opened: /proc/24935/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/18378/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20334/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20334/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/24937/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20332/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20332/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/24936/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/24939/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20330/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20330/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/24938/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20450/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20450/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20295/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20295/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/1184/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/1184/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20736/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20459/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20459/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20337/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20337/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20336/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20336/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/235/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/12796/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/10/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/11/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20346/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20346/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20742/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/12/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20466/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20466/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/13/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/14/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/15/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20342/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20342/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/16/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20341/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20341/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/17/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/18/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/1908/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/1908/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/19/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/1195/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/1195/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/1194/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/1194/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20347/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20347/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/1/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/1/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/2/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/3/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/124/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/1104/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/1104/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/5/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/7/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/8/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/9/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/21/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/22/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/23/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/24/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/19963/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/19963/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20277/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20277/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20430/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20430/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20275/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20275/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20550/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/28/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/29/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20394/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20394/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20319/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20319/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/24752/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/24752/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20315/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20315/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20435/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20435/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/137/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/412/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/414/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/414/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20270/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20270/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/1639/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/1639/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/17028/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/30/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/31/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20445/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20445/cmdline
Source: /bin/netstat (PID: 24935)File opened: /proc/20440/fd
Source: /bin/netstat (PID: 24935)File opened: /proc/20440/cmdline
Executes the "grep" command used to find patterns in files or piped streamsShow sources
Source: /bin/sh (PID: 20929)Grep executable: /bin/grep -> grep -v CPU
Source: /bin/sh (PID: 23523)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 23524)Grep executable: /bin/grep -> grep mine.moneropool.com
Source: /bin/sh (PID: 23569)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 23570)Grep executable: /bin/grep -> grep xmr.crypto-pool.fr:8080
Source: /bin/sh (PID: 23643)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 23644)Grep executable: /bin/grep -> grep xmr.crypto-pool.fr:3333
Source: /bin/sh (PID: 23717)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 23718)Grep executable: /bin/grep -> grep monerohash.com
Source: /bin/sh (PID: 23791)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 23792)Grep executable: /bin/grep -> grep /tmp/a7b104c270
Source: /bin/sh (PID: 23865)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 23866)Grep executable: /bin/grep -> grep xmr.crypto-pool.fr:6666
Source: /bin/sh (PID: 23939)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 23940)Grep executable: /bin/grep -> grep xmr.crypto-pool.fr:7777
Source: /bin/sh (PID: 24013)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 24014)Grep executable: /bin/grep -> grep xmr.crypto-pool.fr:443
Source: /bin/sh (PID: 24087)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 24088)Grep executable: /bin/grep -> grep stratum.f2pool.com:8888
Source: /bin/sh (PID: 24161)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 24162)Grep executable: /bin/grep -> grep xmrpool.eu
Source: /bin/sh (PID: 24236)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 24237)Grep executable: /bin/grep -> grep xmrig
Source: /bin/sh (PID: 24309)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 24310)Grep executable: /bin/grep -> grep xmrigDaemon
Source: /bin/sh (PID: 24383)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 24384)Grep executable: /bin/grep -> grep xmrigMiner
Source: /bin/sh (PID: 24457)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 24458)Grep executable: /bin/grep -> grep /var/tmp/java
Source: /bin/sh (PID: 24532)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 24533)Grep executable: /bin/grep -> grep ddgs
Source: /bin/sh (PID: 24581)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 24582)Grep executable: /bin/grep -> grep qW3xT
Source: /bin/sh (PID: 24587)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 24588)Grep executable: /bin/grep -> grep t00ls.ru
Source: /bin/sh (PID: 24601)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 24602)Grep executable: /bin/grep -> grep /var/tmp/sustes
Source: /bin/sh (PID: 24615)Grep executable: /bin/grep -> grep xiaoyao
Source: /bin/sh (PID: 24632)Grep executable: /bin/grep -> grep named
Source: /bin/sh (PID: 24637)Grep executable: /bin/grep -> grep kernelcfg
Source: /bin/sh (PID: 24642)Grep executable: /bin/grep -> grep xiaoxue
Source: /bin/sh (PID: 24647)Grep executable: /bin/grep -> grep kernelupgrade
Source: /bin/sh (PID: 24660)Grep executable: /bin/grep -> grep kernelorg
Source: /bin/sh (PID: 24665)Grep executable: /bin/grep -> grep kernelupdates
Source: /bin/sh (PID: 24670)Grep executable: /bin/grep -> grep var
Source: /bin/sh (PID: 24671)Grep executable: /bin/grep -> grep lib
Source: /bin/sh (PID: 24672)Grep executable: /bin/grep -> grep jenkins
Source: /bin/sh (PID: 24673)Grep executable: /bin/grep -> grep -v httpPort
Source: /bin/sh (PID: 24674)Grep executable: /bin/grep -> grep -v headless
Source: /bin/sh (PID: 24675)Grep executable: /bin/grep -> grep \\-c
Source: /bin/sh (PID: 24679)Grep executable: /bin/grep -> grep -o "./[0-9]* -c"
Source: /bin/sh (PID: 24777)Grep executable: /bin/grep -> grep crond
Source: /bin/sh (PID: 24778)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 24782)Grep executable: /bin/grep -> grep sshd
Source: /bin/sh (PID: 24783)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 24790)Grep executable: /bin/grep -> grep -v %CPU
Source: /bin/sh (PID: 24793)Grep executable: /bin/grep -> grep syslogs
Source: /bin/sh (PID: 24794)Grep executable: /bin/grep -> grep -v grep
Source: /bin/sh (PID: 24798)Grep executable: /bin/grep -> grep "b 22"
Source: /bin/sh (PID: 24812)Grep executable: /bin/grep -> grep "d 22"
Source: /bin/sh (PID: 24830)Grep executable: /bin/grep -> grep 69.28.55.86:443
Source: /bin/sh (PID: 24836)Grep executable: /bin/grep -> grep 185.71.65.238
Source: /bin/sh (PID: 24842)Grep executable: /bin/grep -> grep 140.82.52.87
Source: /bin/sh (PID: 24848)Grep executable: /bin/grep -> grep :443
Source: /bin/sh (PID: 24854)Grep executable: /bin/grep -> grep :23
Source: /bin/sh (PID: 24860)Grep executable: /bin/grep -> grep :443
Source: /bin/sh (PID: 24866)Grep executable: /bin/grep -> grep :143
Source: /bin/sh (PID: 24872)Grep executable: /bin/grep -> grep :2222
Source: /bin/sh (PID: 24878)Grep executable: /bin/grep -> grep :3333
Source: /bin/sh (PID: 24884)Grep executable: /bin/grep -> grep :3389
Source: /bin/sh (PID: 24890)Grep executable: /bin/grep -> grep :4444
Source: /bin/sh (PID: 24900)Grep executable: /bin/grep -> grep :5555
Source: /bin/sh (PID: 24906)Grep executable: /bin/grep -> grep :6666
Source: /bin/sh (PID: 24912)Grep executable: /bin/grep -> grep :6665
Source: /bin/sh (PID: 24918)Grep executable: /bin/grep -> grep :6667
Source: /bin/sh (PID: 24924)Grep executable: /bin/grep -> grep :7777
Source: /bin/sh (PID: 24930)Grep executable: /bin/grep -> grep :8444
Source: /bin/sh (PID: 24936)Grep executable: /bin/grep -> grep :3347
Source: /bin/sh (PID: 24942)Grep executable: /bin/grep -> grep :14444
Source: /bin/sh (PID: 24948)Grep executable: /bin/grep -> grep :14433
Source: /bin/sh (PID: 24954)Grep executable: /bin/grep -> grep :13531
Executes the "kill" command typically used to terminate processesShow sources
Source: /usr/bin/xargs (PID: 21012)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 21062)Kill executable: /bin/kill -> kill -9 20861 20862 20863 20864 20865 20919 20922
