f57892b0ef5678cf46a32964789fca7b2395527e05c98105bb4dd81d1da78a34

pid	process
1096	find
1156	find
1160	find
1076	find
1080	find
1092	find
1112	find
1116	find
1124	find
1132	find
1140	find
891	sed
1088	find
1164	find
1120	find
1136	find
943	sed
1084	find

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	ps

description	ioc	process
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/7/stat	ps
File opened for reading	/proc/8/cmdline	ps
File opened for reading	/proc/150/cmdline	ps
File opened for reading	/proc/380/stat	ps
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/218/stat	ps
File opened for reading	/proc/318/status	ps
File opened for reading	/proc/4/status	ps
File opened for reading	/proc/21/stat	ps
File opened for reading	/proc/70/stat	ps
File opened for reading	/proc/82/cmdline	ps
File opened for reading	/proc/143/status	ps
File opened for reading	/proc/3/stat	ps
File opened for reading	/proc/233/cmdline	ps
File opened for reading	/proc/tty/drivers	ps
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/150/stat	ps
File opened for reading	/proc/376/status	ps
File opened for reading	/proc/660/stat	ps
File opened for reading	/proc/filesystems	ps
File opened for reading	/proc/36/stat	ps
File opened for reading	/proc/37/stat	ps
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/73/cmdline	ps
File opened for reading	/proc/166/stat	ps
File opened for reading	/proc/380/cmdline	ps
File opened for reading	/proc/718/status	ps
File opened for reading	/proc/version	cat
File opened for reading	/proc/865/cmdline	ps
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/10/stat	ps
File opened for reading	/proc/218/status	ps
File opened for reading	/proc/374/stat	ps
File opened for reading	/proc/664/cmdline	ps
File opened for reading	/proc/11/stat	ps
File opened for reading	/proc/23/cmdline	ps
File opened for reading	/proc/24/stat	ps
File opened for reading	/proc/77/status	ps
File opened for reading	/proc/726/status	ps
File opened for reading	/proc/2/stat	ps
File opened for reading	/proc/77/cmdline	ps
File opened for reading	/proc/662/status	ps
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/72/stat	ps
File opened for reading	/proc/108/stat	ps
File opened for reading	/proc/118/status	ps
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/meminfo	ps
File opened for reading	/proc/4/cmdline	ps
File opened for reading	/proc/8/stat	ps
File opened for reading	/proc/36/cmdline	ps
File opened for reading	/proc/717/cmdline	ps
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/899/cmdline	ps
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/uptime	ps
File opened for reading	/proc/6/stat	ps
File opened for reading	/proc/21/status	ps

