70766f30eea4ba5c5fa75fff207b707bef8681e24b48fd9aa7f4bbe340602b91

Analysis

max time kernel
15s
max time network
0s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231222-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
07-02-2024 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh
Size

35KB
MD5

2550990d2d52581b213e7c9305c392d3
SHA1

f7f069915c9b97550dc1fb6cf631f6222416dcf5
SHA256

8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006
SHA512

a30d4a39203e6a98937e8670b7b3caaa63d2141fdf404bb28ca240d95cb7420bdfb8c695db81cc9c799e8818266600c137b8b0df2dfc69d7566bae64eee2ad50
SSDEEP

768:X87XzQ5VFNcDAFLcIwgnoYq0xFB6ytguz:X3VF+D6cIwgos/z

Score

7^/10

evasion rootkit

Malware Config

Signatures

Deletes system logs 1 TTPs 1 IoCs

Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

evasion

Indicator Removal

T1070

description	ioc	Process
File deleted	/var/log/syslog	rm

Flushes firewall rules 2 IoCs

Flushes/ disables firewall rules inside the Linux kernel.

pid	Process
1566	ufw
1742	iptables

Loads a kernel module 1 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

ioc	pid	Process
/lib/modules/4.15.0-213-generic/kernel/net/ipv6/netfilter/ip6_tables.ko	1570	modprobe

Attempts to change immutable files 49 IoCs

Modifies inode attributes on the filesystem to allow changing of immutable files.

pid	Process
1563	chattr
1703	ip6tables
1562	chattr
1618	iptables
1673	ip6tables
1716	ip6tables
1702	ip6tables
1728	ip6tables
1579	iptables
1617	iptables
1700	ip6tables
1684	ip6tables
1733	ip6tables
1565	chattr
1583	iptables
1599	iptables
1635	iptables
1701	ip6tables
1747	chattr
1564	chattr
1611	iptables
1647	iptables
1667	ip6tables
1619	iptables
1655	iptables
1669	ip6tables
1584	iptables
1614	iptables
1705	ip6tables
1668	ip6tables
1736	ip6tables
1615	iptables
1616	iptables
1672	ip6tables
1582	iptables
1652	iptables
1670	ip6tables
1704	ip6tables
1671	ip6tables
1620	iptables
1664	ip6tables
1699	ip6tables
1586	iptables
1696	ip6tables
1588	iptables
1568	ufw-init
1585	iptables
1587	iptables
1748	chattr

Enumerates kernel/hardware configuration 1 TTPs 2 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/module/ip6_tables/initstate	modprobe
File opened for reading	/sys/module/x_tables/initstate	modprobe

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/1055	ls
File opened for reading	/proc/1083	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/1074	ls
File opened for reading	/proc/1152	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/1219	ls
File opened for reading	/proc/1079	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/1063	ls
File opened for reading	/proc/1092	ls
File opened for reading	/proc/1110	ls
File opened for reading	/proc/1170	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/1220	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/1138	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/filesystems	userdel
File opened for reading	/proc/1100	ls
File opened for reading	/proc/1131	ls
File opened for reading	/proc/1136	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/self/stat	sudo
File opened for reading	/proc/1001	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/1153	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/1142	ls
File opened for reading	/proc/1158	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/1181	ls
File opened for reading	/proc/filesystems	sudo
File opened for reading	/proc/10	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/1137	ls
File opened for reading	/proc/115	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/11	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/1145	ls
File opened for reading	/proc/1188	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/1160	ls
File opened for reading	/proc/1	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/1034	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/1123	ls
File opened for reading	/proc/1127	ls
File opened for reading	/proc/1020	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/self/fd	Process not Found

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/log_rot	8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh

/tmp/8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh
/tmp/8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh
1⤵
- Writes file to tmp directory
PID:1560
- /bin/rm
  rm -rf /var/log/syslog
  2⤵
  - Deletes system logs
  PID:1561
- /usr/bin/chattr
  chattr -iua /tmp/
  2⤵
  - Attempts to change immutable files
  PID:1562
- /usr/bin/chattr
  chattr -iua /var/tmp/
  2⤵
  - Attempts to change immutable files
  PID:1563
- /usr/bin/chattr
  chattr -R -i /var/spool/cron
  2⤵
  - Attempts to change immutable files
  PID:1564
- /usr/bin/chattr
  chattr -i /etc/crontab
  2⤵
  - Attempts to change immutable files
  PID:1565
- /usr/sbin/ufw
  ufw disable
  2⤵
  - Flushes firewall rules
  PID:1566
- - /sbin/iptables
    /sbin/iptables -V
    3⤵
    PID:1567
- - /lib/ufw/ufw-init
    /lib/ufw/ufw-init force-stop
    3⤵
    - Attempts to change immutable files
    PID:1568
  - - /sbin/ip6tables
      ip6tables -L INPUT -n
      4⤵
      PID:1569
    - - /sbin/modprobe
        
        /sbin/modprobe ip6_tables
        5⤵
        Loads a kernel module
        Enumerates kernel/hardware configuration
        