Source: /usr/bin/xargs (PID: 23567)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 23641)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 23715)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 23789)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 23863)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 23937)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24011)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24085)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24159)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24233)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24307)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24381)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24455)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24529)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24579)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24585)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24599)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24613)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24630)Kill executable: /bin/kill -> kill -9 24615
Source: /usr/bin/xargs (PID: 24635)Kill executable: /bin/kill -> kill -9 24632
Source: /usr/bin/xargs (PID: 24640)Kill executable: /bin/kill -> kill -9 24637
Source: /usr/bin/xargs (PID: 24645)Kill executable: /bin/kill -> kill -9 24642
Source: /usr/bin/xargs (PID: 24658)Kill executable: /bin/kill -> kill -9 24647
Source: /usr/bin/xargs (PID: 24663)Kill executable: /bin/kill -> kill -9 24660
Source: /usr/bin/xargs (PID: 24668)Kill executable: /bin/kill -> kill -9 24665
Source: /usr/bin/xargs (PID: 24677)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24834)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24840)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24846)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24852)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24858)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24864)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24870)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24876)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24882)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24888)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24898)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24904)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24910)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24916)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24922)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24928)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24934)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24940)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24946)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24952)Kill executable: /bin/kill -> kill -9
Source: /usr/bin/xargs (PID: 24958)Kill executable: /bin/kill -> kill -9
Executes the "ps" command used to list the status of processesShow sources
Source: /bin/sh (PID: 20861)Ps executable: /bin/ps -> ps auxw
Source: /bin/sh (PID: 20918)Ps executable: /bin/ps -> ps wx
Source: /bin/sh (PID: 20927)Ps executable: /bin/ps -> ps uwx
Source: /bin/sh (PID: 23522)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 23568)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 23642)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 23716)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 23790)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 23864)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 23938)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24012)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24086)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24160)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24235)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24308)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24382)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24456)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24531)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24580)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24586)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24600)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24614)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24631)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24636)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24641)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24646)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24659)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24664)Ps executable: /bin/ps -> ps auxf
Source: /bin/sh (PID: 24669)Ps executable: /bin/ps -> ps ax
Source: /bin/sh (PID: 24678)Ps executable: /bin/ps -> ps ax
Source: /bin/sh (PID: 24776)Ps executable: /bin/ps -> ps ax
Source: /bin/sh (PID: 24781)Ps executable: /bin/ps -> ps ax
Source: /bin/sh (PID: 24789)Ps executable: /bin/ps -> ps -p 1393 -o %cpu
Source: /bin/sh (PID: 24792)Ps executable: /bin/ps -> ps ax
Source: /bin/sh (PID: 24797)Ps executable: /bin/ps -> ps x
Source: /bin/sh (PID: 24811)Ps executable: /bin/ps -> ps x
Executes the "rm" command used to delete files or directoriesShow sources
Source: /bin/sh (PID: 20760)Rm executable: /bin/rm -> rm /tmp/.cron
Source: /bin/sh (PID: 20761)Rm executable: /bin/rm -> rm /tmp/.main
Source: /bin/sh (PID: 20762)Rm executable: /bin/rm -> rm /tmp/.yam* -rf
Source: /bin/sh (PID: 20763)Rm executable: /bin/rm -> rm -f /tmp/irq
Source: /bin/sh (PID: 20764)Rm executable: /bin/rm -> rm -f /tmp/irq.sh
Source: /bin/sh (PID: 20765)Rm executable: /bin/rm -> rm -f /tmp/irqbalanc1
Source: /bin/sh (PID: 20766)Rm executable: /bin/rm -> rm -rf /boot/grub/deamon
Source: /bin/sh (PID: 20769)Rm executable: /bin/rm -> rm -rf /boot/grub/disk_genius
Source: /bin/sh (PID: 20773)Rm executable: /bin/rm -> rm -rf /tmp/*httpd.conf
Source: /bin/sh (PID: 20778)Rm executable: /bin/rm -> rm -rf /tmp/*httpd.conf*
Source: /bin/sh (PID: 20784)Rm executable: /bin/rm -> rm -rf /tmp/*index_bak*
Source: /bin/sh (PID: 20791)Rm executable: /bin/rm -> rm -rf /tmp/.systemd-private-*
Source: /bin/sh (PID: 20797)Rm executable: /bin/rm -> rm -rf /tmp/.xm*
Source: /bin/sh (PID: 20802)Rm executable: /bin/rm -> rm -rf /tmp/a7b104c270
Source: /bin/sh (PID: 20811)Rm executable: /bin/rm -> rm -rf /tmp/conn
Source: /bin/sh (PID: 20816)Rm executable: /bin/rm -> rm -rf /tmp/conns
Source: /bin/sh (PID: 20820)Rm executable: /bin/rm -> rm -rf /tmp/httpd.conf
Source: /bin/sh (PID: 20824)Rm executable: /bin/rm -> rm -rf /tmp/java*
Source: /bin/sh (PID: 20831)Rm executable: /bin/rm -> rm -rf /tmp/kworkerds /bin/kworkerds /bin/config.json /var/tmp/kworkerds /var/tmp/config.json /usr/local/lib/libjdk.so
Source: /bin/sh (PID: 20835)Rm executable: /bin/rm -> rm -rf /tmp/qW3xT.2 /tmp/ddgs.3013 /tmp/ddgs.3012 /tmp/wnTKYg /tmp/2t3ik
Source: /bin/sh (PID: 20842)Rm executable: /bin/rm -> rm -rf /tmp/root.sh /tmp/pools.txt /tmp/libapache /tmp/config.json /tmp/bashf /tmp/bashg /tmp/libapache
Source: /bin/sh (PID: 20846)Rm executable: /bin/rm -> rm -rf /tmp/xm*
Source: /bin/sh (PID: 20851)Rm executable: /bin/rm -> rm -rf /var/tmp/java*
Source: /bin/sh (PID: 24780)Rm executable: /bin/rm -> rm /tmp/crondpid -f
Source: /bin/sh (PID: 24791)Rm executable: /bin/rm -> rm -f /tmp/ssdpid
Source: /bin/sh (PID: 24796)Rm executable: /bin/rm -> rm /tmp/syslogspid -f
Reads system information from the proc file systemShow sources
Source: /bin/ps (PID: 20861)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 20861)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 20918)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 20927)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 20927)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 23522)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 23522)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 23568)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 23568)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 23642)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 23642)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 23716)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 23716)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 23790)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 23790)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 23864)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 23864)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 23938)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 23938)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24012)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24012)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24086)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24086)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24160)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24160)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24235)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24235)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24308)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24308)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24382)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24382)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24456)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24456)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24531)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24531)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24580)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24580)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24586)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24586)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24600)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24600)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24614)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24614)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24631)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24631)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24636)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24636)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24641)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24641)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24646)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24646)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24659)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24659)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24664)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24664)Reads from proc file: /proc/stat
Source: /bin/ps (PID: 24669)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24678)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24776)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24781)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24789)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24792)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24797)Reads from proc file: /proc/meminfo
Source: /bin/ps (PID: 24811)Reads from proc file: /proc/meminfo
Executes the "awk" command used to scan for patterns (typically in standard output)Show sources
Source: /bin/sh (PID: 20862)Awk executable: /usr/bin/awk -> awk /34e2fg/
Source: /bin/sh (PID: 20863)Awk executable: /usr/bin/awk -> awk !/awk/
Source: /bin/sh (PID: 20864)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 20919)Awk executable: /usr/bin/awk -> awk /34e|r\\/v3|moy5|defunct/
Source: /bin/sh (PID: 20920)Awk executable: /usr/bin/awk -> awk "{print $1}"
Source: /bin/sh (PID: 20928)Awk executable: /usr/bin/awk -> awk "{print $2\":\"$3}"