pid	process
1512	grep

/usr/bin/id
/usr/bin/id -u
2⤵
PID:721

/bin/grep
grep -q Darwin
2⤵
PID:725

/bin/uname
uname
2⤵
PID:724

/bin/grep
grep -q Darwin
2⤵
PID:731

/usr/bin/uname
/usr/bin/uname
2⤵
PID:730

/usr/bin/tr
tr -d "\\n"
2⤵
PID:736

/bin/grep
grep -c processor /proc/cpuinfo
2⤵
PID:737

/bin/bash
/bin/bash -c "printf ' \\e[38;2;26;43;21m▄\\e[38;2;58;91;50m▄\\e[48;2;116;117;116m\\e[38;2;68;119;56m▄\\e[48;2;98;98;98m\\e[38;2;86;143;70m▄\\e[48;2;98;98;98m\\e[38;2;100;153;87m▄\\e[48;2;63;65;63m\\e[38;2;102;164;86m▄\\e[48;2;46;49;44m\\e[38;2;98;168;79m▄\\e[48;2;43;45;43m\\e[38;2;91;155;75m▄\\e[48;2;61;62;61m\\e[38;2;78;137;63m▄\\e[48;2;102;101;102m\\e[38;2;64;112;52m▄\\e[0m\\e[38;2;38;67;32m▄\\e[38;2;20;35;16m▄\\e[38;2;10;20;8m▄\\e[38;2;15;21;13m▄\\e[0m \\e[38;2;49;80;41m▄\\e[38;2;73;133;59m▄\\e[48;2;20;21;20m\\e[38;2;91;163;72m▄\\e[48;2;14;27;12m\\e[38;2;96;174;76m▄\\e[48;2;51;92;41m\\e[38;2;98;177;78m▄\\e[48;2;86;155;68m\\e[38;2;98;177;78m▄\\e[48;2;96;173;77m\\e[38;2;98;177;78m▄\\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;178;78m\\e[38;2;98;177;78m▄\\e[48;2;97;175;76m\\e[38;2;98;177;78m▄\\e[48;2;93;168;74m\\e[38;2;98;177;78m▄\\e[48;2;99;163;83m\\e[38;2;97;177;77m▄\\e[48;2;99;151;86m\\e[38;2;98;177;78m▄\\e[48;2;35;57;29m\\e[38;2;98;176;78m▄\\e[48;2;19;21;19m\\e[38;2;94;169;75m▄\\e[0m\\e[38;2;70;125;56m▄\\e[0m \\e[38;2;42;65;36m▄\\e[38;2;62;106;52m▄\\e[48;2;94;95;94m\\e[38;2;86;152;70m▄\\e[48;2;57;72;53m\\e[38;2;96;174;77m▄\\e[48;2;57;96;47m\\e[38;2;98;177;78m▄\\e[48;2;78;136;62m\\e[38;2;98;177;78m▄\\e[48;2;95;167;76m\\e[38;2;98;177;78m▄\\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m\\e[38;2;98;176;77m▄\\e[48;2;98;177;78m\\e[38;2;91;165;72m▄\\e[48;2;98;177;78m\\e[38;2;76;137;60m▄\\e[48;2;98;177;78m\\e[38;2;54;97;42m▄\\e[48;2;99;179;79m\\e[38;2;39;71;30m▄\\e[48;2;100;181;79m\\e[38;2;35;60;30m▄\\e[48;2;101;181;81m\\e[38;2;42;66;37m▄\\e[48;2;100;177;80m\\e[38;2;52;73;45m▄\\e[48;2;95;175;76m\\e[38;2;47;75;40m▄\\e[48;2;94;178;73m\\e[38;2;41;75;33m▄\\e[48;2;98;179;78m\\e[38;2;42;73;34m▄\\e[48;2;99;180;79m\\e[38;2;40;70;33m▄\\e[48;2;99;179;78m\\e[38;2;44;75;36m▄\\e[48;2;97;177;77m\\e[38;2;55;93;46m▄\\e[48;2;97;176;77m\\e[38;2;65;113;52m▄\\e[48;2;98;177;78m\\e[38;2;79;141;63m▄\\e[48;2;98;177;78m\\e[38;2;93;166;75m▄\\e[48;2;98;177;78m\\e[38;2;99;177;79m▄\\e[48;2;98;177;78m\\e[38;2;97;177;78m▄\\e[48;2;98;177;78m\\e[38;2;97;177;78m▄\\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;94;170;75m\\e[38;2;98;177;78m▄\\e[48;2;71;128;56m\\e[38;2;98;177;78m▄\\e[48;2;34;56;28m\\e[38;2;97;175;77m▄\\e[48;2;64;66;64m\\e[38;2;78;140;62m▄\\e[0m \\e[48;2;66;112;54m\\e[38;2;98;177;78m▄\\e[48;2;80;133;66m\\e[38;2;98;177;78m▄\\e[48;2;95;162;76m\\e[38;2;98;177;78m▄\\e[48;2;96;171;76m\\e[38;2;98;177;78m▄\\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m\\e[38;2;98;176;78m▄\\e[48;2;98;177;78m \\e[48;2;98;177;78m\\e[38;2;97;176;77m▄\\e[48;2;98;177;78m\\e[38;2;96;174;76m▄\\e[48;2;98;177;78m\\e[38;2;74;130;59m▄\\e[48;2;98;176;78m\\e[38;2;32;49;27m▄\\e[48;2;95;166;76m\\e[38;2;18;29;15m▄\\e[48;2;73;126;59m\\e[38;2;65;113;53m▄\\e[48;2;40;62;34m\\e[38;2;107;209;83m▄\\e[48;2;23;43;19m\\e[38;2;77;220;42m▄\\e[48;2;32;72;22m\\e[38;2;72;218;36m▄\\e[48;2;55;155;30m\\e[38;2;73;217;37m▄\\e[48;2;71;203;38m\\e[38;2;73;217;37m▄\\e[48;2;79;212;46m\\e[38;2;73;218;37m▄\\e[48;2;81;216;48m\\e[38;2;73;218;37m▄\\e[48;2;82;220;48m\\e[38;2;73;218;37m▄\\e[48;2;79;221;44m\\e[38;2;73;218;37m▄\\e[48;2;76;219;40m\\e[38;2;73;218;37m▄\\e[48;2;76;218;40m\\e[38;2;73;218;37m▄\\e[48;2;75;213;41m\\e[38;2;73;218;37m▄\\e[48;2;79;203;48m\\e[38;2;73;218;37m▄\\e[48;2;76;175;52m\\e[38;2;73;218;37m▄\\e[48;2;52;127;33m\\e[38;2;73;218;37m▄\\e[48;2;29;75;18m\\e[38;2;73;217;37m▄\\e[48;2;19;45;12m\\e[38;2;73;218;36m▄\\e[48;2;45;74;38m\\e[38;2;65;196;33m▄\\e[48;2;76;127;62m\\e[38;2;44;132;24m▄\\e[48;2;90;158;72m\\e[38;2;16;45;10m▄\\e[48;2;97;175;77m\\e[38;2;28;50;22m▄\\e[48;2;98;177;78m\\e[38;2;80;145;64m▄\\e[48;2;98;177;78m\\e[38;2;97;175;77m▄\\e[48;2;98;177;78m\\e[38;2;97;176;77m▄\\e[48;2;98;177;78m \\e[48;2;98;177;78m\\e[38;2;98;176;78m▄\\e[48;2;98;177;78m\\e[38;2;98;177;77m▄\\e[48;2;97;173;78m\\e[38;2;98;177;78m▄\\e[48;2;69;114;56m\\e[38;2;98;177;78m▄\\e[48;2;30;38;28m\\e[38;2;103;179;83m▄\\e[0m\\e[38;2;99;149;87m▄\\e[0m \\e[48;2;98;177;78m\\e[38;2;98;177;77m▄\\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m\\e[38;2;98;178;78m▄\\e[48;2;98;177;78m\\e[38;2;98;178;78m▄\\e[48;2;98;177;78m\\e[38;2;83;150;66m▄\\e[48;2;98;177;78m\\e[38;2;44;80;34m▄\\e[48;2;99;179;78m\\e[38;2;33;49;28m▄\\e[48;2;87;159;69m\\e[38;2;68;97;61m▄\\e[48;2;46;84;37m\\e[38;2;87;165;68m▄\\e[48;2;25;37;21m\\e[38;2;83;208;52m▄\\e[48;2;59;131;42m\\e[38;2;73;219;37m▄\\e[48;2;74;199;43m\\e[38;2;74;223;37m▄\\e[48;2;72;213;38m\\e[38;2;67;204;35m▄\\e[48;2;73;218;37m\\e[38;2;55;171;29m▄\\e[48;2;72;218;36m\\e[38;2;59;136;22m▄\\e[48;2;72;218;36m\\e[38;2;103;132;15m▄\\e[48;2;73;219;37m\\e[38;2;149;133;9m▄\\e[48;2;72;220;37m\\e[38;2;168;130;7m▄\\e[48;2;73;220;37m\\e[38;2;167;118;5m▄\\e[48;2;72;218;37m\\e[38;2;106;78;4m▄\\e[48;2;69;210;36m\\e[38;2;93;69;4m▄\\e[48;2;66;199;34m\\e[38;2;173;117;4m▄\\e[48;2;63;192;32m\\e[38;2;177;119;4m▄\\e[48;2;62;186;32m\\e[38;2;173;116;4m▄\\e[48;2;61;186;31m\\e[38;2;176;115;4m▄\\e[48;2;63;191;32m\\e[38;2;174;115;4m▄\\e[48;2;67;202;34m\\e[38;2;170;113;4m▄\\e[48;2;70;213;36m\\e[38;2;180;118;3m▄\\e[48;2;72;219;37m\\e[38;2;175;117;4m▄\\e[48;2;73;220;37m\\e[38;2;154;120;7m▄\\e[48;2;73;220;37m\\e[38;2;80;94;11m▄\\e[48;2;73;219;37m\\e[38;2;48;93;15m▄\\e[48;2;73;218;37m\\e[38;2;41;112;19m▄\\e[48;2;72;215;36m\\e[38;2;45;144;25m▄\\e[48;2;64;192;32m\\e[38;2;63;191;32m▄\\e[48;2;32;99;16m\\e[38;2;73;218;37m▄\\e[48;2;21;41;16m\\e[38;2;72;210;38m▄\\e[48;2;38;66;30m\\e[38;2;67;177;41m▄\\e[48;2;79;141;63m\\e[38;2;53;123;36m▄\\e[48;2;98;178;78m\\e[38;2;32;57;25m▄\\e[48;2;98;179;77m\\e[38;2;25;46;20m▄\\e[48;2;97;177;77m\\e[38;2;56;100;46m▄\\e[48;2;98;177;78m\\e[38;2;93;165;75m▄\\e[48;2;97;176;77m\\e[38;2;100;181;80m▄\\e[48;2;98;177;77m\\e[38;2;97;176;76m▄\\e[48;2;97;176;78m\\e[38;2;98;177;78m▄\\e[48;2;99;174;79m\\e[38;2;98;177;78m▄\\e[0m \\e[48;2;98;178;78m\\e[38;2;46;76;38m▄\\e[48;2;100;178;80m\\e[38;2;50;69;45m▄\\e[48;2;99;176;80m\\e[38;2;35;46;33m▄\\e[48;2;82;148;65m\\e[38;2;7;9;6m▄\\e[48;2;64;117;50m\\e[38;2;35;54;30m▄\\e[48;2;42;77;34m\\e[38;2;52;107;39m▄\\e[48;2;26;46;21m\\e[38;2;80;194;52m▄\\e[48;2;34;71;26m\\e[38;2;73;216;38m▄\\e[48;2;54;133;35m\\e[38;2;67;192;32m▄\\e[48;2;81;199;52m\\e[38;2;81;158;23m▄\\e[48;2;80;218;46m\\e[38;2;100;110;11m▄\\e[48;2;66;199;33m\\e[38;2;152;98;2m▄\\e[48;2;60;157;26m\\e[38;2;220;129;1m▄\\e[48;2;80;128;18m\\e[38;2;251;145;0m▄\\e[48;2;120;110;9m\\e[38;2;255;147;0m▄\\e[48;2;154;106;4m\\e[38;2;255;147;0m▄\\e[48;2;181;114;2m\\e[38;2;255;147;0m▄\\e[48;2;230;134;0m\\e[38;2;255;147;0m▄\\e[48;2;251;144;0m\\e[38;2;255;147;0m▄\\e[48;2;254;146;0m\\e[38;2;255;147;0m▄\\e[48;2;255;147;0m \\e[48;2;163;94;0m\\e[38;2;134;78;0m▄\\e[48;2;2;1;0m\\e[38;2;58;33;0m▄\\e[48;2;13;7;0m\\e[38;2;133;76;0m▄\\e[48;2;64;38;0m\\e[38;2;12;7;0m▄\\e[48;2;250;144;0m\\e[38;2;234;135;0m▄\\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;249;146;0m\\e[38;2;255;147;0m▄\\e[48;2;239;143;2m\\e[38;2;255;147;0m▄\\e[48;2;223;131;1m\\e[38;2;255;147;0m▄\\e[48;2;192;120;2m\\e[38;2;255;147;0m▄\\e[48;2;130;96;5m\\e[38;2;255;147;0m▄\\e[48;2;82;88;9m\\e[38;2;255;148;0m▄\\e[48;2;62;104;15m\\e[38;2;247;147;1m▄\\e[48;2;49;132;22m\\e[38;2;212;134;3m▄\\e[48;2;57;165;32m\\e[38;2;144;95;3m▄\\e[48;2;53;117;38m\\e[38;2;74;61;8m▄\\e[48;2;50;97;39m\\e[38;2;47;60;21m▄\\e[48;2;35;56;29m\\e[38;2;47;81;33m▄\\e[48;2;17;22;15m\\e[38;2;20;34;19m▄\\e[48;2;31;50;26m\\e[38;2;48;73;42m▄\\e[48;2;55;90;47m\\e[38;2;37;56;33m▄\\e[48;2;78;132;64m\\e[38;2;21;31;18m▄\\e[48;2;95;167;78m\\e[38;2;18;26;16m▄\\e[0m \\e[48;2;48;74;43m\\e[38;2;51;78;45m▄\\e[48;2;48;74;43m\\e[38;2;50;76;44m▄\\e[48;2;46;71;42m\\e[38;2;12;17;11m▄\\e[48;2;32;54;28m\\e[38;2;45;93;35m▄\\e[48;2;58;112;46m\\e[38;2;26;45;17m▄\\e[48;2;55;130;37m\\e[38;2;121;83;5m▄\\e[48;2;57;133;27m\\e[38;2;232;138;0m▄\\e[48;2;101;96;8m\\e[38;2;253;146;0m▄\\e[48;2;200;118;1m\\e[38;2;254;147;0m▄\\e[48;2;248;144;0m\\e[38;2;255;147;0m▄\\e[48;2;254;147;0m\\e[38;2;255;147;0m▄\\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;173;100;0m\\e[38;2;210;122;0m▄\\e[48;2;172;100;0m\\e[38;2;76;44;0m▄\\e[48;2;214;123;0m\\e[38;2;153;88;0m▄\\e[48;2;36;21;0m\\e[38;2;162;94;0m▄\\e[48;2;201;116;0m\\e[38;2;20;12;0m▄\\e[48;2;254;147;0m\\e[38;2;238;137;0m▄\\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;254;147;0m\\e[38;2;255;147;0m▄\\e[48;2;241;143;1m\\e[38;2;255;147;0m▄\\e[48;2;213;125;0m\\e[38;2;255;147;0m▄\\e[48;2;117;73;3m\\e[38;2;252;147;1m▄\\e[48;2;25;36;21m\\e[38;2;94;69;18m▄\\e[48;2;50;77;44m\\e[38;2;39;59;33m▄\\e[48;2;51;78;45m \\e[48;2;51;78;44m\\e[38;2;51;78;45m▄\\e[0m \\e[48;2;51;78;45m\\e[38;2;50;76;44m▄\\e[48;2;40;58;34m\\e[38;2;43;36;13m▄\\e[48;2;38;37;6m\\e[38;2;240;143;2m▄\\e[48;2;149;95;6m\\e[38;2;254;147;0m▄\\e[48;2;226;134;1m\\e[38;2;255;147;0m▄\\e[48;2;253;146;0m\\e[38;2;255;147;0m▄\\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m\\e[38;2;243;140;0m▄\\e[48;2;116;67;0m\\e[38;2;90;52;0m▄\\e[48;2;237;137;0m\\e[38;2;254;147;0m▄\\e[48;2;248;143;0m\\e[38;2;255;147;0m▄\\e[48;2;250;144;0m\\e[38;2;255;147;0m▄\\e[48;2;45;25;0m\\e[38;2;191;110;0m▄\\e[48;2;64;36;0m\\e[38;2;32;18;0m▄\\e[48;2;245;141;0m\\e[38;2;152;87;0m▄\\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;254;147;0m\\e[38;2;255;147;0m▄\\e[48;2;230;140;6m\\e[38;2;254;147;0m▄\\e[48;2;25;21;7m\\e[38;2;143;86;2m▄\\e[48;2;48;74;42m\\e[38;2;39;60;34m▄\\e[48;2;51;78;45m \\e[0m \\e[48;2;41;63;37m\\e[38;2;40;47;23m▄\\e[48;2;119;70;1m\\e[38;2;230;135;0m▄\\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;180;104;0m\\e[38;2;120;68;0m▄\\e[48;2;135;78;0m\\e[38;2;158;91;0m▄\\e[48;2;255;147;0m\\e[38;2;250;145;0m▄\\e[48;2;255;147;0m \\e[48;2;255;147;0m\\e[38;2;254;146;0m▄\\e[48;2;252;145;0m\\e[38;2;209;120;0m▄\\e[48;2;54;31;0m\\e[38;2;61;35;0m▄\\e[48;2;94;54;0m\\e[38;2;159;91;0m▄\\e[48;2;254;146;0m\\e[38;2;244;140;0m▄\\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;240;144;1m\\e[38;2;255;147;0m▄\\e[48;2;36;40;18m\\e[38;2;70;49;6m▄\\e[48;2;50;78;45m\\e[38;2;45;69;40m▄\\e[0m \\e[48;2;65;48;9m\\e[38;2;98;64;6m▄\\e[48;2;255;149;0m\\e[38;2;255;147;0m▄\\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;254;147;0m\\e[38;2;254;146;0m▄\\e[48;2;225;130;0m\\e[38;2;175;100;0m▄\\e[48;2;210;120;0m\\e[38;2;253;146;0m▄\\e[48;2;209;121;0m\\e[38;2;254;147;0m▄\\e[48;2;86;49;0m\\e[38;2;189;109;0m▄\\e[48;2;254;146;0m\\e[38;2;142;81;0m▄\\e[48;2;255;147;0m\\e[38;2;102;59;0m▄\\e[48;2;199;115;0m\\e[38;2;69;40;0m▄\\e[48;2;244;141;0m\\e[38;2;238;138;0m▄\\e[48;2;253;146;0m\\e[38;2;184;105;0m▄\\e[48;2;200;115;0m\\e[38;2;231;134;0m▄\\e[48;2;253;147;0m\\e[38;2;254;146;0m▄\\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;149;98;7m\\e[38;2;215;132;5m▄\\e[48;2;35;54;32m\\e[38;2;31;42;22m▄\\e[0m \\e[48;2;133;82;3m\\e[38;2;153;89;0m▄\\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m\\e[38;2;255;146;0m▄\\e[48;2;255;147;0m\\e[38;2;255;146;0m▄\\e[48;2;255;147;0m \\e[48;2;255;147;0m\\e[38;2;254;148;0m▄\\e[48;2;255;147;0m\\e[38;2;248;147;0m▄\\e[48;2;254;147;0m\\e[38;2;242;142;0m▄\\e[48;2;204;116;0m\\e[38;2;224;131;0m▄\\e[48;2;200;115;0m\\e[38;2;205;124;1m▄\\e[48;2;199;115;0m\\e[38;2;175;109;2m▄\\e[48;2;172;100;0m\\e[38;2;157;102;2m▄\\e[48;2;168;97;0m\\e[38;2;172;114;3m▄\\e[48;2;206;119;0m\\e[38;2;156;115;5m▄\\e[48;2;215;125;0m\\e[38;2;138;111;7m▄\\e[48;2;180;105;0m\\e[38;2;121;105;8m▄\\e[48;2;233;136;0m\\e[38;2;120;109;8m▄\\e[48;2;254;148;0m\\e[38;2;116;111;9m▄\\e[48;2;254;148;0m\\e[38;2;112;111;10m▄\\e[48;2;255;148;0m\\e[38;2;130;121;10m▄\\e[48;2;254;148;0m\\e[38;2;103;105;10m▄\\e[48;2;254;148;0m\\e[38;2;99;99;9m▄\\e[48;2;254;148;0m\\e[38;2;106;98;8m▄\\e[48;2;254;148;0m\\e[38;2;106;96;8m▄\\e[48;2;255;148;0m\\e[38;2;118;98;7m▄\\e[48;2;255;147;0m\\e[38;2;123;101;7m▄\\e[48;2;255;147;0m\\e[38;2;129;99;6m▄\\e[48;2;255;147;0m\\e[38;2;141;100;5m▄\\e[48;2;255;147;0m\\e[38;2;166;111;4m▄\\e[48;2;255;147;0m\\e[38;2;189;122;4m▄\\e[48;2;255;147;0m\\e[38;2;217;131;1m▄\\e[48;2;255;147;0m\\e[38;2;248;145;0m▄\\e[48;2;255;147;0m\\e[38;2;250;148;0m▄\\e[48;2;255;147;0m\\e[38;2;254;149;0m▄\\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;249;147;1m\\e[38;2;254;147;0m▄\\e[48;2;47;44;15m\\e[38;2;81;54;7m▄\\e[0m \\e[48;2;163;95;0m\\e[38;2;176;103;0m▄\\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m \\e[48;2;255;147;0m\\e[38;2;254;147;0m▄\\e[48;2;255;147;0m\\e[38;2;250;144;0m▄\\e[48;2;255;147;0m\\e[38;2;238;146;1m▄\\e[48;2;254;147;0m\\e[38;2;170;117;4m▄\\e[48;2;252;147;0m\\e[38;2;78;65;5m▄\\e[48;2;239;144;1m\\e[38;2;36;71;11m▄\\e[48;2;220;136;2m\\e[38;2;41;122;21m▄\\e[48;2;193;124;2m\\e[38;2;59;179;31m▄\\e[48;2;178;119;4m\\e[38;2;69;210;35m▄\\e[48;2;129;104;6m\\e[38;2;73;219;37m▄\\e[48;2;67;87;10m\\e[38;2;73;219;37m▄\\e[48;2;61;106;15m\\e[38;2;73;218;37m▄\\e[48;2;52;126;21m\\e[38;2;73;218;37m▄\\e[48;2;52;150;25m\\e[38;2;73;218;37m▄\\e[48;2;58;177;30m\\e[38;2;73;218;37m▄\\e[48;2;63;194;33m\\e[38;2;73;218;37m▄\\e[48;2;66;204;34m\\e[38;2;73;218;37m▄\\e[48;2;69;212;36m\\e[38;2;73;218;37m▄\\e[48;2;72;217;36m\\e[38;2;73;218;37m▄\\e[48;2;72;219;37m\\e[38;2;73;218;37m▄\\e[48;2;73;220;37m\\e[38;2;73;218;37m▄\\e[48;2;73;220;37m\\e[38;2;73;218;37m▄\\e[48;2;73;220;37m\\e[38;2;73;218;37m▄\\e[48;2;73;220;37m\\e[38;2;73;218;37m▄\\e[48;2;73;220;37m\\e[38;2;73;218;37m▄\\e[48;2;74;220;37m\\e[38;2;73;218;37m▄\\e[48;2;73;220;37m\\e[38;2;73;218;37m▄\\e[48;2;73;219;37m\\e[38;2;73;218;37m▄\\e[48;2;72;214;36m\\e[38;2;73;218;37m▄\\e[48;2;68;207;35m\\e[38;2;73;218;37m▄\\e[48;2;65;197;34m\\e[38;2;73;218;37m▄\\e[48;2;61;185;32m\\e[38;2;73;218;37m▄\\e[48;2;51;157;27m\\e[38;2;73;218;37m▄\\e[48;2;41;125;21m\\e[38;2;73;218;37m▄\\e[48;2;40;106;18m\\e[38;2;73;218;37m▄\\e[48;2;75;92;10m\\e[38;2;73;218;37m▄\\e[48;2;76;85;10m\\e[38;2;73;219;37m▄\\e[48;2;112;94;7m\\e[38;2;72;216;36m▄\\e[48;2;162;113;5m\\e[38;2;64;194;33m▄\\e[48;2;219;131;0m\\e[38;2;50;152;26m▄\\e[48;2;231;138;1m\\e[38;2;30;65;14m▄\\e[48;2;252;147;0m\\e[38;2;106;71;5m▄\\e[48;2;97;61;4m\\e[38;2;30;31;7m▄\\e[0m \\e[48;2;186;108;0m\\e[38;2;185;108;0m▄\\e[48;2;255;147;0m\\e[38;2;254;148;0m▄\\e[48;2;255;147;0m\\e[38;2;247;144;0m▄\\e[48;2;255;147;0m\\e[38;2;188;113;1m▄\\e[48;2;255;147;0m\\e[38;2;110;100;8m▄\\e[48;2;248;147;0m\\e[38;2;72;136;20m▄\\e[48;2;206;124;1m\\e[38;2;62;175;29m▄\\e[48;2;115;81;4m\\e[38;2;67;204;34m▄\\e[48;2;55;92;13m\\e[38;2;72;217;36m▄\\e[48;2;60;157;26m\\e[38;2;73;218;37m▄\\e[48;2;66;195;32m\\e[38;2;73;218;37m▄\\e[48;2;70;212;35m\\e[38;2;73;218;37m▄\\e[48;2;72;215;36m\\e[38;2;73;218;37m▄\\e[48;2;73;217;36m\\e[38;2;73;218;37m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;71;210;37m\\e[38;2;71;214;37m▄\\e[48;2;58;142;37m\\e[38;2;57;136;37m▄\\e[48;2;51;109;39m\\e[38;2;54;109;40m▄\\e[48;2;36;76;26m\\e[38;2;38;71;31m▄\\e[0m \\e[48;2;73;63;12m\\e[38;2;24;46;20m▄\\e[48;2;89;67;7m\\e[38;2;54;120;38m▄\\e[48;2;67;119;19m\\e[38;2;66;192;35m▄\\e[48;2;61;177;29m\\e[38;2;73;217;37m▄\\e[48;2;71;213;36m\\e[38;2;73;218;37m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;71;214;35m\\e[38;2;42;129;21m▄\\e[48;2;43;131;22m\\e[38;2;4;10;2m▄\\e[48;2;37;111;19m\\e[38;2;4;10;2m▄\\e[48;2;60;180;30m\\e[38;2;7;22;3m▄\\e[48;2;73;218;37m\\e[38;2;62;187;31m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m\\e[38;2;72;217;36m▄\\e[48;2;69;208;35m\\e[38;2;20;61;10m▄\\e[48;2;43;129;22m\\e[38;2;4;11;2m▄\\e[48;2;38;116;19m\\e[38;2;3;8;1m▄\\e[48;2;64;192;32m\\e[38;2;19;57;10m▄\\e[48;2;73;218;37m\\e[38;2;73;219;37m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;72;214;36m\\e[38;2;71;213;36m▄\\e[48;2;55;130;37m\\e[38;2;55;123;38m▄\\e[48;2;54;108;41m\\e[38;2;56;110;44m▄\\e[48;2;35;60;30m\\e[38;2;35;57;30m▄\\e[0m \\e[48;2;37;68;29m\\e[38;2;38;61;33m▄\\e[48;2;58;132;39m\\e[38;2;62;134;45m▄\\e[48;2;64;179;36m\\e[38;2;55;129;37m▄\\e[48;2;72;217;36m\\e[38;2;71;210;36m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;27;82;14m\\e[38;2;59;178;30m▄\\e[48;2;4;11;3m\\e[38;2;3;9;1m▄\\e[48;2;0;0;0m\\e[38;2;8;18;4m▄\\e[48;2;1;3;1m\\e[38;2;4;12;2m▄\\e[48;2;36;112;19m\\e[38;2;54;163;27m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;70;210;36m\\e[38;2;72;217;36m▄\\e[48;2;4;11;1m\\e[38;2;9;28;4m▄\\e[48;2;0;0;0m\\e[38;2;6;16;3m▄\\e[48;2;1;3;1m\\e[38;2;6;15;3m▄\\e[48;2;13;39;6m\\e[38;2;32;94;15m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;70;207;36m\\e[38;2;67;196;36m▄\\e[48;2;52;110;38m \\e[48;2;57;101;47m\\e[38;2;56;90;47m▄\\e[48;2;36;55;31m\\e[38;2;38;58;33m▄\\e[0m \\e[48;2;40;63;35m\\e[38;2;43;67;38m▄\\e[48;2;61;117;48m\\e[38;2;45;80;38m▄\\e[48;2;54;114;39m\\e[38;2;52;110;38m▄\\e[48;2;64;177;36m\\e[38;2;59;150;37m▄\\e[48;2;72;217;36m\\e[38;2;72;214;36m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;72;217;36m\\e[38;2;73;218;37m▄\\e[48;2;61;182;30m\\e[38;2;73;218;37m▄\\e[48;2;45;135;22m\\e[38;2;73;218;37m▄\\e[48;2;58;174;29m\\e[38;2;73;218;37m▄\\e[48;2;72;217;36m\\e[38;2;73;218;37m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;71;212;35m\\e[38;2;72;216;36m▄\\e[48;2;34;101;17m\\e[38;2;11;32;5m▄\\e[48;2;34;101;17m\\e[38;2;1;2;1m▄\\e[48;2;34;98;18m\\e[38;2;1;3;1m▄\\e[48;2;35;101;18m\\e[38;2;1;1;1m▄\\e[48;2;35;100;17m\\e[38;2;1;3;1m▄\\e[48;2;57;170;29m\\e[38;2;56;168;28m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;72;217;36m\\e[38;2;72;218;36m▄\\e[48;2;66;197;33m\\e[38;2;72;217;36m▄\\e[48;2;46;139;23m\\e[38;2;73;217;37m▄\\e[48;2;54;163;27m\\e[38;2;72;217;37m▄\\e[48;2;71;212;36m\\e[38;2;72;217;36m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;72;217;37m\\e[38;2;70;204;36m▄\\e[48;2;60;158;37m\\e[38;2;53;122;37m▄\\e[48;2;52;103;38m\\e[38;2;52;104;40m▄\\e[48;2;33;54;28m\\e[38;2;21;34;18m▄\\e[48;2;46;70;41m\\e[38;2;49;76;44m▄\\e[0m \\e[48;2;49;76;44m\\e[38;2;51;78;45m▄\\e[48;2;32;51;28m\\e[38;2;43;65;37m▄\\e[48;2;61;125;45m\\e[38;2;81;124;71m▄\\e[48;2;54;124;38m\\e[38;2;53;113;40m▄\\e[48;2;68;202;36m\\e[38;2;60;156;37m▄\\e[48;2;73;218;37m\\e[38;2;72;215;36m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m\\e[38;2;73;216;37m▄\\e[48;2;73;217;37m\\e[38;2;93;205;61m▄\\e[48;2;79;213;44m\\e[38;2;121;189;95m▄\\e[48;2;85;210;51m\\e[38;2;132;184;108m▄\\e[48;2;82;211;47m\\e[38;2;121;191;93m▄\\e[48;2;73;217;37m\\e[38;2;85;210;52m▄\\e[48;2;73;218;37m\\e[38;2;73;217;37m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;37;111;20m\\e[38;2;71;214;36m▄\\e[48;2;1;2;0m\\e[38;2;44;128;22m▄\\e[48;2;2;4;2m\\e[38;2;15;39;8m▄\\e[48;2;1;1;1m\\e[38;2;29;82;14m▄\\e[48;2;13;37;7m\\e[38;2;68;204;34m▄\\e[48;2;70;210;35m\\e[38;2;73;218;37m▄\\e[48;2;73;217;37m\\e[38;2;73;218;37m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;217;37m\\e[38;2;74;216;38m▄\\e[48;2;82;211;47m\\e[38;2;118;191;90m▄\\e[48;2;100;200;70m\\e[38;2;132;185;108m▄\\e[48;2;103;201;72m\\e[38;2;127;187;101m▄\\e[48;2;98;203;67m\\e[38;2;125;189;100m▄\\e[48;2;85;209;52m\\e[38;2;116;192;88m▄\\e[48;2;73;217;37m\\e[38;2;80;211;44m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;72;217;36m\\e[38;2;68;200;35m▄\\e[48;2;63;170;35m\\e[38;2;54;125;36m▄\\e[48;2;51;103;38m\\e[38;2;51;99;38m▄\\e[48;2;49;101;36m\\e[38;2;22;45;17m▄\\e[48;2;30;47;26m\\e[38;2;45;69;39m▄\\e[48;2;51;78;45m \\e[0m \\e[48;2;51;78;45m \\e[48;2;49;75;43m\\e[38;2;51;78;45m▄\\e[48;2;30;38;27m\\e[38;2;39;59;35m▄\\e[48;2;63;123;49m\\e[38;2;71;110;62m▄\\e[48;2;54;121;37m\\e[38;2;56;119;40m▄\\e[48;2;68;198;37m\\e[38;2;60;158;37m▄\\e[48;2;73;218;37m\\e[38;2;71;216;36m▄\\e[48;2;73;217;37m\\e[38;2;73;216;38m▄\\e[48;2;91;206;58m\\e[38;2;110;196;81m▄\\e[48;2;122;191;95m\\e[38;2;126;188;100m▄\\e[48;2;128;186;102m\\e[38;2;130;187;104m▄\\e[48;2;140;180;116m\\e[38;2;128;187;103m▄\\e[48;2;126;188;100m\\e[38;2;106;197;76m▄\\e[48;2;96;202;64m\\e[38;2;75;215;39m▄\\e[48;2;73;217;37m\\e[38;2;72;218;36m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;74;220;37m\\e[38;2;73;218;37m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;74;217;38m\\e[38;2;73;217;37m▄\\e[48;2;114;194;86m\\e[38;2;76;215;40m▄\\e[48;2;142;178;121m\\e[38;2;94;205;62m▄\\e[48;2;150;176;129m\\e[38;2;109;196;81m▄\\e[48;2;142;180;120m\\e[38;2;95;203;63m▄\\e[48;2;116;193;88m\\e[38;2;76;214;41m▄\\e[48;2;78;213;44m\\e[38;2;73;217;37m▄\\e[48;2;73;218;37m\\e[38;2;73;217;37m▄\\e[48;2;73;218;37m\\e[38;2;67;196;36m▄\\e[48;2;71;209;37m\\e[38;2;60;154;36m▄\\e[48;2;59;152;36m\\e[38;2;57;138;37m▄\\e[48;2;52;110;38m\\e[38;2;56;130;37m▄\\e[48;2;51;104;38m\\e[38;2;30;71;21m▄\\e[48;2;20;31;17m\\e[38;2;45;69;39m▄\\e[48;2;50;78;44m\\e[38;2;51;78;45m▄\\e[48;2;51;78;45m \\e[0m \\e[48;2;51;78;45m\\e[38;2;28;43;24m▄\\e[48;2;51;78;45m\\e[38;2;43;64;38m▄\\e[48;2;51;78;45m\\e[38;2;52;79;46m▄\\e[48;2;34;53;30m\\e[38;2;46;71;41m▄\\e[48;2;64;124;48m\\e[38;2;49;106;36m▄\\e[48;2;53;115;38m\\e[38;2;57;124;40m▄\\e[48;2;63;175;36m\\e[38;2;55;126;38m▄\\e[48;2;73;217;37m\\e[38;2;66;186;36m▄\\e[48;2;89;208;56m\\e[38;2;73;217;37m▄\\e[48;2;111;195;82m\\e[38;2;75;215;40m▄\\e[48;2;109;197;80m\\e[38;2;74;216;38m▄\\e[48;2;85;209;52m\\e[38;2;73;218;36m▄\\e[48;2;73;216;37m\\e[38;2;73;218;37m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;217;37m\\e[38;2;73;218;37m▄\\e[48;2;73;217;37m\\e[38;2;73;218;37m▄\\e[48;2;73;217;36m\\e[38;2;73;218;37m▄\\e[48;2;73;218;37m\\e[38;2;71;214;36m▄\\e[48;2;71;212;36m\\e[38;2;63;172;36m▄\\e[48;2;63;174;35m\\e[38;2;57;138;37m▄\\e[48;2;58;146;36m\\e[38;2;57;137;38m▄\\e[48;2;58;139;37m\\e[38;2;57;138;37m▄\\e[48;2;58;138;37m\\e[38;2;54;128;35m▄\\e[48;2;50;117;34m\\e[38;2;20;44;14m▄\\e[48;2;20;32;17m\\e[38;2;39;61;34m▄\\e[48;2;51;77;44m\\e[38;2;45;69;40m▄\\e[48;2;51;78;45m\\e[38;2;45;69;40m▄\\e[48;2;51;78;45m\\e[38;2;49;75;43m▄\\e[0m \\e[48;2;84;151;67m\\e[38;2;98;177;78m▄\\e[48;2;43;80;34m\\e[38;2;98;177;78m▄\\e[48;2;22;39;19m\\e[38;2;98;178;78m▄\\e[48;2;43;67;38m\\e[38;2;81;148;64m▄\\e[48;2;40;70;33m\\e[38;2;44;78;36m▄\\e[48;2;54;127;36m\\e[38;2;21;47;15m▄\\e[48;2;55;120;39m\\e[38;2;54;117;39m▄\\e[48;2;56;133;37m\\e[38;2;59;133;40m▄\\e[48;2;71;211;36m\\e[38;2;61;164;37m▄\\e[48;2;73;217;36m\\e[38;2;71;211;36m▄\\e[48;2;73;218;37m\\e[38;2;72;218;36m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m\\e[38;2;73;217;37m▄\\e[48;2;73;218;37m\\e[38;2;72;217;36m▄\\e[48;2;73;218;37m\\e[38;2;67;203;34m▄\\e[48;2;68;194;37m\\e[38;2;40;116;21m▄\\e[48;2;58;142;36m\\e[38;2;8;21;5m▄\\e[48;2;49;120;31m\\e[38;2;6;10;5m▄\\e[48;2;25;59;16m\\e[38;2;73;108;65m▄\\e[48;2;15;33;11m\\e[38;2;95;157;79m▄\\e[48;2;12;25;9m\\e[38;2;97;175;77m▄\\e[48;2;21;32;19m\\e[38;2;99;179;79m▄\\e[48;2;23;35;19m\\e[38;2;98;178;78m▄\\e[48;2;20;34;17m\\e[38;2;98;178;78m▄\\e[48;2;13;24;11m\\e[38;2;98;178;78m▄\\e[48;2;16;26;14m\\e[38;2;98;177;78m▄\\e[0m \\e[48;2;97;176;77m\\e[38;2;58;103;46m▄\\e[48;2;98;177;78m\\e[38;2;94;170;75m▄\\e[48;2;98;177;78m\\e[38;2;99;179;79m▄\\e[48;2;98;177;78m\\e[38;2;97;176;77m▄\\e[48;2;97;176;77m\\e[38;2;98;177;78m▄\\e[48;2;91;165;72m\\e[38;2;98;177;78m▄\\e[48;2;55;100;44m\\e[38;2;98;177;78m▄\\e[48;2;15;27;10m\\e[38;2;92;168;73m▄\\e[48;2;24;46;18m\\e[38;2;76;138;61m▄\\e[48;2;73;154;53m\\e[38;2;54;96;43m▄\\e[48;2;74;213;39m\\e[38;2;24;48;18m▄\\e[48;2;74;222;37m\\e[38;2;20;55;11m▄\\e[48;2;73;217;37m\\e[38;2;31;91;16m▄\\e[48;2;73;218;37m\\e[38;2;49;145;24m▄\\e[48;2;73;218;37m\\e[38;2;68;201;35m▄\\e[48;2;73;218;37m\\e[38;2;73;217;37m▄\\e[48;2;73;218;37m\\e[38;2;74;220;37m▄\\e[48;2;73;218;37m\\e[38;2;73;219;37m▄\\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m \\e[48;2;73;218;37m\\e[38;2;73;220;37m▄\\e[48;2;73;218;37m\\e[38;2;72;214;37m▄\\e[48;2;73;218;37m\\e[38;2;63;187;32m▄\\e[48;2;72;217;36m\\e[38;2;41;120;22m▄\\e[48;2;74;222;36m\\e[38;2;21;52;13m▄\\e[48;2;67;203;34m\\e[38;2;39;62;34m▄\\e[48;2;40;117;21m\\e[38;2;64;103;54m▄\\e[48;2;14;43;7m\\e[38;2;72;126;57m▄\\e[48;2;4;12;2m\\e[38;2;87;156;69m▄\\e[48;2;25;45;21m\\e[38;2;97;174;78m▄\\e[48;2;71;124;57m\\e[38;2;99;177;80m▄\\e[48;2;97;168;78m\\e[38;2;94;170;75m▄\\e[48;2;96;175;77m\\e[38;2;103;177;84m▄\\e[48;2;98;176;79m\\e[38;2;109;183;90m▄\\e[48;2;100;178;80m\\e[38;2;112;185;94m▄\\e[48;2;100;177;80m\\e[38;2;111;184;92m▄\\e[48;2;99;177;80m\\e[38;2;107;182;89m▄\\e[48;2;98;177;78m\\e[38;2;105;182;85m▄\\e[48;2;98;177;78m\\e[38;2;103;180;83m▄\\e[48;2;98;177;78m\\e[38;2;99;177;79m▄\\e[0m \\e[38;2;54;79;47m▀\\e[38;2;72;123;60m▀\\e[48;2;97;176;78m\\e[38;2;65;87;60m▄\\e[48;2;98;177;78m\\e[38;2;73;130;59m▄\\e[48;2;98;177;78m\\e[38;2;91;165;72m▄\\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;96;172;77m\\e[38;2;98;177;78m▄\\e[48;2;82;147;65m\\e[38;2;98;177;78m▄\\e[48;2;66;116;52m\\e[38;2;98;177;78m▄\\e[48;2;46;78;38m\\e[38;2;98;177;78m▄\\e[48;2;27;51;20m\\e[38;2;98;177;78m▄\\e[48;2;28;60;20m\\e[38;2;94;169;74m▄\\e[48;2;28;67;19m\\e[38;2;86;155;69m▄\\e[48;2;34;96;19m\\e[38;2;69;123;54m▄\\e[48;2;42;126;21m\\e[38;2;48;86;39m▄\\e[48;2;51;148;27m\\e[38;2;36;64;28m▄\\e[48;2;55;164;28m\\e[38;2;26;46;20m▄\\e[48;2;60;180;30m\\e[38;2;23;39;18m▄\\e[48;2;62;186;31m\\e[38;2;21;40;17m▄\\e[48;2;61;181;31m\\e[38;2;19;36;16m▄\\e[48;2;67;176;40m\\e[38;2;18;32;14m▄\\e[48;2;63;173;35m\\e[38;2;23;36;19m▄\\e[48;2;56;168;29m\\e[38;2;27;42;23m▄\\e[48;2;53;160;27m\\e[38;2;29;45;24m▄\\e[48;2;44;133;22m\\e[38;2;30;53;25m▄\\e[48;2;34;102;17m\\e[38;2;52;89;43m▄\\e[48;2;20;60;10m\\e[38;2;88;148;71m▄\\e[48;2;24;47;19m\\e[38;2;97;171;78m▄\\e[48;2;34;62;27m\\e[38;2;98;177;78m▄\\e[48;2;55;99;44m\\e[38;2;98;177;78m▄\\e[48;2;80;144;64m\\e[38;2;98;177;78m▄\\e[48;2;99;176;79m\\e[38;2;98;177;78m▄\\e[48;2;98;177;78m \\e[48;2;98;177;78m\\e[38;2;99;177;79m▄\\e[48;2;99;177;79m\\e[38;2;96;172;76m▄\\e[48;2;99;175;79m\\e[38;2;85;151;68m▄\\e[48;2;95;169;76m\\e[38;2;72;121;60m▄\\e[48;2;109;180;92m\\e[38;2;37;57;32m▄\\e[48;2;100;159;85m\\e[38;2;38;41;36m▄\\e[48;2;72;107;62m\\e[38;2;74;74;74m▄\\e[0m\\e[38;2;44;65;38m▀\\e[38;2;31;48;27m▀\\e[38;2;31;48;26m▀\\e[38;2;31;52;25m▀\\e[38;2;41;71;34m▀\\e[38;2;59;97;50m▀\\e[0m \\e[38;2;95;106;94m▀\\e[38;2;81;137;65m▀\\e[38;2;91;166;73m▀\\e[48;2;95;174;76m\\e[38;2;61;73;59m▄\\e[48;2;98;177;78m\\e[38;2;33;66;26m▄\\e[48;2;98;177;78m\\e[38;2;81;143;65m▄\\e[48;2;98;177;78m\\e[38;2;102;182;81m▄\\e[48;2;98;177;78m\\e[38;2;97;176;77m▄\\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;178;78m\\e[38;2;98;177;78m▄\\e[48;2;98;179;78m\\e[38;2;98;177;78m▄\\e[48;2;98;179;78m\\e[38;2;98;177;78m▄\\e[48;2;99;179;78m\\e[38;2;98;177;78m▄\\e[48;2;98;179;78m\\e[38;2;98;177;78m▄\\e[48;2;98;178;78m\\e[38;2;98;177;78m▄\\e[48;2;98;178;78m\\e[38;2;98;177;78m▄\\e[48;2;98;178;78m\\e[38;2;98;177;78m▄\\e[48;2;98;179;78m\\e[38;2;98;177;78m▄\\e[48;2;97;177;77m\\e[38;2;98;177;78m▄\\e[48;2;98;177;78m \\e[48;2;98;177;78m \\e[48;2;98;177;78m\\e[38;2;98;176;78m▄\\e[48;2;98;177;78m\\e[38;2;99;179;78m▄\\e[48;2;98;177;78m\\e[38;2;93;169;74m▄\\e[48;2;98;177;78m\\e[38;2;56;106;44m▄\\e[48;2;96;174;77m\\e[38;2;16;31;13m▄\\e[48;2;68;126;54m\\e[38;2;58;58;58m▄\\e[0m\\e[38;2;28;50;23m▀\\e[38;2;20;22;20m▀\\e[0m \\e[38;2;41;52;39m▀\\e[38;2;39;76;30m▀\\e[38;2;73;136;57m▀\\e[48;2;90;162;72m\\e[38;2;96;100;95m▄\\e[48;2;99;175;79m\\e[38;2;60;69;58m▄\\e[48;2;98;177;78m\\e[38;2;46;59;43m▄\\e[48;2;98;177;78m\\e[38;2;32;51;27m▄\\e[48;2;98;178;78m\\e[38;2;28;50;23m▄\\e[48;2;98;178;78m\\e[38;2;28;55;22m▄\\e[48;2;98;178;78m\\e[38;2;35;64;28m▄\\e[48;2;98;177;78m\\e[38;2;41;75;33m▄\\e[48;2;98;177;78m\\e[38;2;50;89;41m▄\\e[48;2;98;177;77m\\e[38;2;54;89;45m▄\\e[48;2;98;177;77m\\e[38;2;53;89;44m▄\\e[48;2;98;177;78m\\e[38;2;49;86;39m▄\\e[48;2;98;177;78m\\e[38;2;45;83;36m▄\\e[48;2;98;177;78m\\e[38;2;40;74;32m▄\\e[48;2;98;177;78m\\e[38;2;35;64;28m▄\\e[48;2;98;178;78m\\e[38;2;39;60;33m▄\\e[48;2;90;163;71m\\e[38;2;55;61;53m▄\\e[0m\\e[38;2;53;97;41m▀\\e[38;2;24;44;19m▀\\e[38;2;36;41;35m▀\\e[0m '"
2⤵
PID:740