        PID:1570
  - - /sbin/iptables
      iptables -F ufw-logging-deny
      4⤵
      PID:1574
  - - /sbin/iptables
      iptables -F ufw-logging-allow
      4⤵
      PID:1577
  - - /sbin/iptables
      iptables -F ufw-not-local
      4⤵
      PID:1578
  - - /sbin/iptables
      iptables -F ufw-user-logging-input
      4⤵
      Attempts to change immutable files
      PID:1579
  - - /sbin/iptables
      iptables -F ufw-user-limit-accept
      4⤵
      PID:1580
  - - /sbin/iptables
      iptables -F ufw-user-limit
      4⤵
      PID:1581
  - - /sbin/iptables
      iptables -F ufw-skip-to-policy-input
      4⤵
      Attempts to change immutable files
      PID:1582
  - - /sbin/iptables
      iptables -F ufw-reject-input
      4⤵
      Attempts to change immutable files
      PID:1583
  - - /sbin/iptables
      iptables -F ufw-after-logging-input
      4⤵
      Attempts to change immutable files
      PID:1584
  - - /sbin/iptables
      iptables -F ufw-after-input
      4⤵
      Attempts to change immutable files
      PID:1585
  - - /sbin/iptables
      iptables -F ufw-user-input
      4⤵
      Attempts to change immutable files
      PID:1586
  - - /sbin/iptables
      iptables -F ufw-before-input
      4⤵
      Attempts to change immutable files
      PID:1587
  - - /sbin/iptables
      iptables -F ufw-before-logging-input
      4⤵
      Attempts to change immutable files
      PID:1588
  - - /sbin/iptables
      iptables -F ufw-skip-to-policy-forward
      4⤵
      PID:1589
  - - /sbin/iptables
      iptables -F ufw-reject-forward
      4⤵
      PID:1590
  - - /sbin/iptables
      iptables -F ufw-after-logging-forward
      4⤵
      PID:1591
  - - /sbin/iptables
      iptables -F ufw-after-forward
      4⤵
      PID:1592
  - - /sbin/iptables
      iptables -F ufw-user-logging-forward
      4⤵
      PID:1593
  - - /sbin/iptables
      iptables -F ufw-user-forward
      4⤵
      PID:1594
  - - /sbin/iptables
      iptables -F ufw-before-forward
      4⤵
      PID:1595
  - - /sbin/iptables
      iptables -F ufw-before-logging-forward
      4⤵
      PID:1596
  - - /sbin/iptables
      iptables -F ufw-track-forward
      4⤵
      PID:1597
  - - /sbin/iptables
      iptables -F ufw-track-output
      4⤵
      PID:1598
  - - /sbin/iptables
      iptables -F ufw-track-input
      4⤵
      Attempts to change immutable files
      PID:1599
  - - /sbin/iptables
      iptables -F ufw-skip-to-policy-output
      4⤵
      PID:1600
  - - /sbin/iptables
      iptables -F ufw-reject-output
      4⤵
      PID:1601
  - - /sbin/iptables
      iptables -F ufw-after-logging-output
      4⤵
      PID:1602
  - - /sbin/iptables
      iptables -F ufw-after-output
      4⤵
      PID:1603
  - - /sbin/iptables
      iptables -F ufw-user-logging-output
      4⤵
      PID:1604
  - - /sbin/iptables
      iptables -F ufw-user-output
      4⤵
      PID:1605
  - - /sbin/iptables
      iptables -F ufw-before-output
      4⤵
      PID:1606
  - - /sbin/iptables
      iptables -F ufw-before-logging-output
      4⤵
      PID:1607
  - - /sbin/iptables
      iptables -Z ufw-logging-deny
      4⤵
      PID:1608
  - - /sbin/iptables
      iptables -Z ufw-logging-allow
      4⤵
      PID:1609
  - - /sbin/iptables
      iptables -Z ufw-not-local
      4⤵
      PID:1610
  - - /sbin/iptables
      iptables -Z ufw-user-logging-input
      4⤵
      Attempts to change immutable files
      PID:1611
  - - /sbin/iptables
      iptables -Z ufw-user-limit-accept
      4⤵
      PID:1612
  - - /sbin/iptables
      iptables -Z ufw-user-limit
      4⤵
      PID:1613
  - - /sbin/iptables
      iptables -Z ufw-skip-to-policy-input
      4⤵
      Attempts to change immutable files
      PID:1614
  - - /sbin/iptables
      iptables -Z ufw-reject-input
      4⤵