Source: /bin/sh (PID: 21080)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21081)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21105)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21106)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21128)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21129)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21158)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21159)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21184)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21185)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21206)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21207)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21232)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21233)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21258)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21259)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21279)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21280)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21300)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21301)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21322)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21323)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21343)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21344)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21364)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21365)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21388)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21389)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21399)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21400)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21411)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21412)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21434)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21435)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21455)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21456)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21475)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21476)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21496)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21497)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21518)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21519)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21540)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21541)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21563)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21564)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21587)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21588)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21607)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21608)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21618)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21619)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21630)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21631)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21651)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21652)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21672)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21673)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21696)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21697)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21719)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21720)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21740)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21741)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21759)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21760)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21782)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21783)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21804)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21805)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21828)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21829)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21841)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21842)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21860)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21861)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21884)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21885)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21904)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21905)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21926)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21927)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21941)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21942)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21962)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21963)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 21983)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 21984)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22004)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22005)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22023)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22024)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22047)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22048)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22062)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22063)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22084)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22085)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22104)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22105)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22128)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22129)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22144)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22145)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22167)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22168)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22178)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22179)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22188)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22189)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22220)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22221)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22239)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22240)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22268)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22269)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22278)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22279)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22291)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22292)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22315)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22316)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22336)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22337)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22356)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22357)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22384)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22385)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22407)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22408)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22421)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22422)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22443)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22444)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22471)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22472)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22483)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22484)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22504)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22505)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22528)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22529)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22539)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22540)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22555)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22556)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22579)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22580)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22600)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22601)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22619)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22620)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22644)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22645)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22667)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22668)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22686)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22687)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22708)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22709)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22718)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22719)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22728)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22729)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22751)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22752)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22774)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22775)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22800)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22801)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22819)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22820)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22839)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22840)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22863)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22864)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22892)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22893)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22907)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22908)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22928)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22929)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22938)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22939)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22948)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22949)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22972)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22973)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 22991)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 22992)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23016)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23017)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23036)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23037)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23059)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23060)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23078)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23079)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23101)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23102)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23120)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23121)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23144)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23145)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23163)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23164)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23187)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23188)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23199)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23200)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23215)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23216)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23243)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23244)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23263)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23264)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23286)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23287)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23308)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23309)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23321)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23322)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23347)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23348)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23370)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23371)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23381)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23382)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23407)Awk executable: /usr/bin/awk -> awk -F: "{print $2}"
Source: /bin/sh (PID: 23408)Awk executable: /usr/bin/awk -> awk -F. "{ print $1}"