/bin/sed
sed "s,LEGEND,[1;4m&[0m,"
2⤵
- Reads runtime system information
PID:759

/bin/sed
sed "s,RED/YELLOW,[1;31;103m&[0m,"
2⤵
PID:761

/bin/sed
sed "s,RED,[1;31m&[0m,"
2⤵
PID:763

/bin/sed
sed "s,LightCyan,[1;96m&[0m,"
2⤵
PID:765

/bin/sed
sed "s,Blue,[1;34m&[0m,"
2⤵
PID:767

/bin/sed
sed "s,Green,[1;32m&[0m,"
2⤵
PID:769

/bin/sed
sed "s,LightMagenta,[1;95m&[0m,"
2⤵
PID:771

/bin/sed
sed "s,YOU ARE ALREADY ROOT!!!,[1;31;103m&[0m,"
2⤵
PID:773

/bin/sleep
sleep 3
2⤵
PID:774

/usr/bin/whoami
whoami
2⤵
PID:808

/usr/bin/id
id -u root
2⤵
PID:807

/bin/grep
grep "^/"
2⤵
PID:813

/usr/bin/cut
cut -d " " -f5
2⤵
PID:812

/usr/bin/tr
tr "\\n" "|"
2⤵
PID:814

/bin/cat
cat /proc/self/mountinfo
2⤵
PID:815

/bin/grep
grep -v "#"
2⤵
PID:820

/bin/grep
grep -E "\\W/\\W"
2⤵
PID:821

/bin/cat
cat /etc/fstab
2⤵
PID:819

/usr/bin/awk
awk "{print \$1}"
2⤵
- Reads runtime system information
PID:822

/bin/grep
grep "^/"
2⤵
PID:827

/bin/grep
grep -Ev "swap|/cdrom|/floppy|/dev/shm"
2⤵
PID:828

/usr/bin/awk
awk "{print \$1}"
2⤵
PID:829

/bin/grep
grep -Ev "/sys|/proc|/dev|/dev/pts|/run|/|/sys/kernel/security|/dev/shm|/run/lock|/sys/fs/cgroup|/sys/fs/cgroup/systemd|/sys/fs/cgroup/blkio|/sys/fs/cgroup/memory|/sys/fs/cgroup/devices|/sys/fs/cgroup/net_cls,net_prio|/sys/fs/cgroup/cpu,cpuacct|/sys/fs/cgroup/pids|/sys/fs/cgroup/perf_event|/sys/fs/cgroup/cpuset|/sys/fs/cgroup/freezer|/proc/sys/fs/binfmt_misc|/sys/kernel/debug|/dev/mqueue|/run/user/0|UUID=e10d4a88-ffa6-4881-a4aa-c19206c5c9ba"
2⤵
PID:830

/bin/cat
cat /etc/fstab
2⤵
PID:826

/usr/bin/tr
tr "\\n" "|"
2⤵
PID:831

/usr/bin/tr
tr " " "|"
2⤵
PID:835

/usr/bin/groups
groups
2⤵
PID:834

/usr/bin/whoami
whoami
2⤵
PID:836

/bin/sed
sed -E s/o/a/
2⤵
PID:839

/bin/sed
sed "s/:\\.\$//g"
2⤵
PID:844

/bin/sed
sed "s/:\\.:/:/g"
2⤵
PID:843

/bin/sed
sed "s/^\\.://g"
2⤵
PID:845

/bin/sed
sed "s/:/\$|^/g"
2⤵
PID:846

/bin/grep
grep -i "sh\$"
2⤵
PID:850

/bin/grep
grep -v "^root:"
2⤵
PID:849

/usr/bin/cut
cut -d : -f 1
2⤵
PID:851

/bin/cat
cat /etc/passwd
2⤵
PID:848

/usr/bin/tr
tr "\\n" "|"
2⤵
PID:852

/bin/sed
sed "s/|bin|/|bin[\\\\\\s:]|^bin\$|/"
2⤵
PID:853

/bin/sed
sed "s/|sys|/|sys[\\\\\\s:]|^sys\$|/"
2⤵
PID:854

/bin/sed
sed "s/|daemon|/|daemon[\\\\\\s:]|^daemon\$|/"
2⤵
PID:855

/bin/grep
grep -i -v "sh\$"
2⤵
PID:859

/bin/cat
cat /etc/passwd
2⤵
PID:858

/usr/bin/sort
sort
2⤵
PID:860

/usr/bin/cut
cut -d : -f 1
2⤵
PID:861

/usr/bin/tr
tr "\\n" "|"
2⤵
PID:862

/bin/sed
sed "s/|bin|/|bin[\\\\\\s:]|^bin\$|/"
2⤵
PID:863

/usr/bin/whoami
whoami
2⤵
PID:867

/usr/bin/cut
cut -d : -f 2
2⤵
PID:870

/usr/bin/tr
tr " " "|"
2⤵
PID:871

/usr/bin/groups
groups root
2⤵
PID:869

/usr/bin/cut
cut -d : -f2
2⤵
PID:874

/usr/bin/groups
groups root
2⤵
PID:873

/bin/sed
sed -e "s/ -or\$//"
2⤵
PID:878

/usr/bin/sort
sort
2⤵
PID:881

/usr/bin/find
find / -maxdepth 3 -type d "!" -path "/proc/*" "(" "(" -user root ")" -or "(" -perm "-o=w" ")" -or "(" -perm "-g=w" -and "(" -group root ")" ")" ")"
2⤵
- Reads runtime system information
PID:880

/usr/bin/tr
tr "\\n" "|"
2⤵
PID:885

/bin/grep
grep /shm
2⤵
PID:888

/usr/bin/head
head -n1
2⤵
PID:889

/bin/sed
sed -E "s,/|/bin|/boot|/dev|/dev/block|/dev/bsg|/dev/bus|/dev/bus/usb|/dev/char|/dev/disk|/dev/disk/by-id|/dev/disk/by-partuuid|/dev/disk/by-path|/dev/disk/by-uuid|/dev/input|/dev/input/by-id|/dev/input/by-path|/dev/mapper|/dev/mqueue|/dev/net|/dev/pts|/dev/shm|/dev/snd|/etc|/etc/alternatives|/etc/apt|/etc/apt/apt.conf.d|/etc/apt/keyrings|/etc/apt/preferences.d|/etc/apt/sources.list.d|/etc/apt/trusted.gpg.d|/etc/audisp|/etc/audisp/plugins.d|/etc/audit|/etc/audit/rules.d|/etc/binfmt.d|/etc/ca-certificates|/etc/ca-certificates/update.d|/etc/calendar|/etc/console-setup|/etc/cron.d|/etc/cron.daily|/etc/cron.hourly|/etc/cron.monthly|/etc/cron.weekly|/etc/dbus-1|/etc/dbus-1/session.d|/etc/dbus-1/system.d|/etc/default|/etc/dhcp|/etc/dhcp/dhclient-enter-hooks.d|/etc/dhcp/dhclient-exit-hooks.d|/etc/dictionaries-common|/etc/discover.conf.d|/etc/dpkg|/etc/dpkg/dpkg.cfg.d|/etc/dpkg/origins|/etc/emacs|/etc/emacs/site-start.d|/etc/exim4|/etc/exim4/conf.d|/etc/fonts|/etc/fonts/conf.avail|/etc/fonts/conf.d|/etc/ghostscript|/etc/ghostscript/cidfmap.d|/etc/ghostscript/fontmap.d|/etc/gss|/etc/gss/mech.d|/etc/ImageMagick-6|/etc/init|/etc/init.d|/etc/initramfs-tools|/etc/initramfs-tools/conf.d|/etc/initramfs-tools/hooks|/etc/initramfs-tools/scripts|/etc/iproute2|/etc/iproute2/rt_tables.d|/etc/kernel|/etc/kernel/install.d|/etc/kernel/postinst.d|/etc/kernel/postrm.d|/etc/ldap|/etc/ld.so.conf.d|/etc/libpaper.d|/etc/logcheck|/etc/logcheck/ignore.d.server|/etc/logrotate.d|/etc/modprobe.d|/etc/modules-load.d|/etc/mysql|/etc/mysql/conf.d|/etc/network|/etc/network/if-down.d|/etc/network/if-post-down.d|/etc/network/if-pre-up.d|/etc/network/if-up.d|/etc/network/interfaces.d|/etc/newt|/etc/opt|/etc/pam.d|/etc/perl|/etc/perl/CPAN|/etc/perl/Net|/etc/polkit-1|/etc/polkit-1/localauthority|/etc/polkit-1/localauthority.conf.d|/etc/polkit-1/nullbackend.conf.d|/etc/ppp|/etc/ppp/ip-up.d|/etc/profile.d|/etc/python|/etc/python2.7|/etc/python3|/etc/python3.5|/etc/rc0.d|/etc/rc1.d|/etc/rc2.d|/etc/rc3.d|/etc/rc4.d|/etc/rc5.d|/etc/rc6.d|/etc/rcS.d|/etc/rsyslog.d|/etc/security|/etc/security/limits.d|/etc/security/namespace.d|/etc/selinux|/etc/selinux/default|/etc/sgml|/etc/skel|/etc/ssh|/etc/ssl|/etc/ssl/certs|/etc/ssl/private|/etc/sudoers.d|/etc/sysctl.d|/etc/systemd|/etc/systemd/network|/etc/systemd/system|/etc/systemd/user|/etc/terminfo|/etc/tmpfiles.d|/etc/udev|/etc/udev/hwdb.d|/etc/udev/rules.d|/etc/ufw|/etc/ufw/applications.d|/etc/update-motd.d|/etc/vim|/etc/X11|/etc/X11/xkb|/etc/X11/Xreset.d|/etc/X11/Xresources|/etc/X11/Xsession.d|/etc/xdg|/etc/xdg/systemd|/etc/xml|/home|/lib|/lib/console-setup|/lib/discover|/lib/ifupdown|/lib/init|/lib/lsb|/lib/lsb/init-functions.d|/lib/mipsel-linux-gnu|/lib/mipsel-linux-gnu/security|/lib/modprobe.d|/lib/modules|/lib/modules/4.9.0-13-4kc-malta|/lib/systemd|/lib/systemd/network|/lib/systemd/system|/lib/systemd/system-generators|/lib/systemd/system-preset|/lib/systemd/system-shutdown|/lib/systemd/system-sleep|/lib/terminfo|/lib/terminfo/a|/lib/terminfo/c|/lib/terminfo/d|/lib/terminfo/E|/lib/terminfo/h|/lib/terminfo/l|/lib/terminfo/m|/lib/terminfo/p|/lib/terminfo/r|/lib/terminfo/s|/lib/terminfo/v|/lib/terminfo/w|/lib/terminfo/x|/lib/udev|/lib/udev/hwdb.d|/lib/udev/rules.d|/lost+found|/media|/media/cdrom0|/mnt|/opt|/proc|/root|/run|/run/console-setup|/run/dbus|/run/initramfs|/run/lock|/run/lock/subsys|/run/log|/run/log/journal|/run/mount|/run/network|/run/sendsigs.omit.d|/run/sshd|/run/systemd|/run/systemd/ask-password|/run/systemd/generator|/run/systemd/generator.late|/run/systemd/inaccessible|/run/systemd/initctl|/run/systemd/journal|/run/systemd/machines|/run/systemd/seats|/run/systemd/sessions|/run/systemd/shutdown|/run/systemd/system|/run/systemd/transient|/run/systemd/users|/run/tmpfiles.d|/run/udev|/run/udev/data|/run/udev/links|/run/udev/static_node-tags|/run/udev/tags|/run/udev/watch|/run/user|/run/user/0|/sbin|/srv|/sys|/sys/block|/sys/bus|/sys/bus/clockevents|/sys/bus/clocksource|/sys/bus/container|/sys/bus/cpu|/sys/bus/event_source|/sys/bus/hid|/sys/bus/i2c|/sys/bus/pci|/sys/bus/platform|/sys/bus/scsi|/sys/bus/serio|/sys/bus/spi|/sys/bus/usb|/sys/bus/workqueue|/sys/class|/sys/class/ata_device|/sys/class/ata_link|/sys/class/ata_port|/sys/class/backlight|/sys/class/bdi|/sys/class/block|/sys/class/bsg|/sys/class/devcoredump|/sys/class/devfreq|/sys/class/drm|/sys/class/graphics|/sys/class/hidraw|/sys/class/hwmon|/sys/class/i2c-adapter|/sys/class/input|/sys/class/leds|/sys/class/mem|/sys/class/misc|/sys/class/net|/sys/class/pci_bus|/sys/class/phy|/sys/class/power_supply|/sys/class/rtc|/sys/class/scsi_device|/sys/class/scsi_disk|/sys/class/scsi_generic|/sys/class/scsi_host|/sys/class/spi_master|/sys/class/tpm|/sys/class/tty|/sys/class/vc|/sys/class/vtconsole|/sys/class/watchdog|/sys/dev|/sys/dev/block|/sys/dev/char|/sys/devices|/sys/devices/pci0000:00|/sys/devices/platform|/sys/devices/software|/sys/devices/system|/sys/devices/tracepoint|/sys/devices/virtual|/sys/firmware|/sys/firmware/devicetree|/sys/fs|/sys/fs/bpf|/sys/fs/cgroup|/sys/fs/ext4|/sys/kernel|/sys/kernel/debug|/sys/kernel/mm|/sys/kernel/security|/sys/kernel/tracing|/sys/module|/sys/module/8250|/sys/module/apparmor|/sys/module/ata_generic|/sys/module/ata_piix|/sys/module/autofs4|/sys/module/block|/sys/module/cdrom|/sys/module/cirrus|/sys/module/crc16|/sys/module/crc32c_generic|/sys/module/cryptomgr|/sys/module/drm|/sys/module/drm_kms_helper|/sys/module/dynamic_debug|/sys/module/e1000|/sys/module/ecb|/sys/module/ehci_hcd|/sys/module/ehci_pci|/sys/module/evdev|/sys/module/ext4|/sys/module/fb|/sys/module/fb_sys_fops|/sys/module/firmware_class|/sys/module/fscrypto|/sys/module/hid|/sys/module/hid_generic|/sys/module/i2c_core|/sys/module/i2c_piix4|/sys/module/i8042|/sys/module/ima|/sys/module/ip_tables|/sys/module/ipv6|/sys/module/jbd2|/sys/module/joydev|/sys/module/kernel|/sys/module/keyboard|/sys/module/libata|/sys/module/mbcache|/sys/module/module|/sys/module/mousedev|/sys/module/netpoll|/sys/module/printk|/sys/module/random|/sys/module/scsi_mod|/sys/module/sg|/sys/module/spurious|/sys/module/sr_mod|/sys/module/stahp|/sys/module/suspend|/sys/module/syscopyarea|/sys/module/sysfillrect|/sys/module/sysimgblt|/sys/module/sysrq|/sys/module/tcp_cubic|/sys/module/tpm|/sys/module/ttm|/sys/module/uhci_hcd|/sys/module/usb_common|/sys/module/usbcore|/sys/module/usbhid|/sys/module/vt|/sys/module/workqueue|/sys/module/x_tables|/sys/module/xz_dec|/sys/module/zswap|/sys/power|/tmp|/tmp/.font-unix|/tmp/.ICE-unix|/tmp/systemd-private-ea6e906bf51e40fca2d5d35fbbb8a2ac-systemd-timedated.service-9mG10l|/tmp/systemd-private-ea6e906bf51e40fca2d5d35fbbb8a2ac-systemd-timedated.service-9mG10l/tmp|/tmp/.Test-unix|/tmp/.X11-unix|/tmp/.XIM-unix|/usr|/usr/bin|/usr/games|/usr/include|/usr/include/arpa|/usr/include/asm-generic|/usr/include/c++|/usr/include/linux|/usr/include/mipsel-linux-gnu|/usr/include/misc|/usr/include/mtd|/usr/include/net|/usr/include/netash|/usr/include/netatalk|/usr/include/netax25|/usr/include/neteconet|/usr/include/netinet|/usr/include/netipx|/usr/include/netiucv|/usr/include/netpacket|/usr/include/netrom|/usr/include/netrose|/usr/include/nfs|/usr/include/openssl|/usr/include/protocols|/usr/include/python3.5m|/usr/include/rdma|/usr/include/rpc|/usr/include/rpcsvc|/usr/include/scsi|/usr/include/sound|/usr/include/uapi|/usr/include/video|/usr/include/X11|/usr/include/xen|/usr/lib|/usr/lib/apt|/usr/lib/binfmt.d|/usr/lib/compat-ld|/usr/lib/dbus-1.0|/usr/lib/dpkg|/usr/lib/eject|/usr/lib/emacsen-common|/usr/lib/exim4|/usr/lib/file|/usr/lib/gcc|/usr/lib/gnupg|/usr/lib/gnupg2|/usr/lib/gold-ld|/usr/lib/ispell|/usr/lib/kernel|/usr/lib/klibc|/usr/lib/lapack|/usr/lib/ldscripts|/usr/lib/libblas|/usr/lib/linux-kbuild-4.9|/usr/lib/locale|/usr/lib/mime|/usr/lib/mipsel-linux-gnu|/usr/lib/modules-load.d|/usr/lib/nodejs|/usr/lib/openssh|/usr/lib/perl5|/usr/lib/policykit-1|/usr/lib/python2.7|/usr/lib/python3|/usr/lib/python3.5|/usr/lib/sasl2|/usr/lib/selinux|/usr/lib/ssl|/usr/lib/sudo|/usr/lib/systemd|/usr/lib/tar|/usr/lib/tasksel|/usr/lib/tc|/usr/lib/tmpfiles.d|/usr/lib/valgrind|/usr/lib/X11|/usr/local|/usr/local/bin|/usr/local/etc|/usr/local/games|/usr/local/include|/usr/local/lib|/usr/local/sbin|/usr/local/share|/usr/local/src|/usr/sbin|/usr/share|/usr/share/adduser|/usr/share/alsa|/usr/share/applications|/usr/share/apport|/usr/share/apps|/usr/share/avahi|/usr/share/awk|/usr/share/base-files|/usr/share/base-passwd|/usr/share/bash-completion|/usr/share/binfmts|/usr/share/bug|/usr/share/build-essential|/usr/share/ca-certificates|/usr/share/calendar|/usr/share/color|/usr/share/common-licenses|/usr/share/consolefonts|/usr/share/console-setup|/usr/share/consoletrans|/usr/share/dbus-1|/usr/share/debconf|/usr/share/debhelper|/usr/share/debianutils|/usr/share/dh-python|/usr/share/dict|/usr/share/dictionaries-common|/usr/share/discover|/usr/share/djvu|/usr/share/doc|/usr/share/doc-base|/usr/share/dpkg|/usr/share/emacs|/usr/share/exim4|/usr/share/file|/usr/share/fontconfig|/usr/share/fonts|/usr/share/fonts-droid-fallback|/usr/share/gcc-6|/usr/share/gdb|/usr/share/gettext|/usr/share/ghostscript|/usr/share/glib-2.0|/usr/share/gnupg|/usr/share/guile|/usr/share/i18n|/usr/share/icons|/usr/share/ImageMagick-6|/usr/share/info|/usr/share/initramfs-tools|/usr/share/installation-report|/usr/share/iptables|/usr/share/ispell|/usr/share/keyrings|/usr/share/libc-bin|/usr/share/libthai|/usr/share/lintian|/usr/share/locale|/usr/share/man|/usr/share/menu|/usr/share/mime|/usr/share/misc|/usr/share/mysql-common|/usr/share/nano|/usr/share/netpbm|/usr/share/numpy3|/usr/share/openssh|/usr/share/pam|/usr/share/pam-configs|/usr/share/perl|/usr/share/perl5|/usr/share/pixmaps|/usr/share/pkgconfig|/usr/share/polkit-1|/usr/share/poppler|/usr/share/python|/usr/share/python3|/usr/share/readline|/usr/share/selinux|/usr/share/selinux-basics|/usr/share/setools|/usr/share/sgml|/usr/share/sgml-base|/usr/share/sounds|/usr/share/systemd|/usr/share/tabset|/usr/share/tasksel|/usr/share/terminfo|/usr/share/tools|/usr/share/upstart|/usr/share/vim|/usr/share/X11|/usr/share/xml|/usr/share/xml-core|/usr/share/zoneinfo|/usr/share/zsh|/usr/src|/usr/src/linux-headers-4.9.0-13-4kc-malta|/usr/src/linux-headers-4.9.0-13-common|/var|/var/backups|/var/cache|/var/cache/apt|/var/cache/debconf|/var/cache/dictionaries-common|/var/cache/fontconfig|/var/cache/ldconfig|/var/lib|/var/lib/alsa|/var/lib/apt|/var/lib/aspell|/var/lib/dbus|/var/lib/dhcp|/var/lib/dictionaries-common|/var/lib/dpkg|/var/lib/emacsen-common|/var/lib/exim4|/var/lib/ghostscript|/var/lib/initramfs-tools|/var/lib/ispell|/var/lib/logrotate|/var/lib/misc|/var/lib/pam|/var/lib/polkit-1|/var/lib/python|/var/lib/selinux|/var/lib/sepolgen|/var/lib/sgml-base|/var/lib/sudo|/var/lib/systemd|/var/lib/ucf|/var/lib/usbutils|/var/lib/vim|/var/lib/xml-core|/var/local|/var/log|/var/log/apt|/var/log/audit|/var/log/installer|/var/mail|/var/opt|/var/spool|/var/spool/cron|/var/spool/rsyslog|/var/tmp|/var/tmp/systemd-private-ea6e906bf51e40fca2d5d35fbbb8a2ac-systemd-timedated.service-UAVTlj|[a-zA-Z]+[a-zA-Z0-9]* +\\*|\\./|\\.:|:\\.,[1;31;103m&[0m,g"
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:891