      Attempts to change immutable files
      PID:1615
  - - /sbin/iptables
      iptables -Z ufw-after-logging-input
      4⤵
      Attempts to change immutable files
      PID:1616
  - - /sbin/iptables
      iptables -Z ufw-after-input
      4⤵
      Attempts to change immutable files
      PID:1617
  - - /sbin/iptables
      iptables -Z ufw-user-input
      4⤵
      Attempts to change immutable files
      PID:1618
  - - /sbin/iptables
      iptables -Z ufw-before-input
      4⤵
      Attempts to change immutable files
      PID:1619
  - - /sbin/iptables
      iptables -Z ufw-before-logging-input
      4⤵
      Attempts to change immutable files
      PID:1620
  - - /sbin/iptables
      iptables -Z ufw-skip-to-policy-forward
      4⤵
      PID:1623
  - - /sbin/iptables
      iptables -Z ufw-reject-forward
      4⤵
      PID:1626
  - - /sbin/iptables
      iptables -Z ufw-after-logging-forward
      4⤵
      PID:1627
  - - /sbin/iptables
      iptables -Z ufw-after-forward
      4⤵
      PID:1628
  - - /sbin/iptables
      iptables -Z ufw-user-logging-forward
      4⤵
      PID:1629
  - - /sbin/iptables
      iptables -Z ufw-user-forward
      4⤵
      PID:1630
  - - /sbin/iptables
      iptables -Z ufw-before-forward
      4⤵
      PID:1631
  - - /sbin/iptables
      iptables -Z ufw-before-logging-forward
      4⤵
      PID:1632
  - - /sbin/iptables
      iptables -Z ufw-track-forward
      4⤵
      PID:1633
  - - /sbin/iptables
      iptables -Z ufw-track-output
      4⤵
      PID:1634
  - - /sbin/iptables
      iptables -Z ufw-track-input
      4⤵
      Attempts to change immutable files
      PID:1635
  - - /sbin/iptables
      iptables -Z ufw-skip-to-policy-output
      4⤵
      PID:1636
  - - /sbin/iptables
      iptables -Z ufw-reject-output
      4⤵
      PID:1637
  - - /sbin/iptables
      iptables -Z ufw-after-logging-output
      4⤵
      PID:1638
  - - /sbin/iptables
      iptables -Z ufw-after-output
      4⤵
      PID:1639
  - - /sbin/iptables
      iptables -Z ufw-user-logging-output
      4⤵
      PID:1640
  - - /sbin/iptables
      iptables -Z ufw-user-output
      4⤵
      PID:1641
  - - /sbin/iptables
      iptables -Z ufw-before-output
      4⤵
      PID:1642
  - - /sbin/iptables
      iptables -Z ufw-before-logging-output
      4⤵
      PID:1643
  - - /sbin/iptables
      iptables -X ufw-logging-deny
      4⤵
      PID:1644
  - - /sbin/iptables
      iptables -X ufw-logging-allow
      4⤵
      PID:1645
  - - /sbin/iptables
      iptables -X ufw-not-local
      4⤵
      PID:1646
  - - /sbin/iptables
      iptables -X ufw-user-logging-input
      4⤵
      Attempts to change immutable files
      PID:1647
  - - /sbin/iptables
      iptables -X ufw-user-logging-output
      4⤵
      PID:1648
  - - /sbin/iptables
      iptables -X ufw-user-logging-forward
      4⤵
      PID:1649
  - - /sbin/iptables
      iptables -X ufw-user-limit-accept
      4⤵
      PID:1650
  - - /sbin/iptables
      iptables -X ufw-user-limit
      4⤵
      PID:1651
  - - /sbin/iptables
      iptables -X ufw-user-input
      4⤵
      Attempts to change immutable files
      PID:1652
  - - /sbin/iptables
      iptables -X ufw-user-forward
      4⤵
      PID:1653
  - - /sbin/iptables
      iptables -X ufw-user-output
      4⤵
      PID:1654
  - - /sbin/iptables
      iptables -X ufw-skip-to-policy-input
      4⤵
      Attempts to change immutable files
      PID:1655
  - - /sbin/iptables
      iptables -X ufw-skip-to-policy-output
      4⤵
      PID:1656
  - - /sbin/iptables
      iptables -X ufw-skip-to-policy-forward
      4⤵
      PID:1657
  - - /sbin/iptables
      iptables -P INPUT ACCEPT
      4⤵
      PID:1658
  - - /sbin/iptables
      iptables -P OUTPUT ACCEPT
      4⤵
      PID:1659
  - - /sbin/iptables