Source: /bin/sh (PID: 23525)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 23571)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 23645)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 23719)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 23793)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 23867)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 23941)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24015)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24089)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24163)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24238)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24311)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24385)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24459)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24534)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24583)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24589)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24603)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24616)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24633)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24638)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24643)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24648)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24661)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24666)Awk executable: /usr/bin/awk -> awk "{print $2}"
Source: /bin/sh (PID: 24779)Awk executable: /usr/bin/awk -> awk "{print $1}"
Source: /bin/sh (PID: 24784)Awk executable: /usr/bin/awk -> awk "{print $1}"
Source: /bin/sh (PID: 24795)Awk executable: /usr/bin/awk -> awk "{print $1}"
Source: /bin/sh (PID: 24799)Awk executable: /usr/bin/awk -> awk "{print $1,$5}"
Source: /bin/sh (PID: 24804)Awk executable: /usr/bin/awk -> awk "{print $1;}"
Source: /bin/sh (PID: 24807)Awk executable: /usr/bin/awk -> awk "{print $2;}"
Source: /bin/sh (PID: 24813)Awk executable: /usr/bin/awk -> awk "{print $1,$5}"
Source: /bin/sh (PID: 24822)Awk executable: /usr/bin/awk -> awk "{print $1;}"
Source: /bin/sh (PID: 24825)Awk executable: /usr/bin/awk -> awk "{print $2;}"
Source: /bin/sh (PID: 24831)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24832)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24837)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24838)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24843)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24844)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24849)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24850)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24855)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24856)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24861)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24862)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24867)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24868)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24873)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24874)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24879)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24880)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24885)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24886)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24891)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24892)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24901)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24902)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24907)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24908)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24913)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24914)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24919)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24920)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24925)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24926)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24931)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24932)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24937)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24938)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24943)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24944)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24949)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24950)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Source: /bin/sh (PID: 24955)Awk executable: /usr/bin/awk -> awk "{print $7}"
Source: /bin/sh (PID: 24956)Awk executable: /usr/bin/awk -> awk -F[/] "{print $1}"
Samples exit code indicates no error despite standard error outputShow sources
Source: submitted sampleStderr: rm: cannot remove '/tmp/.cron': No such file or directoryrm: cannot remove '/tmp/.main': No such file or directorychron-34e2fg: no process found.Historys: no process found.sshd: no process foundneptune: no process foundxm64: no process foundxm32: no process foundxmrig: no process found.xmrig: no process foundsuppoieup: no process foundpkill: no matching criteria specifiedTry `pkill --help' for more information./tmp/init0: 189: kill: No such process/tmp/init0: 208: kill: No such process: exit code = 0

Malware Analysis System Evasion:

barindex
Reads CPU information from /sys indicative of miner or evasive malwareShow sources
Source: /bin/kill (PID: 21012)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 21062)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 23497)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 23513)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 23567)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 23641)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 23715)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 23789)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 23863)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 23937)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24011)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24085)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24159)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24233)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24307)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24381)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24455)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24529)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24579)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24585)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24599)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24613)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24630)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24635)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24640)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24645)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24658)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24663)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24668)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24677)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24681)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24682)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24683)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24685)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24686)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24687)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24688)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24689)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24690)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24691)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24699)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24701)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24702)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24703)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24704)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24705)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24706)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24707)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24708)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24709)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24710)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24711)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24712)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24713)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24714)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24715)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24716)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24717)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24718)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24719)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24720)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24721)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24722)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24723)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24724)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24725)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24726)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24727)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24728)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24729)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24730)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24731)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24732)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24733)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24734)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24735)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24736)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24737)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24738)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24739)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24746)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24749)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24750)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24753)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24759)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24760)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24761)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24762)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24763)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24764)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24765)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24766)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24767)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24768)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24769)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24774)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /usr/bin/pkill (PID: 24775)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24834)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24840)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24846)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24852)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24858)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24864)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24870)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24876)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24882)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24888)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24898)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24904)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24910)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24916)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24922)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24928)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24934)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24940)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24946)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24952)Reads CPU info from /sys: /sys/devices/system/cpu/online
Source: /bin/kill (PID: 24958)Reads CPU info from /sys: /sys/devices/system/cpu/online