/bin/ps
ps auxwww
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:898

/usr/bin/wc
wc -l
2⤵
PID:899

/usr/bin/wc
wc -c
2⤵
PID:912

/usr/bin/seq
seq 1 31
2⤵
PID:913

/usr/bin/seq
seq 1 18
2⤵
PID:914

/usr/bin/seq
seq 1 31
2⤵
PID:915

/usr/bin/seq
seq 1 31
2⤵
PID:916

/usr/bin/seq
seq 1 31
2⤵
PID:917

/usr/bin/seq
seq 1 18
2⤵
PID:918

/bin/sed
sed -E "s,3.1.1-1400-linaro-lt-mx5|3.11.0-13-generic|3.11.0-14-generic|3.11.0-15-generic|3.11.0-17-generic|3.11.0-18-generic|3.11.0-20-generic|3.11.0-22-generic|3.11.0-23-generic|3.11.0-24-generic|3.11.0-26-generic|3.13.0-100-generic|3.13.0-24-generic|3.13.0-27-generic|3.13.0-29-generic|3.13.0-30-generic|3.13.0-32-generic|3.13.0-33-generic|3.13.0-34-generic|3.13.0-35-generic|3.13.0-36-generic|3.13.0-37-generic|3.13.0-39-generic|3.13.0-40-generic|3.13.0-41-generic|3.13.0-43-generic|3.13.0-44-generic|3.13.0-46-generic|3.13.0-48-generic|3.13.0-49-generic|3.13.0-51-generic|3.13.0-52-generic|3.13.0-53-generic|3.13.0-54-generic|3.13.0-55-generic|3.13.0-57-generic|3.13.0-58-generic|3.13.0-59-generic|3.13.0-61-generic|3.13.0-62-generic|3.13.0-63-generic|3.13.0-65-generic|3.13.0-66-generic|3.13.0-67-generic|3.13.0-68-generic|3.13.0-71-generic|3.13.0-73-generic|3.13.0-74-generic|3.13.0-76-generic|3.13.0-77-generic|3.13.0-79-generic|3.13.0-83-generic|3.13.0-85-generic|3.13.0-86-generic|3.13.0-88-generic|3.13.0-91-generic|3.13.0-92-generic|3.13.0-93-generic|3.13.0-95-generic|3.13.0-96-generic|3.13.0-98-generic|3.2.0-101-generic|3.2.0-101-generic-pae|3.2.0-101-virtual|3.2.0-102-generic|3.2.0-102-generic-pae|3.2.0-102-virtual,[1;31;103m&[0m,"
2⤵
- Reads runtime system information
PID:920

/bin/sed
sed -E "s,3.2.0-104-generic|3.2.0-104-generic-pae|3.2.0-104-virtual|3.2.0-105-generic|3.2.0-105-generic-pae|3.2.0-105-virtual|3.2.0-106-generic|3.2.0-106-generic-pae|3.2.0-106-virtual|3.2.0-107-generic|3.2.0-107-generic-pae|3.2.0-107-virtual|3.2.0-109-generic|3.2.0-109-generic-pae|3.2.0-109-virtual|3.2.0-110-generic|3.2.0-110-generic-pae|3.2.0-110-virtual|3.2.0-111-generic|3.2.0-111-generic-pae|3.2.0-111-virtual|3.2.0-1412-omap4|3.2.0-1602-armadaxp|3.2.0-23-generic|3.2.0-23-generic-pae|3.2.0-23-lowlatency|3.2.0-23-lowlatency-pae|3.2.0-23-omap|3.2.0-23-powerpc-smp|3.2.0-23-powerpc64-smp|3.2.0-23-virtual|3.2.0-24-generic|3.2.0-24-generic-pae|3.2.0-24-virtual|3.2.0-25-generic|3.2.0-25-generic-pae|3.2.0-25-virtual|3.2.0-26-generic|3.2.0-26-generic-pae|3.2.0-26-virtual|3.2.0-27-generic|3.2.0-27-generic-pae|3.2.0-27-virtual|3.2.0-29-generic|3.2.0-29-generic-pae|3.2.0-29-virtual|3.2.0-31-generic|3.2.0-31-generic-pae|3.2.0-31-virtual|3.2.0-32-generic|3.2.0-32-generic-pae|3.2.0-32-virtual|3.2.0-33-generic|3.2.0-33-generic-pae|3.2.0-33-lowlatency|3.2.0-33-lowlatency-pae|3.2.0-33-virtual|3.2.0-34-generic|3.2.0-34-generic-pae|3.2.0-34-virtual|3.2.0-35-generic|3.2.0-35-generic-pae|3.2.0-35-lowlatency|3.2.0-35-lowlatency-pae|3.2.0-35-virtual,[1;31;103m&[0m,"
2⤵
PID:921

/bin/sed
sed -E "s,3.2.0-36-generic|3.2.0-36-generic-pae|3.2.0-36-lowlatency|3.2.0-36-lowlatency-pae|3.2.0-36-virtual|3.2.0-37-generic|3.2.0-37-generic-pae|3.2.0-37-lowlatency|3.2.0-37-lowlatency-pae|3.2.0-37-virtual|3.2.0-38-generic|3.2.0-38-generic-pae|3.2.0-38-lowlatency|3.2.0-38-lowlatency-pae|3.2.0-38-virtual|3.2.0-39-generic|3.2.0-39-generic-pae|3.2.0-39-lowlatency|3.2.0-39-lowlatency-pae|3.2.0-39-virtual|3.2.0-40-generic|3.2.0-40-generic-pae|3.2.0-40-lowlatency|3.2.0-40-lowlatency-pae|3.2.0-40-virtual|3.2.0-41-generic|3.2.0-41-generic-pae|3.2.0-41-lowlatency|3.2.0-41-lowlatency-pae|3.2.0-41-virtual|3.2.0-43-generic|3.2.0-43-generic-pae|3.2.0-43-virtual|3.2.0-44-generic|3.2.0-44-generic-pae|3.2.0-44-lowlatency|3.2.0-44-lowlatency-pae|3.2.0-44-virtual|3.2.0-45-generic|3.2.0-45-generic-pae|3.2.0-45-virtual|3.2.0-48-generic|3.2.0-48-generic-pae|3.2.0-48-lowlatency|3.2.0-48-lowlatency-pae|3.2.0-48-virtual|3.2.0-51-generic|3.2.0-51-generic-pae|3.2.0-51-lowlatency|3.2.0-51-lowlatency-pae|3.2.0-51-virtual|3.2.0-52-generic|3.2.0-52-generic-pae|3.2.0-52-lowlatency|3.2.0-52-lowlatency-pae|3.2.0-52-virtual|3.2.0-53-generic,[1;31;103m&[0m,"
2⤵
PID:922

/bin/sed
sed -E "s,3.2.0-53-generic-pae|3.2.0-53-lowlatency|3.2.0-53-lowlatency-pae|3.2.0-53-virtual|3.2.0-54-generic|3.2.0-54-generic-pae|3.2.0-54-lowlatency|3.2.0-54-lowlatency-pae|3.2.0-54-virtual|3.2.0-55-generic|3.2.0-55-generic-pae|3.2.0-55-lowlatency|3.2.0-55-lowlatency-pae|3.2.0-55-virtual|3.2.0-56-generic|3.2.0-56-generic-pae|3.2.0-56-lowlatency|3.2.0-56-lowlatency-pae|3.2.0-56-virtual|3.2.0-57-generic|3.2.0-57-generic-pae|3.2.0-57-lowlatency|3.2.0-57-lowlatency-pae|3.2.0-57-virtual|3.2.0-58-generic|3.2.0-58-generic-pae|3.2.0-58-lowlatency|3.2.0-58-lowlatency-pae|3.2.0-58-virtual|3.2.0-59-generic|3.2.0-59-generic-pae|3.2.0-59-lowlatency|3.2.0-59-lowlatency-pae|3.2.0-59-virtual|3.2.0-60-generic|3.2.0-60-generic-pae|3.2.0-60-lowlatency|3.2.0-60-lowlatency-pae|3.2.0-60-virtual|3.2.0-61-generic|3.2.0-61-generic-pae|3.2.0-61-virtual|3.2.0-63-generic|3.2.0-63-generic-pae|3.2.0-63-lowlatency|3.2.0-63-lowlatency-pae|3.2.0-63-virtual|3.2.0-64-generic|3.2.0-64-generic-pae|3.2.0-64-lowlatency|3.2.0-64-lowlatency-pae|3.2.0-64-virtual|3.2.0-65-generic|3.2.0-65-generic-pae|3.2.0-65-lowlatency|3.2.0-65-lowlatency-pae|3.2.0-65-virtual|3.2.0-67-generic|3.2.0-67-generic-pae|3.2.0-67-lowlatency|3.2.0-67-lowlatency-pae|3.2.0-67-virtual|3.2.0-68-generic,[1;31;103m&[0m,"
2⤵
PID:923