      iptables -P FORWARD ACCEPT
      4⤵
      PID:1660
  - - /sbin/ip6tables
      ip6tables -F ufw6-logging-deny
      4⤵
      PID:1661
  - - /sbin/ip6tables
      ip6tables -F ufw6-logging-allow
      4⤵
      PID:1662
  - - /sbin/ip6tables
      ip6tables -F ufw6-not-local
      4⤵
      PID:1663
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-logging-input
      4⤵
      Attempts to change immutable files
      PID:1664
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-limit-accept
      4⤵
      PID:1665
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-limit
      4⤵
      PID:1666
  - - /sbin/ip6tables
      ip6tables -F ufw6-skip-to-policy-input
      4⤵
      Attempts to change immutable files
      PID:1667
  - - /sbin/ip6tables
      ip6tables -F ufw6-reject-input
      4⤵
      Attempts to change immutable files
      PID:1668
  - - /sbin/ip6tables
      ip6tables -F ufw6-after-logging-input
      4⤵
      Attempts to change immutable files
      PID:1669
  - - /sbin/ip6tables
      ip6tables -F ufw6-after-input
      4⤵
      Attempts to change immutable files
      PID:1670
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-input
      4⤵
      Attempts to change immutable files
      PID:1671
  - - /sbin/ip6tables
      ip6tables -F ufw6-before-input
      4⤵
      Attempts to change immutable files
      PID:1672
  - - /sbin/ip6tables
      ip6tables -F ufw6-before-logging-input
      4⤵
      Attempts to change immutable files
      PID:1673
  - - /sbin/ip6tables
      ip6tables -F ufw6-skip-to-policy-forward
      4⤵
      PID:1674
  - - /sbin/ip6tables
      ip6tables -F ufw6-reject-forward
      4⤵
      PID:1675
  - - /sbin/ip6tables
      ip6tables -F ufw6-after-logging-forward
      4⤵
      PID:1676
  - - /sbin/ip6tables
      ip6tables -F ufw6-after-forward
      4⤵
      PID:1677
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-logging-forward
      4⤵
      PID:1678
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-forward
      4⤵
      PID:1679
  - - /sbin/ip6tables
      ip6tables -F ufw6-before-forward
      4⤵
      PID:1680
  - - /sbin/ip6tables
      ip6tables -F ufw6-before-logging-forward
      4⤵
      PID:1681
  - - /sbin/ip6tables
      ip6tables -F ufw6-track-forward
      4⤵
      PID:1682
  - - /sbin/ip6tables
      ip6tables -F ufw6-track-output
      4⤵
      PID:1683
  - - /sbin/ip6tables
      ip6tables -F ufw6-track-input
      4⤵
      Attempts to change immutable files
      PID:1684
  - - /sbin/ip6tables
      ip6tables -F ufw6-skip-to-policy-output
      4⤵
      PID:1685
  - - /sbin/ip6tables
      ip6tables -F ufw6-reject-output
      4⤵
      PID:1686
  - - /sbin/ip6tables
      ip6tables -F ufw6-after-logging-output
      4⤵
      PID:1687
  - - /sbin/ip6tables
      ip6tables -F ufw6-after-output
      4⤵
      PID:1688
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-logging-output
      4⤵
      PID:1689
  - - /sbin/ip6tables
      ip6tables -F ufw6-user-output
      4⤵
      PID:1690
  - - /sbin/ip6tables
      ip6tables -F ufw6-before-output
      4⤵
      PID:1691
  - - /sbin/ip6tables
      ip6tables -F ufw6-before-logging-output
      4⤵
      PID:1692
  - - /sbin/ip6tables
      ip6tables -Z ufw6-logging-deny
      4⤵
      PID:1693
  - - /sbin/ip6tables
      ip6tables -Z ufw6-logging-allow
      4⤵
      PID:1694
  - - /sbin/ip6tables
      ip6tables -Z ufw6-not-local
      4⤵
      PID:1695
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-logging-input
      4⤵
      Attempts to change immutable files
      PID:1696
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-limit-accept
      4⤵
      PID:1697
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-limit
      4⤵
      PID:1698