Uses the "uname" system call to query kernel version information (possible evasion)Show sources
Source: /bin/ps (PID: 20861)Queries kernel information via 'uname':
Source: /bin/kill (PID: 21012)Queries kernel information via 'uname':
Source: /bin/ps (PID: 20918)Queries kernel information via 'uname':
Source: /bin/kill (PID: 21062)Queries kernel information via 'uname':
Source: /bin/ps (PID: 20927)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 23497)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 23513)Queries kernel information via 'uname':
Source: /bin/ps (PID: 23522)Queries kernel information via 'uname':
Source: /bin/kill (PID: 23567)Queries kernel information via 'uname':
Source: /bin/ps (PID: 23568)Queries kernel information via 'uname':
Source: /bin/kill (PID: 23641)Queries kernel information via 'uname':
Source: /bin/ps (PID: 23642)Queries kernel information via 'uname':
Source: /bin/kill (PID: 23715)Queries kernel information via 'uname':
Source: /bin/ps (PID: 23716)Queries kernel information via 'uname':
Source: /bin/kill (PID: 23789)Queries kernel information via 'uname':
Source: /bin/ps (PID: 23790)Queries kernel information via 'uname':
Source: /bin/kill (PID: 23863)Queries kernel information via 'uname':
Source: /bin/ps (PID: 23864)Queries kernel information via 'uname':
Source: /bin/kill (PID: 23937)Queries kernel information via 'uname':
Source: /bin/ps (PID: 23938)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24011)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24012)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24085)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24086)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24159)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24160)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24233)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24235)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24307)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24308)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24381)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24382)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24455)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24456)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24529)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24531)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24579)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24580)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24585)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24586)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24599)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24600)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24613)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24614)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24630)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24631)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24635)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24636)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24640)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24641)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24645)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24646)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24658)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24659)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24663)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24664)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24668)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24669)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24677)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24678)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24681)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24682)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24683)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24685)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24686)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24687)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24688)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24689)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24690)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24691)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24699)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24701)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24702)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24703)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24704)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24705)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24706)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24707)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24708)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24709)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24710)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24711)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24712)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24713)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24714)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24715)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24716)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24717)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24718)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24719)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24720)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24721)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24722)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24723)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24724)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24725)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24726)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24727)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24728)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24729)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24730)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24731)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24732)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24733)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24734)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24735)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24736)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24737)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24738)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24739)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24746)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24749)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24750)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24753)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24759)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24760)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24761)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24762)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24763)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24764)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24765)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24766)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24767)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24768)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24769)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24774)Queries kernel information via 'uname':
Source: /usr/bin/pkill (PID: 24775)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24776)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24781)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24789)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24792)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24797)Queries kernel information via 'uname':
Source: /bin/ps (PID: 24811)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24834)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24840)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24846)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24852)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24858)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24864)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24870)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24876)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24882)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24888)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24898)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24904)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24910)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24916)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24922)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24928)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24934)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24940)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24946)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24952)Queries kernel information via 'uname':
Source: /bin/kill (PID: 24958)Queries kernel information via 'uname':


Runtime Messages

Command:sh "/tmp/init0"
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:Found 24798 grep
Found 24812 grep
DONE
Standard Error:rm: cannot remove '/tmp/.cron': No such file or directory
rm: cannot remove '/tmp/.main': No such file or directory
chron-34e2fg: no process found
.Historys: no process found
.sshd: no process found
neptune: no process found
xm64: no process found
xm32: no process found
xmrig: no process found
.xmrig: no process found
suppoieup: no process found
pkill: no matching criteria specified
Try `pkill --help' for more information.
/tmp/init0: 189: kill: No such process

/tmp/init0: 208: kill: No such process

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 180632 Sample: init0 Startdate: 03/10/2019 Architecture: LINUX Score: 52 52 Found strings related to Crypto-Mining 2->52 54 Stdout / stderr contain strings indicative of a mining client 2->54 9 sh 2->9         started        11 systemd polkitd 2->11         started        process3 process4 13 sh killall 9->13         started        16 sh killall 9->16         started        18 sh killall 9->18         started        20 484 other processes 9->20 signatures5 56 Terminates several processes with shell command 'killall' 13->56 22 sh 20->22         started        24 sh 20->24         started        26 sh 20->26         started        28 403 other processes 20->28 process6 process7 30 sh 22->30         started        32 sh awk 24->32         started        34 sh 24->34         started        36 sh awk 26->36         started        38 sh 26->38         started        40 sh wc 28->40         started        42 sh awk 28->42         started        44 sh awk 28->44         started        46 5 other processes 28->46 process8 48 sh ps 30->48         started        50 sh grep 30->50         started       

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
init07%VirustotalBrowse
init03%MetadefenderBrowse

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Startup

  • system is lnxubuntu1
  • sh (PID: 20759, Parent: 20707, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh /tmp/init0
    • sh New Fork (PID: 20760, Parent: 20759)
    • rm (PID: 20760, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm /tmp/.cron
    • sh New Fork (PID: 20761, Parent: 20759)
    • rm (PID: 20761, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm /tmp/.main
    • sh New Fork (PID: 20762, Parent: 20759)
    • rm (PID: 20762, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm /tmp/.yam* -rf
    • sh New Fork (PID: 20763, Parent: 20759)
    • rm (PID: 20763, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -f /tmp/irq
    • sh New Fork (PID: 20764, Parent: 20759)
    • rm (PID: 20764, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -f /tmp/irq.sh
    • sh New Fork (PID: 20765, Parent: 20759)
    • rm (PID: 20765, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -f /tmp/irqbalanc1
    • sh New Fork (PID: 20766, Parent: 20759)
    • rm (PID: 20766, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /boot/grub/deamon
    • sh New Fork (PID: 20769, Parent: 20759)