/bin/sed
sed -E "s,3.2.0-68-generic-pae|3.2.0-68-lowlatency|3.2.0-68-lowlatency-pae|3.2.0-68-virtual|3.2.0-69-generic|3.2.0-69-generic-pae|3.2.0-69-lowlatency|3.2.0-69-lowlatency-pae|3.2.0-69-virtual|3.2.0-70-generic|3.2.0-70-generic-pae|3.2.0-70-lowlatency|3.2.0-70-lowlatency-pae|3.2.0-70-virtual|3.2.0-72-generic|3.2.0-72-generic-pae|3.2.0-72-lowlatency|3.2.0-72-lowlatency-pae|3.2.0-72-virtual|3.2.0-73-generic|3.2.0-73-generic-pae|3.2.0-73-lowlatency|3.2.0-73-lowlatency-pae|3.2.0-73-virtual|3.2.0-74-generic|3.2.0-74-generic-pae|3.2.0-74-lowlatency|3.2.0-74-lowlatency-pae|3.2.0-74-virtual|3.2.0-75-generic|3.2.0-75-generic-pae|3.2.0-75-lowlatency|3.2.0-75-lowlatency-pae|3.2.0-75-virtual|3.2.0-76-generic|3.2.0-76-generic-pae|3.2.0-76-lowlatency|3.2.0-76-lowlatency-pae|3.2.0-76-virtual|3.2.0-77-generic|3.2.0-77-generic-pae|3.2.0-77-lowlatency|3.2.0-77-lowlatency-pae|3.2.0-77-virtual|3.2.0-79-generic|3.2.0-79-generic-pae|3.2.0-79-lowlatency|3.2.0-79-lowlatency-pae|3.2.0-79-virtual|3.2.0-80-generic|3.2.0-80-generic-pae|3.2.0-80-lowlatency|3.2.0-80-lowlatency-pae|3.2.0-80-virtual|3.2.0-82-generic|3.2.0-82-generic-pae|3.2.0-82-lowlatency|3.2.0-82-lowlatency-pae|3.2.0-82-virtual|3.2.0-83-generic|3.2.0-83-generic-pae|3.2.0-83-virtual|3.2.0-84-generic,[1;31;103m&[0m,"
2⤵
PID:924

/bin/sed
sed -E "s,3.2.0-84-generic-pae|3.2.0-84-virtual|3.2.0-85-generic|3.2.0-85-generic-pae|3.2.0-85-virtual|3.2.0-86-generic|3.2.0-86-generic-pae|3.2.0-86-virtual|3.2.0-87-generic|3.2.0-87-generic-pae|3.2.0-87-virtual|3.2.0-88-generic|3.2.0-88-generic-pae|3.2.0-88-virtual|3.2.0-89-generic|3.2.0-89-generic-pae|3.2.0-89-virtual|3.2.0-90-generic|3.2.0-90-generic-pae|3.2.0-90-virtual|3.2.0-91-generic|3.2.0-91-generic-pae|3.2.0-91-virtual|3.2.0-92-generic|3.2.0-92-generic-pae|3.2.0-92-virtual|3.2.0-93-generic|3.2.0-93-generic-pae|3.2.0-93-virtual|3.2.0-94-generic|3.2.0-94-generic-pae|3.2.0-94-virtual|3.2.0-95-generic|3.2.0-95-generic-pae|3.2.0-95-virtual|3.2.0-96-generic|3.2.0-96-generic-pae|3.2.0-96-virtual|3.2.0-97-generic|3.2.0-97-generic-pae|3.2.0-97-virtual|3.2.0-98-generic|3.2.0-98-generic-pae|3.2.0-98-virtual|3.2.0-99-generic|3.2.0-99-generic-pae|3.2.0-99-virtual|3.5.0-40-generic|3.5.0-41-generic|3.5.0-42-generic|3.5.0-43-generic|3.5.0-44-generic|3.5.0-45-generic|3.5.0-46-generic|3.5.0-49-generic|3.5.0-51-generic|3.5.0-52-generic|3.5.0-54-generic|3.8.0-19-generic|3.8.0-21-generic|3.8.0-22-generic|3.8.0-23-generic|3.8.0-27-generic|3.8.0-29-generic|3.8.0-30-generic|3.8.0-31-generic|3.8.0-32-generic|3.8.0-33-generic|3.8.0-34-generic|3.8.0-35-generic|3.8.0-36-generic|3.8.0-37-generic|3.8.0-38-generic|3.8.0-39-generic|3.8.0-41-generic|3.8.0-42-generic,[1;31;103m&[0m,"
2⤵
PID:925

/bin/sed
sed -E "s,3.13.0-24-generic|3.13.0-24-generic-lpae|3.13.0-24-lowlatency|3.13.0-24-powerpc-e500|3.13.0-24-powerpc-e500mc|3.13.0-24-powerpc-smp|3.13.0-24-powerpc64-emb|3.13.0-24-powerpc64-smp|3.13.0-27-generic|3.13.0-27-lowlatency|3.13.0-29-generic|3.13.0-29-lowlatency|3.13.0-3-exynos5|3.13.0-30-generic|3.13.0-30-lowlatency|3.13.0-32-generic|3.13.0-32-lowlatency|3.13.0-33-generic|3.13.0-33-lowlatency|3.13.0-34-generic|3.13.0-34-lowlatency|3.13.0-35-generic|3.13.0-35-lowlatency|3.13.0-36-generic|3.13.0-36-lowlatency|3.13.0-37-generic|3.13.0-37-lowlatency|3.13.0-39-generic|3.13.0-39-lowlatency|3.13.0-40-generic|3.13.0-40-lowlatency|3.13.0-41-generic|3.13.0-41-lowlatency|3.13.0-43-generic|3.13.0-43-lowlatency|3.13.0-44-generic|3.13.0-44-lowlatency|3.13.0-46-generic|3.13.0-46-lowlatency|3.13.0-48-generic|3.13.0-48-lowlatency|3.13.0-49-generic|3.13.0-49-lowlatency|3.13.0-51-generic|3.13.0-51-lowlatency|3.13.0-52-generic|3.13.0-52-lowlatency|3.13.0-53-generic|3.13.0-53-lowlatency|3.13.0-54-generic|3.13.0-54-lowlatency|3.13.0-55-generic|3.13.0-55-lowlatency|3.13.0-57-generic|3.13.0-57-lowlatency|3.13.0-58-generic|3.13.0-58-lowlatency|3.13.0-59-generic|3.13.0-59-lowlatency|3.13.0-61-generic|3.13.0-61-lowlatency|3.13.0-62-generic|3.13.0-62-lowlatency|3.13.0-63-generic|3.13.0-63-lowlatency|3.13.0-65-generic|3.13.0-65-lowlatency|3.13.0-66-generic|3.13.0-66-lowlatency,[1;31;103m&[0m,"
2⤵
PID:926

/bin/cat
cat /proc/version
2⤵
- Reads runtime system information
PID:928

/bin/sed
sed -E "s,3.13.0-67-generic|3.13.0-67-lowlatency|3.13.0-68-generic|3.13.0-68-lowlatency|3.13.0-70-generic|3.13.0-70-lowlatency|3.13.0-71-generic|3.13.0-71-lowlatency|3.13.0-73-generic|3.13.0-73-lowlatency|3.13.0-74-generic|3.13.0-74-lowlatency|3.13.0-76-generic|3.13.0-76-lowlatency|3.13.0-77-generic|3.13.0-77-lowlatency|3.13.0-79-generic|3.13.0-79-lowlatency|3.13.0-83-generic|3.13.0-83-lowlatency|3.13.0-85-generic|3.13.0-85-lowlatency|3.13.0-86-generic|3.13.0-86-lowlatency|3.13.0-87-generic|3.13.0-87-lowlatency|3.13.0-88-generic|3.13.0-88-lowlatency|3.13.0-91-generic|3.13.0-91-lowlatency|3.13.0-92-generic|3.13.0-92-lowlatency|3.13.0-93-generic|3.13.0-93-lowlatency|3.13.0-95-generic|3.13.0-95-lowlatency|3.13.0-96-generic|3.13.0-96-lowlatency|3.13.0-98-generic|3.13.0-98-lowlatency|3.16.0-25-generic|3.16.0-25-lowlatency|3.16.0-26-generic|3.16.0-26-lowlatency|3.16.0-28-generic|3.16.0-28-lowlatency|3.16.0-29-generic|3.16.0-29-lowlatency|3.16.0-31-generic|3.16.0-31-lowlatency|3.16.0-33-generic|3.16.0-33-lowlatency|3.16.0-34-generic|3.16.0-34-lowlatency|3.16.0-36-generic|3.16.0-36-lowlatency|3.16.0-37-generic|3.16.0-37-lowlatency|3.16.0-38-generic|3.16.0-38-lowlatency|3.16.0-39-generic|3.16.0-39-lowlatency|3.16.0-41-generic|3.16.0-41-lowlatency|3.16.0-43-generic|3.16.0-43-lowlatency|3.16.0-44-generic|3.16.0-44-lowlatency|3.16.0-45-generic,[1;31;103m&[0m,"
2⤵
PID:927

/bin/sed
sed -E "s,3.16.0-45-lowlatency|3.16.0-46-generic|3.16.0-46-lowlatency|3.16.0-48-generic|3.16.0-48-lowlatency|3.16.0-49-generic|3.16.0-49-lowlatency|3.16.0-50-generic|3.16.0-50-lowlatency|3.16.0-51-generic|3.16.0-51-lowlatency|3.16.0-52-generic|3.16.0-52-lowlatency|3.16.0-53-generic|3.16.0-53-lowlatency|3.16.0-55-generic|3.16.0-55-lowlatency|3.16.0-56-generic|3.16.0-56-lowlatency|3.16.0-57-generic|3.16.0-57-lowlatency|3.16.0-59-generic|3.16.0-59-lowlatency|3.16.0-60-generic|3.16.0-60-lowlatency|3.16.0-62-generic|3.16.0-62-lowlatency|3.16.0-67-generic|3.16.0-67-lowlatency|3.16.0-69-generic|3.16.0-69-lowlatency|3.16.0-70-generic|3.16.0-70-lowlatency|3.16.0-71-generic|3.16.0-71-lowlatency|3.16.0-73-generic|3.16.0-73-lowlatency|3.16.0-76-generic|3.16.0-76-lowlatency|3.16.0-77-generic|3.16.0-77-lowlatency|3.19.0-20-generic|3.19.0-20-lowlatency|3.19.0-21-generic|3.19.0-21-lowlatency|3.19.0-22-generic|3.19.0-22-lowlatency|3.19.0-23-generic|3.19.0-23-lowlatency|3.19.0-25-generic|3.19.0-25-lowlatency|3.19.0-26-generic|3.19.0-26-lowlatency|3.19.0-28-generic|3.19.0-28-lowlatency|3.19.0-30-generic|3.19.0-30-lowlatency|3.19.0-31-generic|3.19.0-31-lowlatency|3.19.0-32-generic|3.19.0-32-lowlatency|3.19.0-33-generic|3.19.0-33-lowlatency|3.19.0-37-generic|3.19.0-37-lowlatency|3.19.0-39-generic|3.19.0-39-lowlatency|3.19.0-41-generic|3.19.0-41-lowlatency|3.19.0-42-generic,[1;31;103m&[0m,"
2⤵
PID:929

/bin/sed
sed -E "s,3.19.0-42-lowlatency|3.19.0-43-generic|3.19.0-43-lowlatency|3.19.0-47-generic|3.19.0-47-lowlatency|3.19.0-49-generic|3.19.0-49-lowlatency|3.19.0-51-generic|3.19.0-51-lowlatency|3.19.0-56-generic|3.19.0-56-lowlatency|3.19.0-58-generic|3.19.0-58-lowlatency|3.19.0-59-generic|3.19.0-59-lowlatency|3.19.0-61-generic|3.19.0-61-lowlatency|3.19.0-64-generic|3.19.0-64-lowlatency|3.19.0-65-generic|3.19.0-65-lowlatency|3.19.0-66-generic|3.19.0-66-lowlatency|3.19.0-68-generic|3.19.0-68-lowlatency|3.19.0-69-generic|3.19.0-69-lowlatency|3.19.0-71-generic|3.19.0-71-lowlatency|3.4.0-5-chromebook|4.2.0-18-generic|4.2.0-18-lowlatency|4.2.0-19-generic|4.2.0-19-lowlatency|4.2.0-21-generic|4.2.0-21-lowlatency|4.2.0-22-generic|4.2.0-22-lowlatency|4.2.0-23-generic|4.2.0-23-lowlatency|4.2.0-25-generic|4.2.0-25-lowlatency|4.2.0-27-generic|4.2.0-27-lowlatency|4.2.0-30-generic|4.2.0-30-lowlatency|4.2.0-34-generic|4.2.0-34-lowlatency|4.2.0-35-generic|4.2.0-35-lowlatency|4.2.0-36-generic|4.2.0-36-lowlatency|4.2.0-38-generic|4.2.0-38-lowlatency|4.2.0-41-generic|4.2.0-41-lowlatency|4.4.0-21-generic|4.4.0-21-lowlatency|4.4.0-22-generic|4.4.0-22-lowlatency|4.4.0-24-generic|4.4.0-24-lowlatency|4.4.0-28-generic|4.4.0-28-lowlatency|4.4.0-31-generic|4.4.0-31-lowlatency|4.4.0-34-generic|4.4.0-34-lowlatency|4.4.0-36-generic|4.4.0-36-lowlatency|4.4.0-38-generic|4.4.0-38-lowlatency|4.4.0-42-generic|4.4.0-42-lowlatency,[1;31;103m&[0m,"
2⤵
- Reads runtime system information
PID:930

/bin/sed
sed -E "s,4.4.0-1009-raspi2|4.4.0-1012-snapdragon|4.4.0-21-generic|4.4.0-21-generic-lpae|4.4.0-21-lowlatency|4.4.0-21-powerpc-e500mc|4.4.0-21-powerpc-smp|4.4.0-21-powerpc64-emb|4.4.0-21-powerpc64-smp|4.4.0-22-generic|4.4.0-22-lowlatency|4.4.0-24-generic|4.4.0-24-lowlatency|4.4.0-28-generic|4.4.0-28-lowlatency|4.4.0-31-generic|4.4.0-31-lowlatency|4.4.0-34-generic|4.4.0-34-lowlatency|4.4.0-36-generic|4.4.0-36-lowlatency|4.4.0-38-generic|4.4.0-38-lowlatency|4.4.0-42-generic|4.4.0-42-lowlatency,[1;31;103m&[0m,"
2⤵
PID:931

/bin/sed
sed -E "s,2.6.24.7-74.el5rt|2.6.24.7-81.el5rt|2.6.24.7-93.el5rt|2.6.24.7-101.el5rt|2.6.24.7-108.el5rt|2.6.24.7-111.el5rt|2.6.24.7-117.el5rt|2.6.24.7-126.el5rt|2.6.24.7-132.el5rt|2.6.24.7-137.el5rt|2.6.24.7-139.el5rt|2.6.24.7-146.el5rt|2.6.24.7-149.el5rt|2.6.24.7-161.el5rt|2.6.24.7-169.el5rt|2.6.33.7-rt29.45.el5rt|2.6.33.7-rt29.47.el5rt|2.6.33.7-rt29.55.el5rt|2.6.33.9-rt31.64.el5rt|2.6.33.9-rt31.67.el5rt|2.6.33.9-rt31.86.el5rt|2.6.18-8.1.1.el5|2.6.18-8.1.3.el5|2.6.18-8.1.4.el5|2.6.18-8.1.6.el5|2.6.18-8.1.8.el5|2.6.18-8.1.10.el5|2.6.18-8.1.14.el5|2.6.18-8.1.15.el5|2.6.18-53.el5|2.6.18-53.1.4.el5|2.6.18-53.1.6.el5|2.6.18-53.1.13.el5|2.6.18-53.1.14.el5|2.6.18-53.1.19.el5|2.6.18-53.1.21.el5|2.6.18-92.el5|2.6.18-92.1.1.el5|2.6.18-92.1.6.el5|2.6.18-92.1.10.el5|2.6.18-92.1.13.el5|2.6.18-92.1.18.el5|2.6.18-92.1.22.el5|2.6.18-92.1.24.el5|2.6.18-92.1.26.el5|2.6.18-92.1.27.el5|2.6.18-92.1.28.el5|2.6.18-92.1.29.el5|2.6.18-92.1.32.el5|2.6.18-92.1.35.el5|2.6.18-92.1.38.el5|2.6.18-128.el5|2.6.18-128.1.1.el5|2.6.18-128.1.6.el5|2.6.18-128.1.10.el5|2.6.18-128.1.14.el5|2.6.18-128.1.16.el5|2.6.18-128.2.1.el5|2.6.18-128.4.1.el5|2.6.18-128.4.1.el5|2.6.18-128.7.1.el5|2.6.18-128.8.1.el5|2.6.18-128.11.1.el5|2.6.18-128.12.1.el5|2.6.18-128.14.1.el5|2.6.18-128.16.1.el5|2.6.18-128.17.1.el5|2.6.18-128.18.1.el5|2.6.18-128.23.1.el5|2.6.18-128.23.2.el5|2.6.18-128.25.1.el5|2.6.18-128.26.1.el5|2.6.18-128.27.1.el5,[1;31;103m&[0m,"
2⤵
PID:932