  - - /sbin/ip6tables
      ip6tables -Z ufw6-skip-to-policy-input
      4⤵
      Attempts to change immutable files
      PID:1699
  - - /sbin/ip6tables
      ip6tables -Z ufw6-reject-input
      4⤵
      Attempts to change immutable files
      PID:1700
  - - /sbin/ip6tables
      ip6tables -Z ufw6-after-logging-input
      4⤵
      Attempts to change immutable files
      PID:1701
  - - /sbin/ip6tables
      ip6tables -Z ufw6-after-input
      4⤵
      Attempts to change immutable files
      PID:1702
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-input
      4⤵
      Attempts to change immutable files
      PID:1703
  - - /sbin/ip6tables
      ip6tables -Z ufw6-before-input
      4⤵
      Attempts to change immutable files
      PID:1704
  - - /sbin/ip6tables
      ip6tables -Z ufw6-before-logging-input
      4⤵
      Attempts to change immutable files
      PID:1705
  - - /sbin/ip6tables
      ip6tables -Z ufw6-skip-to-policy-forward
      4⤵
      PID:1706
  - - /sbin/ip6tables
      ip6tables -Z ufw6-reject-forward
      4⤵
      PID:1707
  - - /sbin/ip6tables
      ip6tables -Z ufw6-after-logging-forward
      4⤵
      PID:1708
  - - /sbin/ip6tables
      ip6tables -Z ufw6-after-forward
      4⤵
      PID:1709
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-logging-forward
      4⤵
      PID:1710
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-forward
      4⤵
      PID:1711
  - - /sbin/ip6tables
      ip6tables -Z ufw6-before-forward
      4⤵
      PID:1712
  - - /sbin/ip6tables
      ip6tables -Z ufw6-before-logging-forward
      4⤵
      PID:1713
  - - /sbin/ip6tables
      ip6tables -Z ufw6-track-forward
      4⤵
      PID:1714
  - - /sbin/ip6tables
      ip6tables -Z ufw6-track-output
      4⤵
      PID:1715
  - - /sbin/ip6tables
      ip6tables -Z ufw6-track-input
      4⤵
      Attempts to change immutable files
      PID:1716
  - - /sbin/ip6tables
      ip6tables -Z ufw6-skip-to-policy-output
      4⤵
      PID:1717
  - - /sbin/ip6tables
      ip6tables -Z ufw6-reject-output
      4⤵
      PID:1718
  - - /sbin/ip6tables
      ip6tables -Z ufw6-after-logging-output
      4⤵
      PID:1719
  - - /sbin/ip6tables
      ip6tables -Z ufw6-after-output
      4⤵
      PID:1720
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-logging-output
      4⤵
      PID:1721
  - - /sbin/ip6tables
      ip6tables -Z ufw6-user-output
      4⤵
      PID:1722
  - - /sbin/ip6tables
      ip6tables -Z ufw6-before-output
      4⤵
      PID:1723
  - - /sbin/ip6tables
      ip6tables -Z ufw6-before-logging-output
      4⤵
      PID:1724
  - - /sbin/ip6tables
      ip6tables -X ufw6-logging-deny
      4⤵
      PID:1725
  - - /sbin/ip6tables
      ip6tables -X ufw6-logging-allow
      4⤵
      PID:1726
  - - /sbin/ip6tables
      ip6tables -X ufw6-not-local
      4⤵
      PID:1727
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-logging-input
      4⤵
      Attempts to change immutable files
      PID:1728
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-logging-output
      4⤵
      PID:1729
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-logging-forward
      4⤵
      PID:1730
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-limit-accept
      4⤵
      PID:1731
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-limit
      4⤵
      PID:1732
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-input
      4⤵
      Attempts to change immutable files
      PID:1733
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-forward
      4⤵
      PID:1734
  - - /sbin/ip6tables
      ip6tables -X ufw6-user-output
      4⤵
      PID:1735
  - - /sbin/ip6tables
      ip6tables -X ufw6-skip-to-policy-input
      4⤵
      Attempts to change immutable files
      PID:1736
  - - /sbin/ip6tables