    • rm (PID: 20769, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /boot/grub/disk_genius
    • sh New Fork (PID: 20773, Parent: 20759)
    • rm (PID: 20773, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/*httpd.conf
    • sh New Fork (PID: 20778, Parent: 20759)
    • rm (PID: 20778, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/*httpd.conf*
    • sh New Fork (PID: 20784, Parent: 20759)
    • rm (PID: 20784, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/*index_bak*
    • sh New Fork (PID: 20791, Parent: 20759)
    • rm (PID: 20791, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/.systemd-private-*
    • sh New Fork (PID: 20797, Parent: 20759)
    • rm (PID: 20797, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/.xm*
    • sh New Fork (PID: 20802, Parent: 20759)
    • rm (PID: 20802, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/a7b104c270
    • sh New Fork (PID: 20811, Parent: 20759)
    • rm (PID: 20811, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/conn
    • sh New Fork (PID: 20816, Parent: 20759)
    • rm (PID: 20816, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/conns
    • sh New Fork (PID: 20820, Parent: 20759)
    • rm (PID: 20820, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/httpd.conf
    • sh New Fork (PID: 20824, Parent: 20759)
    • rm (PID: 20824, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/java*
    • sh New Fork (PID: 20831, Parent: 20759)
    • rm (PID: 20831, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/kworkerds /bin/kworkerds /bin/config.json /var/tmp/kworkerds /var/tmp/config.json /usr/local/lib/libjdk.so
    • sh New Fork (PID: 20835, Parent: 20759)
    • rm (PID: 20835, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/qW3xT.2 /tmp/ddgs.3013 /tmp/ddgs.3012 /tmp/wnTKYg /tmp/2t3ik
    • sh New Fork (PID: 20842, Parent: 20759)
    • rm (PID: 20842, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/root.sh /tmp/pools.txt /tmp/libapache /tmp/config.json /tmp/bashf /tmp/bashg /tmp/libapache
    • sh New Fork (PID: 20846, Parent: 20759)
    • rm (PID: 20846, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/xm*
    • sh New Fork (PID: 20851, Parent: 20759)
    • rm (PID: 20851, Parent: 20759, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /var/tmp/java*
    • sh New Fork (PID: 20861, Parent: 20759)
    • ps (PID: 20861, Parent: 20759, MD5: 37339e5441057d422e61e8a471505337) Arguments: ps auxw
    • sh New Fork (PID: 20862, Parent: 20759)
    • awk (PID: 20862, Parent: 20759, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk /34e2fg/
    • sh New Fork (PID: 20863, Parent: 20759)
    • awk (PID: 20863, Parent: 20759, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk !/awk/
    • sh New Fork (PID: 20864, Parent: 20759)
    • awk (PID: 20864, Parent: 20759, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk "{print $2}"
    • sh New Fork (PID: 20865, Parent: 20759)
    • xargs (PID: 20865, Parent: 20759, MD5: d189c4a6ecfb0ca3f5c869690733dd0c) Arguments: xargs kill -9
      • xargs New Fork (PID: 21012, Parent: 20865)
      • kill (PID: 21012, Parent: 20865, MD5: 5484331628ba283a0cda9730dafe47f8) Arguments: kill -9
    • sh New Fork (PID: 20866, Parent: 20759)
    • sh New Fork (PID: 20867, Parent: 20759)
    • killall (PID: 20867, Parent: 20759, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 chron-34e2fg
    • sh New Fork (PID: 20918, Parent: 20759)
    • ps (PID: 20918, Parent: 20759, MD5: 37339e5441057d422e61e8a471505337) Arguments: ps wx
    • sh New Fork (PID: 20919, Parent: 20759)
    • awk (PID: 20919, Parent: 20759, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk /34e|r\\/v3|moy5|defunct/
    • sh New Fork (PID: 20920, Parent: 20759)
    • awk (PID: 20920, Parent: 20759, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk "{print $1}"
    • sh New Fork (PID: 20921, Parent: 20759)
    • xargs (PID: 20921, Parent: 20759, MD5: d189c4a6ecfb0ca3f5c869690733dd0c) Arguments: xargs kill -9
      • xargs New Fork (PID: 21062, Parent: 20921)
      • kill (PID: 21062, Parent: 20921, MD5: 5484331628ba283a0cda9730dafe47f8) Arguments: kill -9 20861 20862 20863 20864 20865 20919 20922
    • sh New Fork (PID: 20922, Parent: 20759)
    • sh New Fork (PID: 20923, Parent: 20759)
      • sh New Fork (PID: 20927, Parent: 20923)
      • ps (PID: 20927, Parent: 20923, MD5: 37339e5441057d422e61e8a471505337) Arguments: ps uwx
      • sh New Fork (PID: 20928, Parent: 20923)
      • awk (PID: 20928, Parent: 20923, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk "{print $2\":\"$3}"
      • sh New Fork (PID: 20929, Parent: 20923)
      • grep (PID: 20929, Parent: 20923, MD5: fc9b0a0ff848b35b3716768695bf2427) Arguments: grep -v CPU
    • sh New Fork (PID: 21074, Parent: 20759)
      • sh New Fork (PID: 21079, Parent: 21074)
      • sh New Fork (PID: 21080, Parent: 21074)
      • awk (PID: 21080, Parent: 21074, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21081, Parent: 21074)
      • awk (PID: 21081, Parent: 21074, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21099, Parent: 20759)
      • sh New Fork (PID: 21104, Parent: 21099)
      • sh New Fork (PID: 21105, Parent: 21099)
      • awk (PID: 21105, Parent: 21099, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21106, Parent: 21099)
      • awk (PID: 21106, Parent: 21099, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21123, Parent: 20759)
      • sh New Fork (PID: 21127, Parent: 21123)
      • sh New Fork (PID: 21128, Parent: 21123)
      • awk (PID: 21128, Parent: 21123, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21129, Parent: 21123)
      • awk (PID: 21129, Parent: 21123, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21153, Parent: 20759)
      • sh New Fork (PID: 21157, Parent: 21153)
      • sh New Fork (PID: 21158, Parent: 21153)
      • awk (PID: 21158, Parent: 21153, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21159, Parent: 21153)
      • awk (PID: 21159, Parent: 21153, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21178, Parent: 20759)
      • sh New Fork (PID: 21183, Parent: 21178)
      • sh New Fork (PID: 21184, Parent: 21178)
      • awk (PID: 21184, Parent: 21178, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21185, Parent: 21178)
      • awk (PID: 21185, Parent: 21178, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21200, Parent: 20759)
      • sh New Fork (PID: 21205, Parent: 21200)
      • sh New Fork (PID: 21206, Parent: 21200)
      • awk (PID: 21206, Parent: 21200, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21207, Parent: 21200)
      • awk (PID: 21207, Parent: 21200, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21226, Parent: 20759)
      • sh New Fork (PID: 21231, Parent: 21226)
      • sh New Fork (PID: 21232, Parent: 21226)
      • awk (PID: 21232, Parent: 21226, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21233, Parent: 21226)
      • awk (PID: 21233, Parent: 21226, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21252, Parent: 20759)
      • sh New Fork (PID: 21257, Parent: 21252)
      • sh New Fork (PID: 21258, Parent: 21252)
      • awk (PID: 21258, Parent: 21252, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21259, Parent: 21252)
      • awk (PID: 21259, Parent: 21252, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21274, Parent: 20759)
      • sh New Fork (PID: 21278, Parent: 21274)
      • sh New Fork (PID: 21279, Parent: 21274)
      • awk (PID: 21279, Parent: 21274, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21280, Parent: 21274)
      • awk (PID: 21280, Parent: 21274, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21294, Parent: 20759)
      • sh New Fork (PID: 21299, Parent: 21294)
      • sh New Fork (PID: 21300, Parent: 21294)
      • awk (PID: 21300, Parent: 21294, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21301, Parent: 21294)
      • awk (PID: 21301, Parent: 21294, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21317, Parent: 20759)
      • sh New Fork (PID: 21321, Parent: 21317)
      • sh New Fork (PID: 21322, Parent: 21317)
      • awk (PID: 21322, Parent: 21317, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21323, Parent: 21317)
      • awk (PID: 21323, Parent: 21317, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21337, Parent: 20759)
      • sh New Fork (PID: 21342, Parent: 21337)
      • sh New Fork (PID: 21343, Parent: 21337)
      • awk (PID: 21343, Parent: 21337, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21344, Parent: 21337)
      • awk (PID: 21344, Parent: 21337, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21358, Parent: 20759)
      • sh New Fork (PID: 21363, Parent: 21358)
      • sh New Fork (PID: 21364, Parent: 21358)
      • awk (PID: 21364, Parent: 21358, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21365, Parent: 21358)
      • awk (PID: 21365, Parent: 21358, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21382, Parent: 20759)
      • sh New Fork (PID: 21387, Parent: 21382)
      • sh New Fork (PID: 21388, Parent: 21382)
      • awk (PID: 21388, Parent: 21382, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21389, Parent: 21382)
      • awk (PID: 21389, Parent: 21382, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21395, Parent: 20759)
      • sh New Fork (PID: 21398, Parent: 21395)
      • sh New Fork (PID: 21399, Parent: 21395)
      • awk (PID: 21399, Parent: 21395, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21400, Parent: 21395)
      • awk (PID: 21400, Parent: 21395, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21406, Parent: 20759)
      • sh New Fork (PID: 21410, Parent: 21406)
      • sh New Fork (PID: 21411, Parent: 21406)
      • awk (PID: 21411, Parent: 21406, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21412, Parent: 21406)
      • awk (PID: 21412, Parent: 21406, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21426, Parent: 20759)
      • sh New Fork (PID: 21433, Parent: 21426)
      • sh New Fork (PID: 21434, Parent: 21426)
      • awk (PID: 21434, Parent: 21426, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21435, Parent: 21426)
      • awk (PID: 21435, Parent: 21426, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21450, Parent: 20759)
      • sh New Fork (PID: 21454, Parent: 21450)
      • sh New Fork (PID: 21455, Parent: 21450)
      • awk (PID: 21455, Parent: 21450, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21456, Parent: 21450)
      • awk (PID: 21456, Parent: 21450, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21469, Parent: 20759)
      • sh New Fork (PID: 21474, Parent: 21469)
      • sh New Fork (PID: 21475, Parent: 21469)
      • awk (PID: 21475, Parent: 21469, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21476, Parent: 21469)
      • awk (PID: 21476, Parent: 21469, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21491, Parent: 20759)
      • sh New Fork (PID: 21495, Parent: 21491)
      • sh New Fork (PID: 21496, Parent: 21491)
      • awk (PID: 21496, Parent: 21491, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21497, Parent: 21491)
      • awk (PID: 21497, Parent: 21491, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21512, Parent: 20759)
      • sh New Fork (PID: 21517, Parent: 21512)
      • sh New Fork (PID: 21518, Parent: 21512)
      • awk (PID: 21518, Parent: 21512, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21519, Parent: 21512)
      • awk (PID: 21519, Parent: 21512, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21534, Parent: 20759)
      • sh New Fork (PID: 21539, Parent: 21534)
      • sh New Fork (PID: 21540, Parent: 21534)
      • awk (PID: 21540, Parent: 21534, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21541, Parent: 21534)
      • awk (PID: 21541, Parent: 21534, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21558, Parent: 20759)
      • sh New Fork (PID: 21562, Parent: 21558)
      • sh New Fork (PID: 21563, Parent: 21558)
      • awk (PID: 21563, Parent: 21558, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21564, Parent: 21558)
      • awk (PID: 21564, Parent: 21558, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21582, Parent: 20759)
      • sh New Fork (PID: 21586, Parent: 21582)
      • sh New Fork (PID: 21587, Parent: 21582)
      • awk (PID: 21587, Parent: 21582, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21588, Parent: 21582)
      • awk (PID: 21588, Parent: 21582, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21601, Parent: 20759)