/bin/sed
sed -E "s,2.6.18-128.29.1.el5|2.6.18-128.30.1.el5|2.6.18-128.31.1.el5|2.6.18-128.32.1.el5|2.6.18-128.35.1.el5|2.6.18-128.36.1.el5|2.6.18-128.37.1.el5|2.6.18-128.38.1.el5|2.6.18-128.39.1.el5|2.6.18-128.40.1.el5|2.6.18-128.41.1.el5|2.6.18-164.el5|2.6.18-164.2.1.el5|2.6.18-164.6.1.el5|2.6.18-164.9.1.el5|2.6.18-164.10.1.el5|2.6.18-164.11.1.el5|2.6.18-164.15.1.el5|2.6.18-164.17.1.el5|2.6.18-164.19.1.el5|2.6.18-164.21.1.el5|2.6.18-164.25.1.el5|2.6.18-164.25.2.el5|2.6.18-164.28.1.el5|2.6.18-164.30.1.el5|2.6.18-164.32.1.el5|2.6.18-164.34.1.el5|2.6.18-164.36.1.el5|2.6.18-164.37.1.el5|2.6.18-164.38.1.el5|2.6.18-194.el5|2.6.18-194.3.1.el5|2.6.18-194.8.1.el5|2.6.18-194.11.1.el5|2.6.18-194.11.3.el5|2.6.18-194.11.4.el5|2.6.18-194.17.1.el5|2.6.18-194.17.4.el5|2.6.18-194.26.1.el5|2.6.18-194.32.1.el5|2.6.18-238.el5|2.6.18-238.1.1.el5|2.6.18-238.5.1.el5|2.6.18-238.9.1.el5|2.6.18-238.12.1.el5|2.6.18-238.19.1.el5|2.6.18-238.21.1.el5|2.6.18-238.27.1.el5|2.6.18-238.28.1.el5|2.6.18-238.31.1.el5|2.6.18-238.33.1.el5|2.6.18-238.35.1.el5|2.6.18-238.37.1.el5|2.6.18-238.39.1.el5|2.6.18-238.40.1.el5|2.6.18-238.44.1.el5|2.6.18-238.45.1.el5|2.6.18-238.47.1.el5|2.6.18-238.48.1.el5|2.6.18-238.49.1.el5|2.6.18-238.50.1.el5|2.6.18-238.51.1.el5|2.6.18-238.52.1.el5|2.6.18-238.53.1.el5|2.6.18-238.54.1.el5|2.6.18-238.55.1.el5|2.6.18-238.56.1.el5|2.6.18-274.el5|2.6.18-274.3.1.el5|2.6.18-274.7.1.el5|2.6.18-274.12.1.el5,[1;31;103m&[0m,"
2⤵
PID:933

/bin/sed
sed -E "s,2.6.18-274.17.1.el5|2.6.18-274.18.1.el5|2.6.18-308.el5|2.6.18-308.1.1.el5|2.6.18-308.4.1.el5|2.6.18-308.8.1.el5|2.6.18-308.8.2.el5|2.6.18-308.11.1.el5|2.6.18-308.13.1.el5|2.6.18-308.16.1.el5|2.6.18-308.20.1.el5|2.6.18-308.24.1.el5|2.6.18-348.el5|2.6.18-348.1.1.el5|2.6.18-348.2.1.el5|2.6.18-348.3.1.el5|2.6.18-348.4.1.el5|2.6.18-348.6.1.el5|2.6.18-348.12.1.el5|2.6.18-348.16.1.el5|2.6.18-348.18.1.el5|2.6.18-348.19.1.el5|2.6.18-348.21.1.el5|2.6.18-348.22.1.el5|2.6.18-348.23.1.el5|2.6.18-348.25.1.el5|2.6.18-348.27.1.el5|2.6.18-348.28.1.el5|2.6.18-348.29.1.el5|2.6.18-348.30.1.el5|2.6.18-348.31.2.el5|2.6.18-371.el5|2.6.18-371.1.2.el5|2.6.18-371.3.1.el5|2.6.18-371.4.1.el5|2.6.18-371.6.1.el5|2.6.18-371.8.1.el5|2.6.18-371.9.1.el5|2.6.18-371.11.1.el5|2.6.18-371.12.1.el5|2.6.18-398.el5|2.6.18-400.el5|2.6.18-400.1.1.el5|2.6.18-402.el5|2.6.18-404.el5|2.6.18-406.el5|2.6.18-407.el5|2.6.18-408.el5|2.6.18-409.el5|2.6.18-410.el5|2.6.18-411.el5|2.6.18-412.el5,[1;31;103m&[0m,"
2⤵
PID:934

/bin/sed
sed -E "s,2.6.33.9-rt31.66.el6rt|2.6.33.9-rt31.74.el6rt|2.6.33.9-rt31.75.el6rt|2.6.33.9-rt31.79.el6rt|3.0.9-rt26.45.el6rt|3.0.9-rt26.46.el6rt|3.0.18-rt34.53.el6rt|3.0.25-rt44.57.el6rt|3.0.30-rt50.62.el6rt|3.0.36-rt57.66.el6rt|3.2.23-rt37.56.el6rt|3.2.33-rt50.66.el6rt|3.6.11-rt28.20.el6rt|3.6.11-rt30.25.el6rt|3.6.11.2-rt33.39.el6rt|3.6.11.5-rt37.55.el6rt|3.8.13-rt14.20.el6rt|3.8.13-rt14.25.el6rt|3.8.13-rt27.33.el6rt|3.8.13-rt27.34.el6rt|3.8.13-rt27.40.el6rt|3.10.0-229.rt56.144.el6rt|3.10.0-229.rt56.147.el6rt|3.10.0-229.rt56.149.el6rt|3.10.0-229.rt56.151.el6rt|3.10.0-229.rt56.153.el6rt|3.10.0-229.rt56.158.el6rt|3.10.0-229.rt56.161.el6rt|3.10.0-229.rt56.162.el6rt|3.10.0-327.rt56.170.el6rt|3.10.0-327.rt56.171.el6rt|3.10.0-327.rt56.176.el6rt|3.10.0-327.rt56.183.el6rt|3.10.0-327.rt56.190.el6rt|3.10.0-327.rt56.194.el6rt|3.10.0-327.rt56.195.el6rt|3.10.0-327.rt56.197.el6rt|3.10.33-rt32.33.el6rt|3.10.33-rt32.34.el6rt|3.10.33-rt32.43.el6rt|3.10.33-rt32.45.el6rt|3.10.33-rt32.51.el6rt|3.10.33-rt32.52.el6rt|3.10.58-rt62.58.el6rt|3.10.58-rt62.60.el6rt|2.6.32-71.7.1.el6|2.6.32-71.14.1.el6|2.6.32-71.18.1.el6|2.6.32-71.18.2.el6|2.6.32-71.24.1.el6|2.6.32-71.29.1.el6|2.6.32-71.31.1.el6|2.6.32-71.34.1.el6|2.6.32-71.35.1.el6|2.6.32-71.36.1.el6|2.6.32-71.37.1.el6|2.6.32-71.38.1.el6|2.6.32-71.39.1.el6|2.6.32-71.40.1.el6|2.6.32-131.0.15.el6|2.6.32-131.2.1.el6|2.6.32-131.4.1.el6|2.6.32-131.6.1.el6|2.6.32-131.12.1.el6,[1;31;103m&[0m,"
2⤵
PID:935

/bin/sed
sed -E "s,2.6.32-279.41.1.el6|2.6.32-279.42.1.el6|2.6.32-279.43.1.el6|2.6.32-279.43.2.el6|2.6.32-279.46.1.el6|2.6.32-358.el6|2.6.32-358.0.1.el6|2.6.32-358.2.1.el6|2.6.32-358.6.1.el6|2.6.32-358.6.2.el6|2.6.32-358.6.3.p7ih.el6|2.6.32-358.11.1.bgq.el6|2.6.32-358.11.1.el6|2.6.32-358.14.1.el6|2.6.32-358.18.1.el6|2.6.32-358.23.2.el6|2.6.32-358.28.1.el6|2.6.32-358.32.3.el6|2.6.32-358.37.1.el6|2.6.32-358.41.1.el6|2.6.32-358.44.1.el6|2.6.32-358.46.1.el6|2.6.32-358.46.2.el6|2.6.32-358.48.1.el6|2.6.32-358.49.1.el6|2.6.32-358.51.1.el6|2.6.32-358.51.2.el6|2.6.32-358.55.1.el6|2.6.32-358.56.1.el6|2.6.32-358.59.1.el6|2.6.32-358.61.1.el6|2.6.32-358.62.1.el6|2.6.32-358.65.1.el6|2.6.32-358.67.1.el6|2.6.32-358.68.1.el6|2.6.32-358.69.1.el6|2.6.32-358.70.1.el6|2.6.32-358.71.1.el6|2.6.32-358.72.1.el6|2.6.32-358.73.1.el6|2.6.32-358.111.1.openstack.el6|2.6.32-358.114.1.openstack.el6|2.6.32-358.118.1.openstack.el6|2.6.32-358.123.4.openstack.el6|2.6.32-431.el6|2.6.32-431.1.1.bgq.el6|2.6.32-431.1.2.el6|2.6.32-431.3.1.el6|2.6.32-431.5.1.el6|2.6.32-431.11.2.el6|2.6.32-431.17.1.el6|2.6.32-431.20.3.el6|2.6.32-431.20.5.el6|2.6.32-431.23.3.el6|2.6.32-431.29.2.el6|2.6.32-431.37.1.el6|2.6.32-431.40.1.el6|2.6.32-431.40.2.el6|2.6.32-431.46.2.el6|2.6.32-431.50.1.el6|2.6.32-431.53.2.el6|2.6.32-431.56.1.el6|2.6.32-431.59.1.el6|2.6.32-431.61.2.el6|2.6.32-431.64.1.el6|2.6.32-431.66.1.el6|2.6.32-431.68.1.el6|2.6.32-431.69.1.el6|2.6.32-431.70.1.el6,[1;31;103m&[0m,"
2⤵
PID:937

/bin/sed
sed -E "s,2.6.32-131.17.1.el6|2.6.32-131.21.1.el6|2.6.32-131.22.1.el6|2.6.32-131.25.1.el6|2.6.32-131.26.1.el6|2.6.32-131.28.1.el6|2.6.32-131.29.1.el6|2.6.32-131.30.1.el6|2.6.32-131.30.2.el6|2.6.32-131.33.1.el6|2.6.32-131.35.1.el6|2.6.32-131.36.1.el6|2.6.32-131.37.1.el6|2.6.32-131.38.1.el6|2.6.32-131.39.1.el6|2.6.32-220.el6|2.6.32-220.2.1.el6|2.6.32-220.4.1.el6|2.6.32-220.4.2.el6|2.6.32-220.4.7.bgq.el6|2.6.32-220.7.1.el6|2.6.32-220.7.3.p7ih.el6|2.6.32-220.7.4.p7ih.el6|2.6.32-220.7.6.p7ih.el6|2.6.32-220.7.7.p7ih.el6|2.6.32-220.13.1.el6|2.6.32-220.17.1.el6|2.6.32-220.23.1.el6|2.6.32-220.24.1.el6|2.6.32-220.25.1.el6|2.6.32-220.26.1.el6|2.6.32-220.28.1.el6|2.6.32-220.30.1.el6|2.6.32-220.31.1.el6|2.6.32-220.32.1.el6|2.6.32-220.34.1.el6|2.6.32-220.34.2.el6|2.6.32-220.38.1.el6|2.6.32-220.39.1.el6|2.6.32-220.41.1.el6|2.6.32-220.42.1.el6|2.6.32-220.45.1.el6|2.6.32-220.46.1.el6|2.6.32-220.48.1.el6|2.6.32-220.51.1.el6|2.6.32-220.52.1.el6|2.6.32-220.53.1.el6|2.6.32-220.54.1.el6|2.6.32-220.55.1.el6|2.6.32-220.56.1.el6|2.6.32-220.57.1.el6|2.6.32-220.58.1.el6|2.6.32-220.60.2.el6|2.6.32-220.62.1.el6|2.6.32-220.63.2.el6|2.6.32-220.64.1.el6|2.6.32-220.65.1.el6|2.6.32-220.66.1.el6|2.6.32-220.67.1.el6|2.6.32-279.el6|2.6.32-279.1.1.el6|2.6.32-279.2.1.el6|2.6.32-279.5.1.el6|2.6.32-279.5.2.el6|2.6.32-279.9.1.el6|2.6.32-279.11.1.el6|2.6.32-279.14.1.bgq.el6|2.6.32-279.14.1.el6|2.6.32-279.19.1.el6|2.6.32-279.22.1.el6|2.6.32-279.23.1.el6|2.6.32-279.25.1.el6|2.6.32-279.25.2.el6|2.6.32-279.31.1.el6|2.6.32-279.33.1.el6|2.6.32-279.34.1.el6|2.6.32-279.37.2.el6|2.6.32-279.39.1.el6,[1;31;103m&[0m,"
2⤵
PID:936

/bin/sed
sed -E "s,2.6.32-431.71.1.el6|2.6.32-431.72.1.el6|2.6.32-431.73.2.el6|2.6.32-431.74.1.el6|2.6.32-504.el6|2.6.32-504.1.3.el6|2.6.32-504.3.3.el6|2.6.32-504.8.1.el6|2.6.32-504.8.2.bgq.el6|2.6.32-504.12.2.el6|2.6.32-504.16.2.el6|2.6.32-504.23.4.el6|2.6.32-504.30.3.el6|2.6.32-504.30.5.p7ih.el6|2.6.32-504.33.2.el6|2.6.32-504.36.1.el6|2.6.32-504.38.1.el6|2.6.32-504.40.1.el6|2.6.32-504.43.1.el6|2.6.32-504.46.1.el6|2.6.32-504.49.1.el6|2.6.32-504.50.1.el6|2.6.32-504.51.1.el6|2.6.32-504.52.1.el6|2.6.32-573.el6|2.6.32-573.1.1.el6|2.6.32-573.3.1.el6|2.6.32-573.4.2.bgq.el6|2.6.32-573.7.1.el6|2.6.32-573.8.1.el6|2.6.32-573.12.1.el6|2.6.32-573.18.1.el6|2.6.32-573.22.1.el6|2.6.32-573.26.1.el6|2.6.32-573.30.1.el6|2.6.32-573.32.1.el6|2.6.32-573.34.1.el6|2.6.32-642.el6|2.6.32-642.1.1.el6|2.6.32-642.3.1.el6|2.6.32-642.4.2.el6|2.6.32-642.6.1.el6,[1;31;103m&[0m,"
2⤵
PID:938