      ip6tables -X ufw6-skip-to-policy-output
      4⤵
      PID:1737
  - - /sbin/ip6tables
      ip6tables -X ufw6-skip-to-policy-forward
      4⤵
      PID:1738
  - - /sbin/ip6tables
      ip6tables -P INPUT ACCEPT
      4⤵
      PID:1739
  - - /sbin/ip6tables
      ip6tables -P OUTPUT ACCEPT
      4⤵
      PID:1740
  - - /sbin/ip6tables
      ip6tables -P FORWARD ACCEPT
      4⤵
      PID:1741
- /sbin/iptables
  iptables -F
  2⤵
  - Flushes firewall rules
  PID:1742
- /usr/bin/sudo
  sudo sysctl "kernel.nmi_watchdog=0"
  2⤵
  - Reads runtime system information
  PID:1743
- - /sbin/sysctl
    sysctl "kernel.nmi_watchdog=0"
    3⤵
    PID:1744
- /usr/sbin/userdel
  userdel akay
  2⤵
  - Reads runtime system information
  PID:1745
- /usr/sbin/userdel
  userdel vfinder
  2⤵
  PID:1746
- /usr/bin/chattr
  chattr -iae /root/.ssh/
  2⤵
  - Attempts to change immutable files
  PID:1747
- /usr/bin/chattr
  chattr -iae /root/.ssh/authorized_keys
  2⤵
  - Attempts to change immutable files
  PID:1748
- /bin/rm
  rm -rf "/tmp/addres*"
  2⤵
  PID:1749
- /bin/rm
  rm -rf "/tmp/walle*"
  2⤵
  PID:1750
- /bin/rm
  rm -rf /tmp/keys
  2⤵
  PID:1751
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1756
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1761
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1766
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1771
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1776
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1781
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1786
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1791
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1796
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1801
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1806
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1811
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1816
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1821
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1826
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1831
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1836
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1841
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1846
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1851
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1856
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1861
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1866
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1871
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1876
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1881
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1886
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1891
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1896
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1901
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1906
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1911
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1916
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1921
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1926
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1931
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1936
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1941
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1946
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1951
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1956
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1961
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1966
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1971
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1976