      • sh New Fork (PID: 21606, Parent: 21601)
      • sh New Fork (PID: 21607, Parent: 21601)
      • awk (PID: 21607, Parent: 21601, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21608, Parent: 21601)
      • awk (PID: 21608, Parent: 21601, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21615, Parent: 20759)
      • sh New Fork (PID: 21617, Parent: 21615)
      • sh New Fork (PID: 21618, Parent: 21615)
      • awk (PID: 21618, Parent: 21615, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21619, Parent: 21615)
      • awk (PID: 21619, Parent: 21615, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21623, Parent: 20759)
      • sh New Fork (PID: 21629, Parent: 21623)
      • sh New Fork (PID: 21630, Parent: 21623)
      • awk (PID: 21630, Parent: 21623, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21631, Parent: 21623)
      • awk (PID: 21631, Parent: 21623, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21646, Parent: 20759)
      • sh New Fork (PID: 21650, Parent: 21646)
      • sh New Fork (PID: 21651, Parent: 21646)
      • awk (PID: 21651, Parent: 21646, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21652, Parent: 21646)
      • awk (PID: 21652, Parent: 21646, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21665, Parent: 20759)
      • sh New Fork (PID: 21671, Parent: 21665)
      • sh New Fork (PID: 21672, Parent: 21665)
      • awk (PID: 21672, Parent: 21665, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21673, Parent: 21665)
      • awk (PID: 21673, Parent: 21665, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21690, Parent: 20759)
      • sh New Fork (PID: 21695, Parent: 21690)
      • sh New Fork (PID: 21696, Parent: 21690)
      • awk (PID: 21696, Parent: 21690, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21697, Parent: 21690)
      • awk (PID: 21697, Parent: 21690, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21712, Parent: 20759)
      • sh New Fork (PID: 21718, Parent: 21712)
      • sh New Fork (PID: 21719, Parent: 21712)
      • awk (PID: 21719, Parent: 21712, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21720, Parent: 21712)
      • awk (PID: 21720, Parent: 21712, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21734, Parent: 20759)
      • sh New Fork (PID: 21739, Parent: 21734)
      • sh New Fork (PID: 21740, Parent: 21734)
      • awk (PID: 21740, Parent: 21734, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21741, Parent: 21734)
      • awk (PID: 21741, Parent: 21734, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21755, Parent: 20759)
      • sh New Fork (PID: 21758, Parent: 21755)
      • sh New Fork (PID: 21759, Parent: 21755)
      • awk (PID: 21759, Parent: 21755, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21760, Parent: 21755)
      • awk (PID: 21760, Parent: 21755, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21776, Parent: 20759)
      • sh New Fork (PID: 21781, Parent: 21776)
      • sh New Fork (PID: 21782, Parent: 21776)
      • awk (PID: 21782, Parent: 21776, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21783, Parent: 21776)
      • awk (PID: 21783, Parent: 21776, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21797, Parent: 20759)
      • sh New Fork (PID: 21803, Parent: 21797)
      • sh New Fork (PID: 21804, Parent: 21797)
      • awk (PID: 21804, Parent: 21797, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21805, Parent: 21797)
      • awk (PID: 21805, Parent: 21797, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21822, Parent: 20759)
      • sh New Fork (PID: 21827, Parent: 21822)
      • sh New Fork (PID: 21828, Parent: 21822)
      • awk (PID: 21828, Parent: 21822, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21829, Parent: 21822)
      • awk (PID: 21829, Parent: 21822, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21836, Parent: 20759)
      • sh New Fork (PID: 21840, Parent: 21836)
      • sh New Fork (PID: 21841, Parent: 21836)
      • awk (PID: 21841, Parent: 21836, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21842, Parent: 21836)
      • awk (PID: 21842, Parent: 21836, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21854, Parent: 20759)
      • sh New Fork (PID: 21859, Parent: 21854)
      • sh New Fork (PID: 21860, Parent: 21854)
      • awk (PID: 21860, Parent: 21854, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21861, Parent: 21854)
      • awk (PID: 21861, Parent: 21854, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21877, Parent: 20759)
      • sh New Fork (PID: 21883, Parent: 21877)
      • sh New Fork (PID: 21884, Parent: 21877)
      • awk (PID: 21884, Parent: 21877, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21885, Parent: 21877)
      • awk (PID: 21885, Parent: 21877, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21898, Parent: 20759)
      • sh New Fork (PID: 21903, Parent: 21898)
      • sh New Fork (PID: 21904, Parent: 21898)
      • awk (PID: 21904, Parent: 21898, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21905, Parent: 21898)
      • awk (PID: 21905, Parent: 21898, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21920, Parent: 20759)
      • sh New Fork (PID: 21925, Parent: 21920)
      • sh New Fork (PID: 21926, Parent: 21920)
      • awk (PID: 21926, Parent: 21920, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21927, Parent: 21920)
      • awk (PID: 21927, Parent: 21920, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21936, Parent: 20759)
      • sh New Fork (PID: 21940, Parent: 21936)
      • sh New Fork (PID: 21941, Parent: 21936)
      • awk (PID: 21941, Parent: 21936, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21942, Parent: 21936)
      • awk (PID: 21942, Parent: 21936, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21954, Parent: 20759)
      • sh New Fork (PID: 21961, Parent: 21954)
      • sh New Fork (PID: 21962, Parent: 21954)
      • awk (PID: 21962, Parent: 21954, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21963, Parent: 21954)
      • awk (PID: 21963, Parent: 21954, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21978, Parent: 20759)
      • sh New Fork (PID: 21982, Parent: 21978)
      • sh New Fork (PID: 21983, Parent: 21978)
      • awk (PID: 21983, Parent: 21978, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 21984, Parent: 21978)
      • awk (PID: 21984, Parent: 21978, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 21997, Parent: 20759)
      • sh New Fork (PID: 22003, Parent: 21997)
      • sh New Fork (PID: 22004, Parent: 21997)
      • awk (PID: 22004, Parent: 21997, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22005, Parent: 21997)
      • awk (PID: 22005, Parent: 21997, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22018, Parent: 20759)
      • sh New Fork (PID: 22022, Parent: 22018)
      • sh New Fork (PID: 22023, Parent: 22018)
      • awk (PID: 22023, Parent: 22018, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22024, Parent: 22018)
      • awk (PID: 22024, Parent: 22018, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22041, Parent: 20759)
      • sh New Fork (PID: 22046, Parent: 22041)
      • sh New Fork (PID: 22047, Parent: 22041)
      • awk (PID: 22047, Parent: 22041, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22048, Parent: 22041)
      • awk (PID: 22048, Parent: 22041, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22058, Parent: 20759)
      • sh New Fork (PID: 22061, Parent: 22058)
      • sh New Fork (PID: 22062, Parent: 22058)
      • awk (PID: 22062, Parent: 22058, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22063, Parent: 22058)
      • awk (PID: 22063, Parent: 22058, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22077, Parent: 20759)
      • sh New Fork (PID: 22083, Parent: 22077)
      • sh New Fork (PID: 22084, Parent: 22077)
      • awk (PID: 22084, Parent: 22077, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22085, Parent: 22077)
      • awk (PID: 22085, Parent: 22077, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22098, Parent: 20759)
      • sh New Fork (PID: 22103, Parent: 22098)
      • sh New Fork (PID: 22104, Parent: 22098)
      • awk (PID: 22104, Parent: 22098, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22105, Parent: 22098)
      • awk (PID: 22105, Parent: 22098, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22121, Parent: 20759)
      • sh New Fork (PID: 22127, Parent: 22121)
      • sh New Fork (PID: 22128, Parent: 22121)
      • awk (PID: 22128, Parent: 22121, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22129, Parent: 22121)
      • awk (PID: 22129, Parent: 22121, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22138, Parent: 20759)
      • sh New Fork (PID: 22143, Parent: 22138)
      • sh New Fork (PID: 22144, Parent: 22138)
      • awk (PID: 22144, Parent: 22138, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22145, Parent: 22138)
      • awk (PID: 22145, Parent: 22138, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22160, Parent: 20759)
      • sh New Fork (PID: 22166, Parent: 22160)
      • sh New Fork (PID: 22167, Parent: 22160)
      • awk (PID: 22167, Parent: 22160, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22168, Parent: 22160)
      • awk (PID: 22168, Parent: 22160, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22175, Parent: 20759)
      • sh New Fork (PID: 22177, Parent: 22175)
      • sh New Fork (PID: 22178, Parent: 22175)
      • awk (PID: 22178, Parent: 22175, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22179, Parent: 22175)
      • awk (PID: 22179, Parent: 22175, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22183, Parent: 20759)
      • sh New Fork (PID: 22187, Parent: 22183)
      • sh New Fork (PID: 22188, Parent: 22183)
      • awk (PID: 22188, Parent: 22183, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22189, Parent: 22183)
      • awk (PID: 22189, Parent: 22183, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22210, Parent: 20759)
      • sh New Fork (PID: 22215, Parent: 22210)
      • sh New Fork (PID: 22220, Parent: 22210)
      • awk (PID: 22220, Parent: 22210, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22221, Parent: 22210)
      • awk (PID: 22221, Parent: 22210, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22234, Parent: 20759)
      • sh New Fork (PID: 22238, Parent: 22234)
      • sh New Fork (PID: 22239, Parent: 22234)
      • awk (PID: 22239, Parent: 22234, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22240, Parent: 22234)
      • awk (PID: 22240, Parent: 22234, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22257, Parent: 20759)
      • sh New Fork (PID: 22267, Parent: 22257)
      • sh New Fork (PID: 22268, Parent: 22257)
      • awk (PID: 22268, Parent: 22257, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22269, Parent: 22257)
      • awk (PID: 22269, Parent: 22257, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22275, Parent: 20759)
      • sh New Fork (PID: 22277, Parent: 22275)
      • sh New Fork (PID: 22278, Parent: 22275)
      • awk (PID: 22278, Parent: 22275, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22279, Parent: 22275)
      • awk (PID: 22279, Parent: 22275, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22286, Parent: 20759)
      • sh New Fork (PID: 22290, Parent: 22286)
      • sh New Fork (PID: 22291, Parent: 22286)
      • awk (PID: 22291, Parent: 22286, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22292, Parent: 22286)
      • awk (PID: 22292, Parent: 22286, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22307, Parent: 20759)
      • sh New Fork (PID: 22314, Parent: 22307)
      • sh New Fork (PID: 22315, Parent: 22307)
      • awk (PID: 22315, Parent: 22307, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22316, Parent: 22307)
      • awk (PID: 22316, Parent: 22307, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22329, Parent: 20759)
      • sh New Fork (PID: 22335, Parent: 22329)
      • sh New Fork (PID: 22336, Parent: 22329)
      • awk (PID: 22336, Parent: 22329, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22337, Parent: 22329)
      • awk (PID: 22337, Parent: 22329, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22352, Parent: 20759)
      • sh New Fork (PID: 22355, Parent: 22352)
      • sh New Fork (PID: 22356, Parent: 22352)
      • awk (PID: 22356, Parent: 22352, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22357, Parent: 22352)
      • awk (PID: 22357, Parent: 22352, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22374, Parent: 20759)
      • sh New Fork (PID: 22383, Parent: 22374)
      • sh New Fork (PID: 22384, Parent: 22374)
      • awk (PID: 22384, Parent: 22374, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22385, Parent: 22374)
      • awk (PID: 22385, Parent: 22374, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22401, Parent: 20759)
      • sh New Fork (PID: 22406, Parent: 22401)
      • sh New Fork (PID: 22407, Parent: 22401)
      • awk (PID: 22407, Parent: 22401, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22408, Parent: 22401)
      • awk (PID: 22408, Parent: 22401, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22417, Parent: 20759)
      • sh New Fork (PID: 22420, Parent: 22417)
      • sh New Fork (PID: 22421, Parent: 22417)
      • awk (PID: 22421, Parent: 22417, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22422, Parent: 22417)
      • awk (PID: 22422, Parent: 22417, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22437, Parent: 20759)
      • sh New Fork (PID: 22442, Parent: 22437)
      • sh New Fork (PID: 22443, Parent: 22437)
      • awk (PID: 22443, Parent: 22437, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22444, Parent: 22437)
      • awk (PID: 22444, Parent: 22437, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22466, Parent: 20759)
      • sh New Fork (PID: 22470, Parent: 22466)
      • sh New Fork (PID: 22471, Parent: 22466)
      • awk (PID: 22471, Parent: 22466, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22472, Parent: 22466)
      • awk (PID: 22472, Parent: 22466, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22479, Parent: 20759)
      • sh New Fork (PID: 22482, Parent: 22479)
      • sh New Fork (PID: 22483, Parent: 22479)
      • awk (PID: 22483, Parent: 22479, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22484, Parent: 22479)
      • awk (PID: 22484, Parent: 22479, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22498, Parent: 20759)
      • sh New Fork (PID: 22503, Parent: 22498)
      • sh New Fork (PID: 22504, Parent: 22498)
      • awk (PID: 22504, Parent: 22498, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22505, Parent: 22498)
      • awk (PID: 22505, Parent: 22498, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22522, Parent: 20759)
      • sh New Fork (PID: 22527, Parent: 22522)
      • sh New Fork (PID: 22528, Parent: 22522)
      • awk (PID: 22528, Parent: 22522, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22529, Parent: 22522)
      • awk (PID: 22529, Parent: 22522, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22535, Parent: 20759)
      • sh New Fork (PID: 22538, Parent: 22535)
      • sh New Fork (PID: 22539, Parent: 22535)
      • awk (PID: 22539, Parent: 22535, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22540, Parent: 22535)
      • awk (PID: 22540, Parent: 22535, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22549, Parent: 20759)
      • sh New Fork (PID: 22554, Parent: 22549)
      • sh New Fork (PID: 22555, Parent: 22549)
      • awk (PID: 22555, Parent: 22549, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22556, Parent: 22549)
      • awk (PID: 22556, Parent: 22549, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22573, Parent: 20759)
      • sh New Fork (PID: 22578, Parent: 22573)
      • sh New Fork (PID: 22579, Parent: 22573)
      • awk (PID: 22579, Parent: 22573, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22580, Parent: 22573)
      • awk (PID: 22580, Parent: 22573, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22594, Parent: 20759)
      • sh New Fork (PID: 22599, Parent: 22594)
      • sh New Fork (PID: 22600, Parent: 22594)
      • awk (PID: 22600, Parent: 22594, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22601, Parent: 22594)
      • awk (PID: 22601, Parent: 22594, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22614, Parent: 20759)
      • sh New Fork (PID: 22618, Parent: 22614)
      • sh New Fork (PID: 22619, Parent: 22614)
      • awk (PID: 22619, Parent: 22614, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22620, Parent: 22614)
      • awk (PID: 22620, Parent: 22614, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22637, Parent: 20759)
      • sh New Fork (PID: 22643, Parent: 22637)
      • sh New Fork (PID: 22644, Parent: 22637)
      • awk (PID: 22644, Parent: 22637, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22645, Parent: 22637)
      • awk (PID: 22645, Parent: 22637, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22661, Parent: 20759)
      • sh New Fork (PID: 22666, Parent: 22661)
      • sh New Fork (PID: 22667, Parent: 22661)
      • awk (PID: 22667, Parent: 22661, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22668, Parent: 22661)
      • awk (PID: 22668, Parent: 22661, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22680, Parent: 20759)
      • sh New Fork (PID: 22685, Parent: 22680)
      • sh New Fork (PID: 22686, Parent: 22680)
      • awk (PID: 22686, Parent: 22680, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22687, Parent: 22680)
      • awk (PID: 22687, Parent: 22680, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22702, Parent: 20759)
      • sh New Fork (PID: 22707, Parent: 22702)
      • sh New Fork (PID: 22708, Parent: 22702)
      • awk (PID: 22708, Parent: 22702, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22709, Parent: 22702)
      • awk (PID: 22709, Parent: 22702, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22715, Parent: 20759)
      • sh New Fork (PID: 22717, Parent: 22715)
      • sh New Fork (PID: 22718, Parent: 22715)
      • awk (PID: 22718, Parent: 22715, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22719, Parent: 22715)
      • awk (PID: 22719, Parent: 22715, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22723, Parent: 20759)
      • sh New Fork (PID: 22727, Parent: 22723)
      • sh New Fork (PID: 22728, Parent: 22723)
      • awk (PID: 22728, Parent: 22723, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22729, Parent: 22723)
      • awk (PID: 22729, Parent: 22723, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22744, Parent: 20759)
      • sh New Fork (PID: 22750, Parent: 22744)
      • sh New Fork (PID: 22751, Parent: 22744)
      • awk (PID: 22751, Parent: 22744, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22752, Parent: 22744)
      • awk (PID: 22752, Parent: 22744, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22768, Parent: 20759)
      • sh New Fork (PID: 22773, Parent: 22768)
      • sh New Fork (PID: 22774, Parent: 22768)
      • awk (PID: 22774, Parent: 22768, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22775, Parent: 22768)
      • awk (PID: 22775, Parent: 22768, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22793, Parent: 20759)
      • sh New Fork (PID: 22799, Parent: 22793)
      • sh New Fork (PID: 22800, Parent: 22793)
      • awk (PID: 22800, Parent: 22793, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22801, Parent: 22793)
      • awk (PID: 22801, Parent: 22793, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22813, Parent: 20759)
      • sh New Fork (PID: 22818, Parent: 22813)
      • sh New Fork (PID: 22819, Parent: 22813)
      • awk (PID: 22819, Parent: 22813, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22820, Parent: 22813)
      • awk (PID: 22820, Parent: 22813, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22832, Parent: 20759)
      • sh New Fork (PID: 22838, Parent: 22832)
      • sh New Fork (PID: 22839, Parent: 22832)
      • awk (PID: 22839, Parent: 22832, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22840, Parent: 22832)
      • awk (PID: 22840, Parent: 22832, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22857, Parent: 20759)
      • sh New Fork (PID: 22862, Parent: 22857)
      • sh New Fork (PID: 22863, Parent: 22857)
      • awk (PID: 22863, Parent: 22857, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22864, Parent: 22857)
      • awk (PID: 22864, Parent: 22857, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22889, Parent: 20759)
      • sh New Fork (PID: 22891, Parent: 22889)
      • sh New Fork (PID: 22892, Parent: 22889)
      • awk (PID: 22892, Parent: 22889, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22893, Parent: 22889)
      • awk (PID: 22893, Parent: 22889, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22902, Parent: 20759)
      • sh New Fork (PID: 22906, Parent: 22902)
      • sh New Fork (PID: 22907, Parent: 22902)
      • awk (PID: 22907, Parent: 22902, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22908, Parent: 22902)
      • awk (PID: 22908, Parent: 22902, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22922, Parent: 20759)
      • sh New Fork (PID: 22927, Parent: 22922)
      • sh New Fork (PID: 22928, Parent: 22922)
      • awk (PID: 22928, Parent: 22922, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22929, Parent: 22922)
      • awk (PID: 22929, Parent: 22922, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22935, Parent: 20759)
      • sh New Fork (PID: 22937, Parent: 22935)
      • sh New Fork (PID: 22938, Parent: 22935)
      • awk (PID: 22938, Parent: 22935, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22939, Parent: 22935)
      • awk (PID: 22939, Parent: 22935, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22943, Parent: 20759)
      • sh New Fork (PID: 22947, Parent: 22943)
      • sh New Fork (PID: 22948, Parent: 22943)
      • awk (PID: 22948, Parent: 22943, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22949, Parent: 22943)
      • awk (PID: 22949, Parent: 22943, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22966, Parent: 20759)
      • sh New Fork (PID: 22971, Parent: 22966)
      • sh New Fork (PID: 22972, Parent: 22966)
      • awk (PID: 22972, Parent: 22966, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22973, Parent: 22966)
      • awk (PID: 22973, Parent: 22966, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 22985, Parent: 20759)
      • sh New Fork (PID: 22990, Parent: 22985)
      • sh New Fork (PID: 22991, Parent: 22985)
      • awk (PID: 22991, Parent: 22985, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 22992, Parent: 22985)
      • awk (PID: 22992, Parent: 22985, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 23009, Parent: 20759)
      • sh New Fork (PID: 23015, Parent: 23009)
      • sh New Fork (PID: 23016, Parent: 23009)
      • awk (PID: 23016, Parent: 23009, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 23017, Parent: 23009)
      • awk (PID: 23017, Parent: 23009, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 23030, Parent: 20759)
      • sh New Fork (PID: 23035, Parent: 23030)
      • sh New Fork (PID: 23036, Parent: 23030)
      • awk (PID: 23036, Parent: 23030, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 23037, Parent: 23030)
      • awk (PID: 23037, Parent: 23030, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 23052, Parent: 20759)
      • sh New Fork (PID: 23058, Parent: 23052)
      • sh New Fork (PID: 23059, Parent: 23052)
      • awk (PID: 23059, Parent: 23052, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 23060, Parent: 23052)
      • awk (PID: 23060, Parent: 23052, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 23073, Parent: 20759)
      • sh New Fork (PID: 23077, Parent: 23073)
      • sh New Fork (PID: 23078, Parent: 23073)
      • awk (PID: 23078, Parent: 23073, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 23079, Parent: 23073)
      • awk (PID: 23079, Parent: 23073, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 23094, Parent: 20759)
      • sh New Fork (PID: 23100, Parent: 23094)
      • sh New Fork (PID: 23101, Parent: 23094)
      • awk (PID: 23101, Parent: 23094, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 23102, Parent: 23094)
      • awk (PID: 23102, Parent: 23094, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 23115, Parent: 20759)
      • sh New Fork (PID: 23119, Parent: 23115)
      • sh New Fork (PID: 23120, Parent: 23115)
      • awk (PID: 23120, Parent: 23115, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F: "{print $2}"
      • sh New Fork (PID: 23121, Parent: 23115)
      • awk (PID: 23121, Parent: 23115, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F. "{ print $1}"
    • sh New Fork (PID: 23137, Parent: 20759)