/bin/ls
ls -latrh /proc/1
1⤵
- Reads runtime system information
PID:1753

/bin/grep
grep exe
1⤵
PID:1754

/bin/grep
grep exe
1⤵
PID:1759

/bin/ls
ls -latrh /proc/10
1⤵
- Reads runtime system information
PID:1758

/bin/grep
grep exe
1⤵
PID:1764

/bin/ls
ls -latrh /proc/1001
1⤵
- Reads runtime system information
PID:1763

/bin/ls
ls -latrh /proc/1015
1⤵
PID:1768

/bin/grep
grep exe
1⤵
PID:1769

/bin/grep
grep exe
1⤵
PID:1774

/bin/ls
ls -latrh /proc/1020
1⤵
- Reads runtime system information
PID:1773

/bin/grep
grep exe
1⤵
PID:1779

/bin/ls
ls -latrh /proc/1034
1⤵
- Reads runtime system information
PID:1778

/bin/grep
grep exe
1⤵
PID:1784

/bin/ls
ls -latrh /proc/1040
1⤵
- Reads runtime system information
PID:1783

/bin/grep
grep exe
1⤵
PID:1789

/bin/ls
ls -latrh /proc/1055
1⤵
- Reads runtime system information
PID:1788

/bin/grep
grep exe
1⤵
PID:1794

/bin/ls
ls -latrh /proc/1059
1⤵
PID:1793

/bin/grep
grep exe
1⤵
PID:1799

/bin/ls
ls -latrh /proc/1061
1⤵
- Reads runtime system information
PID:1798

/bin/ls
ls -latrh /proc/1063
1⤵
- Reads runtime system information
PID:1803

/bin/grep
grep exe
1⤵
PID:1804

/bin/grep
grep exe
1⤵
PID:1809

/bin/ls
ls -latrh /proc/1074
1⤵
- Reads runtime system information
PID:1808

/bin/grep
grep exe
1⤵
PID:1814

/bin/ls
ls -latrh /proc/1079
1⤵
- Reads runtime system information
PID:1813

/bin/grep
grep exe
1⤵
PID:1819

/bin/ls
ls -latrh /proc/1083
1⤵
- Reads runtime system information
PID:1818

/bin/grep
grep exe
1⤵
PID:1824

/bin/ls
ls -latrh /proc/1092
1⤵
- Reads runtime system information
PID:1823

/bin/grep
grep exe
1⤵
PID:1829

/bin/ls
ls -latrh /proc/11
1⤵
- Reads runtime system information
PID:1828

/bin/grep
grep exe
1⤵
PID:1834

/bin/ls
ls -latrh /proc/1100
1⤵
- Reads runtime system information
PID:1833

/bin/grep
grep exe
1⤵
PID:1839

/bin/ls
ls -latrh /proc/1104
1⤵
- Reads runtime system information
PID:1838

/bin/grep
grep exe
1⤵
PID:1844

/bin/ls
ls -latrh /proc/1110
1⤵
- Reads runtime system information
PID:1843

/bin/ls
ls -latrh /proc/1116
1⤵
- Reads runtime system information
PID:1848

/bin/grep
grep exe
1⤵
PID:1849

/bin/grep
grep exe
1⤵
PID:1854

/bin/ls
ls -latrh /proc/1123
1⤵
- Reads runtime system information
PID:1853

/bin/grep
grep exe
1⤵
PID:1859

/bin/ls
ls -latrh /proc/1127
1⤵
- Reads runtime system information
PID:1858

/bin/grep
grep exe
1⤵
PID:1864

/bin/ls
ls -latrh /proc/1131
1⤵
- Reads runtime system information
PID:1863

/bin/grep
grep exe
1⤵
PID:1869

/bin/ls
ls -latrh /proc/1136
1⤵
- Reads runtime system information
PID:1868

/bin/grep
grep exe
1⤵
PID:1874

/bin/ls
ls -latrh /proc/1137
1⤵
- Reads runtime system information
PID:1873

/bin/grep
grep exe
1⤵
PID:1879

/bin/ls
ls -latrh /proc/1138
1⤵
- Reads runtime system information
PID:1878

/bin/grep
grep exe
1⤵
PID:1884

/bin/ls
ls -latrh /proc/1142
1⤵
- Reads runtime system information
PID:1883

/bin/grep
grep exe
1⤵
PID:1889

/bin/ls
ls -latrh /proc/1144
1⤵
- Reads runtime system information
PID:1888

/bin/grep
grep exe
1⤵
PID:1894

/bin/ls
ls -latrh /proc/1145
1⤵
- Reads runtime system information
PID:1893

/bin/grep
grep exe
1⤵
PID:1899

/bin/ls
ls -latrh /proc/115
1⤵
- Reads runtime system information
PID:1898

/bin/grep
grep exe
1⤵
PID:1904

/bin/ls
ls -latrh /proc/1152
1⤵
- Reads runtime system information
PID:1903

/bin/grep
grep exe
1⤵
PID:1909

/bin/ls
ls -latrh /proc/1153
1⤵
- Reads runtime system information
PID:1908

/bin/grep
grep exe
1⤵
PID:1914

/bin/ls
ls -latrh /proc/1157
1⤵
- Reads runtime system information
PID:1913

/bin/grep
grep exe
1⤵
PID:1919

/bin/ls
ls -latrh /proc/1158
1⤵
- Reads runtime system information
PID:1918

/bin/grep
grep exe
1⤵
PID:1924

/bin/ls
ls -latrh /proc/1160
1⤵
- Reads runtime system information
PID:1923

/bin/grep
grep exe
1⤵
PID:1929

/bin/ls
ls -latrh /proc/1170
1⤵
- Reads runtime system information
PID:1928

/bin/grep
grep exe
1⤵
PID:1934

/bin/ls
ls -latrh /proc/1173
1⤵
- Reads runtime system information
PID:1933

/bin/grep
grep exe
1⤵
PID:1939

/bin/ls
ls -latrh /proc/1176
1⤵
PID:1938

/bin/grep
grep exe
1⤵
PID:1944

/bin/ls
ls -latrh /proc/1179
1⤵
- Reads runtime system information
PID:1943

/bin/grep
grep exe
1⤵
PID:1949

/bin/ls
ls -latrh /proc/1181
1⤵
- Reads runtime system information
PID:1948

/bin/grep
grep exe
1⤵
PID:1954

/bin/ls
ls -latrh /proc/1188
1⤵
- Reads runtime system information
PID:1953

/bin/grep
grep exe
1⤵
PID:1959

/bin/ls
ls -latrh /proc/1189
1⤵
- Reads runtime system information
PID:1958

/bin/grep
grep exe
1⤵
PID:1964

/bin/ls
ls -latrh /proc/12
1⤵
PID:1963

/bin/grep
grep exe
1⤵
PID:1969

/bin/ls
ls -latrh /proc/1219
1⤵
- Reads runtime system information
PID:1968

/bin/ls
ls -latrh /proc/1220
1⤵
- Reads runtime system information
PID:1973

/bin/grep
grep exe
1⤵
PID:1974

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/log_rot

Filesize
5B

MD5
727479ef7cedf30c03459bec7d87b0f0

SHA1
2082e7f715f058acab2398d25d135cf5f4c0ce41

SHA256
29872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6

SHA512
4cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba

Download Submit