/bin/sed
sed -E "s,3.10.0-229.rt56.141.el7|3.10.0-229.1.2.rt56.141.2.el7_1|3.10.0-229.4.2.rt56.141.6.el7_1|3.10.0-229.7.2.rt56.141.6.el7_1|3.10.0-229.11.1.rt56.141.11.el7_1|3.10.0-229.14.1.rt56.141.13.el7_1|3.10.0-229.20.1.rt56.141.14.el7_1|3.10.0-229.rt56.141.el7|3.10.0-327.rt56.204.el7|3.10.0-327.4.5.rt56.206.el7_2|3.10.0-327.10.1.rt56.211.el7_2|3.10.0-327.13.1.rt56.216.el7_2|3.10.0-327.18.2.rt56.223.el7_2|3.10.0-327.22.2.rt56.230.el7_2|3.10.0-327.28.2.rt56.234.el7_2|3.10.0-327.28.3.rt56.235.el7|3.10.0-327.36.1.rt56.237.el7|3.10.0-123.el7|3.10.0-123.1.2.el7|3.10.0-123.4.2.el7|3.10.0-123.4.4.el7|3.10.0-123.6.3.el7|3.10.0-123.8.1.el7|3.10.0-123.9.2.el7|3.10.0-123.9.3.el7|3.10.0-123.13.1.el7|3.10.0-123.13.2.el7|3.10.0-123.20.1.el7|3.10.0-229.el7|3.10.0-229.1.2.el7|3.10.0-229.4.2.el7|3.10.0-229.7.2.el7|3.10.0-229.11.1.el7|3.10.0-229.14.1.el7|3.10.0-229.20.1.el7|3.10.0-229.24.2.el7|3.10.0-229.26.2.el7|3.10.0-229.28.1.el7|3.10.0-229.30.1.el7|3.10.0-229.34.1.el7|3.10.0-229.38.1.el7|3.10.0-229.40.1.el7|3.10.0-229.42.1.el7|3.10.0-327.el7|3.10.0-327.3.1.el7|3.10.0-327.4.4.el7|3.10.0-327.4.5.el7|3.10.0-327.10.1.el7|3.10.0-327.13.1.el7|3.10.0-327.18.2.el7|3.10.0-327.22.2.el7|3.10.0-327.28.2.el7|3.10.0-327.28.3.el7|3.10.0-327.36.1.el7|3.10.0-327.36.2.el7|3.10.0-229.1.2.ael7b|3.10.0-229.4.2.ael7b|3.10.0-229.7.2.ael7b|3.10.0-229.11.1.ael7b|3.10.0-229.14.1.ael7b|3.10.0-229.20.1.ael7b|3.10.0-229.24.2.ael7b|3.10.0-229.26.2.ael7b|3.10.0-229.28.1.ael7b|3.10.0-229.30.1.ael7b|3.10.0-229.34.1.ael7b|3.10.0-229.38.1.ael7b|3.10.0-229.40.1.ael7b|3.10.0-229.42.1.ael7b|4.2.0-0.21.el7,[1;31;103m&[0m,"
2⤵
PID:939

/bin/sed
sed -E "s, 4.0.[0-9]+| 4.1.[0-9]+| 4.2.[0-9]+| 4.3.[0-9]+| 4.4.[0-9]+| 4.5.[0-9]+| 4.6.[0-9]+| 4.7.[0-9]+| 4.8.[0-9]+| 4.9.[0-9]+| 4.10.[0-9]+| 4.11.[0-9]+| 4.12.[0-9]+| 4.13.[0-9]+| 3.9.6| 3.9.0| 3.9| 3.8.9| 3.8.8| 3.8.7| 3.8.6| 3.8.5| 3.8.4| 3.8.3| 3.8.2| 3.8.1| 3.8.0| 3.8| 3.7.6| 3.7.0| 3.7| 3.6.0| 3.6| 3.5.0| 3.5| 3.4.9| 3.4.8| 3.4.6| 3.4.5| 3.4.4| 3.4.3| 3.4.2| 3.4.1| 3.4.0| 3.4| 3.3| 3.2| 3.19.0| 3.16.0| 3.15| 3.14| 3.13.1| 3.13.0| 3.13| 3.12.0| 3.12| 3.11.0| 3.11| 3.10.6| 3.10.0| 3.10| 3.1.0| 3.0.6| 3.0.5| 3.0.4| 3.0.3| 3.0.2| 3.0.1| 3.0.0| 2.6.9| 2.6.8| 2.6.7| 2.6.6| 2.6.5| 2.6.4| 2.6.39| 2.6.38| 2.6.37| 2.6.36| 2.6.35| 2.6.34| 2.6.33| 2.6.32| 2.6.31| 2.6.30| 2.6.3| 2.6.29| 2.6.28| 2.6.27| 2.6.26| 2.6.25| 2.6.24.1| 2.6.24| 2.6.23| 2.6.22| 2.6.21| 2.6.20| 2.6.2| 2.6.19| 2.6.18| 2.6.17| 2.6.16| 2.6.15| 2.6.14| 2.6.13| 2.6.12| 2.6.11| 2.6.10| 2.6.1| 2.6.0| 2.4.9| 2.4.8| 2.4.7| 2.4.6| 2.4.5| 2.4.4| 2.4.37| 2.4.36| 2.4.35| 2.4.34| 2.4.33| 2.4.32| 2.4.31| 2.4.30| 2.4.29| 2.4.28| 2.4.27| 2.4.26| 2.4.25| 2.4.24| 2.4.23| 2.4.22| 2.4.21| 2.4.20| 2.4.19| 2.4.18| 2.4.17| 2.4.16| 2.4.15| 2.4.14| 2.4.13| 2.4.12| 2.4.11| 2.4.10| 2.2.24,[1;31m&[0m,"
2⤵
- Reads runtime system information
PID:940

/bin/sed
sed -E "s,\$sudo\$|\$docker\$|\$lxd\$|\$disk\$|\$lxc\$,[1;31;103m&[0m,g"
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
- Reads runtime system information
PID:943

/bin/sed
sed -E "s,\$root\$|\$shadow\$|\$admin\$|\$video\$|\$adm\$|\$wheel\$|\$auth\$,[1;31m&[0m,g"
2⤵
PID:942

/bin/sed
sed -E "s,user|ImPoSSssSiBlEee,[1;96m&[0m,g"
2⤵
PID:944

/bin/sed
sed -E "s,_apt|backup|bin[\\s:]|^bin\$|daemon|Debian-exim|games|gnats|irc|list|lp|mail|man|messagebus|news|nobody|proxy|sshd|sync|systemd-bus-proxy|systemd-network|systemd-resolve|systemd-timesync|sys|uucp|www-data|ImPoSSssSiBlEee,[1;34m&[0m,g"
2⤵
PID:945

/bin/sed
sed -E "s,_amavisd|_analyticsd|_appinstalld|_appleevents|_applepay|_appowner|_appserver|_appstore|_ard|_assetcache|_astris|_atsserver|_avbdeviced|_calendar|_captiveagent|_ces|_clamav|_cmiodalassistants|_coreaudiod|_coremediaiod|_coreml|_ctkd|_cvmsroot|_cvs|_cyrus|_datadetectors|_demod|_devdocs|_devicemgr|_diskimagesiod|_displaypolicyd|_distnote|_dovecot|_dovenull|_dpaudio|_driverkit|_eppc|_findmydevice|_fpsd|_ftp|_fud|_gamecontrollerd|_geod|_hidd|_iconservices|_installassistant|_installcoordinationd|_installer|_jabber|_kadmin_admin|_kadmin_changepw|_knowledgegraphd|_krb_anonymous|_krb_changepw|_krb_kadmin|_krb_kerberos|_krb_krbtgt|_krbfast|_krbtgt|_launchservicesd|_lda|_locationd|_logd|_lp|_mailman|_mbsetupuser|_mcxalr|_mdnsresponder|_mobileasset|_mysql|_nearbyd|_netbios|_netstatistics|_networkd|_nsurlsessiond|_nsurlstoraged|_oahd|_ondemand|_postfix|_postgres|_qtss|_reportmemoryexception|_rmd|_sandbox|_screensaver|_scsd|_securityagent|_softwareupdate|_spotlight|_sshd|_svn|_taskgated|_teamsserver|_timed|_timezone|_tokend|_trustd|_trustevaluationagent|_unknown|_update_sharing|_usbmuxd|_uucp|_warmd|_webauthserver|_windowserver|_www|_wwwproxy|_xserverdocs|daemon\\W|^daemon\$|message\\+|syslog|www|www-data|mail|noboby|Debian\\-\\+|rtkit|systemd\\+,[1;32m&[0m,g"
2⤵
PID:946

/bin/sed
sed -E "s,\$lpadmin\$|\$cdrom\$|\$plugdev\$|\$nogroup\$,[1;32m&[0m,g"
2⤵
PID:947

/bin/sed
sed "s,root,[1;95m&[0m,g"
2⤵
PID:948

/usr/bin/id
id
2⤵
PID:950

/bin/sed
sed -E "s,euid|egid,[1;31m&[0m,g"
2⤵
- Reads runtime system information
PID:949

/bin/hostname
hostname
2⤵
PID:951

/bin/grep
grep "sh\$"
2⤵
PID:955

/usr/bin/cut
cut -d : -f 6
2⤵
PID:956

/bin/grep
grep -Ev "^/root|^/home|^/Users|^/var/www"
2⤵
PID:957

/usr/bin/tr
tr "\\n" " "
2⤵
PID:958

/bin/cat
cat /etc/passwd
2⤵
PID:954

/bin/grep
grep -q /home/root
2⤵
PID:960

/bin/grep
grep -qE "^/root|^/home|^/Users|^/var/www"
2⤵
PID:962

/bin/sed
sed "s/ *\$//g"
2⤵
- Reads runtime system information
PID:965

/usr/bin/tr
tr " " "|"
2⤵
PID:966

/bin/grep
grep -q procs_crons_timers_srvcs_sockets
2⤵
PID:968

/usr/bin/sort
sort
2⤵
PID:972

/usr/bin/find
find /applications -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name keyrings -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
PID:971

/usr/bin/sort
sort
2⤵
PID:976

/usr/bin/find
find /bin -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name keyrings -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
PID:975

/usr/bin/sort
sort
2⤵
PID:980

/usr/bin/find
find /.cache -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name keyrings -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
- Reads runtime system information
PID:979

/usr/bin/sort
sort
2⤵
PID:984

/usr/bin/find
find /cdrom -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name keyrings -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
PID:983

/usr/bin/sort
sort
2⤵
PID:988

/usr/bin/find
find /etc -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name kube-proxy -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name system-connections -o -name .vnc -o -name .bluemix -o -name zabbix -o -name kubelet -o -name keyrings -o -name pam.d -o -name kubernetes -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name bind -o -name system.d -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
PID:987

/usr/bin/find
find /home/ /Users/ /root/ /var/www -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name keyrings -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
PID:991

/usr/bin/sort
sort
2⤵
PID:992

/usr/bin/sort
sort
2⤵
PID:996

/usr/bin/find
find /media -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name keyrings -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
- Reads runtime system information
PID:995

/usr/bin/sort
sort
2⤵
PID:1000

/usr/bin/find
find /mnt -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name keyrings -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
PID:999

/usr/bin/sort
sort
2⤵
PID:1004

/usr/bin/find
find /opt -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name keyrings -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
PID:1003

/usr/bin/sort
sort
2⤵
PID:1008

/usr/bin/find
find /private -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name keyrings -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
PID:1007

/usr/bin/sort
sort
2⤵
PID:1012

/usr/bin/find
find /sbin -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name keyrings -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
PID:1011

/usr/bin/sort
sort
2⤵
PID:1016

/usr/bin/find
find /snap -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name keyrings -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
PID:1015

/usr/bin/sort
sort
2⤵
PID:1020

/usr/bin/find
find /srv -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name keyrings -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
PID:1019

/usr/bin/sort
sort
2⤵
PID:1024

/usr/bin/find
find /tmp -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name keyrings -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
PID:1023

/usr/bin/sort
sort
2⤵
PID:1028

/usr/bin/find
find /usr -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name keyrings -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name bind -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
PID:1027

/usr/bin/find
find /var -type d -name varnish -o -name dirsrv -o -name .svn -o -name mysql -o -name filezilla -o -name neo4j -o -name "*jenkins" -o -name roundcube -o -name doctl -o -name ErrorRecords -o -name kube-proxy -o -name couchdb -o -name logstash -o -name .cloudflared -o -name postfix -o -name legacy_credentials -o -name ipa -o -name gcloud -o -name "seeddms*" -o -name cacti -o -name environments -o -name sentry -o -name .vnc -o -name .bluemix -o -name zabbix -o -name kubelet -o -name keyrings -o -name kubernetes -o -name concourse-auth -o -name .irssi -o -name concourse-keys -o -name .password-store -o -name bind -o -name .docker -o -name nginx -o -name ldap -o -name ".kube*" -o -name sites-enabled
2⤵
PID:1064

/usr/bin/sort
sort
2⤵
PID:1065

/usr/bin/sort
sort
2⤵
PID:1069

/usr/bin/find
find /concourse-auth -type d -name concourse-auth
2⤵
PID:1068

/usr/bin/sort
sort
2⤵
PID:1073

/usr/bin/find
find /concourse-keys -type d -name concourse-keys
2⤵
PID:1072

/usr/bin/sort
sort
2⤵
PID:1077

/usr/bin/find
find /applications -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
- Reads runtime system information
PID:1076

/usr/bin/sort
sort
2⤵
PID:1081

/usr/bin/find
find /bin -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1080

/usr/bin/sort
sort
2⤵
PID:1085

/usr/bin/find
find /.cache -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1084

/usr/bin/sort
sort
2⤵
PID:1089

/usr/bin/find
find /cdrom -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1088

/usr/bin/sort
sort
2⤵
PID:1093

/usr/bin/find
find /etc -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name exports -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name "*knockd*" -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1092

/usr/bin/sort
sort
2⤵
PID:1097

/usr/bin/find
find /home/ /Users/ /root/ /var/www -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name "ssh*config" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1096

/usr/bin/find
find /lib -name rocketchat.service -o -name "*.socket" -o -name "*.service" -o -name "*.timer" -o -name "log4j-core*.jar"
2⤵
PID:1100

/usr/bin/sort
sort
2⤵
PID:1101

/usr/bin/sort
sort
2⤵
PID:1105

/usr/bin/find
find /lib32 -name "log4j-core*.jar" -o -name "*.service" -o -name "*.socket" -o -name "*.timer"
2⤵
PID:1104

/usr/bin/sort
sort
2⤵
PID:1109

/usr/bin/find
find /lib64 -name "log4j-core*.jar" -o -name "*.service" -o -name "*.socket" -o -name "*.timer"
2⤵
PID:1108

/usr/bin/sort
sort
2⤵
PID:1113

/usr/bin/find
find /media -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1112

/usr/bin/sort
sort
2⤵
PID:1117

/usr/bin/find
find /mnt -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name "sess_*" -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1116

/usr/bin/sort
sort
2⤵
PID:1121

/usr/bin/find
find /opt -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1120

/usr/bin/sort
sort
2⤵
PID:1125

/usr/bin/find
find /private -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name "sess_*" -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
- Reads runtime system information
PID:1124

/usr/bin/sort
sort
2⤵
PID:1129

/usr/bin/find
find /run -name "*.service" -o -name "*.socket" -o -name "*.timer"
2⤵
PID:1128

/usr/bin/sort
sort
2⤵
PID:1133

/usr/bin/find
find /sbin -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1132

/usr/bin/sort
sort
2⤵
PID:1137

/usr/bin/find
find /snap -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
- Reads runtime system information
PID:1136

/usr/bin/sort
sort
2⤵
PID:1141

/usr/bin/find
find /srv -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1140

/usr/bin/sort
sort
2⤵
PID:1145

/usr/bin/find
find /sys -name "*.service" -o -name "*.socket" -o -name "*.timer"
2⤵
PID:1144

/usr/bin/sort
sort
2⤵
PID:1149

/usr/bin/find
find /system -name "*.service" -o -name "*.socket" -o -name "*.timer"
2⤵
PID:1148

/usr/bin/sort
sort
2⤵
PID:1153

/usr/bin/find
find /systemd -name rocketchat.service -o -name "*.service" -o -name "*.socket" -o -name "*.timer"
2⤵
PID:1152

/usr/bin/sort
sort
2⤵
PID:1157

/usr/bin/find
find /tmp -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name "sess_*" -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name "agent*" -o -name kcpassword -o -name "*.pem" -o -name SYSTEM -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name passwd.ibd -o -name azureProfile.json -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1156

/usr/bin/sort
sort
2⤵
PID:1161

/usr/bin/find
find /usr -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name "ssh*config" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1160

/usr/bin/sort
sort
2⤵
PID:1165

/usr/bin/find
find /var -name autounattend.xml -o -name "*.ovpn" -o -name "*.vmdk" -o -name accessTokens.json -o -name .bashrc -o -name ConsoleHost_history.txt -o -name bitcoin.conf -o -name protecteduserkey.bin -o -name pwd.ibd -o -name gitlab.rm -o -name postgresql.conf -o -name .roadtools_auth -o -name influxdb.conf -o -name "id_rsa*" -o -name autologin.conf -o -name sysprep.xml -o -name known_hosts -o -name "*vnc*.c*nf*" -o -name .google_authenticator -o -name drives.xml -o -name legacy_credentials.db -o -name gvm-tools.conf -o -name AppEvent.Evt -o -name .wgetrc -o -name zabbix_agentd.conf -o -name psk.txt -o -name "sess_*" -o -name AzureRMContext.json -o -name wcx_ftp.ini -o -name "*.sqlite" -o -name mariadb.cnf -o -name credentials.db -o -name crio.sock -o -name groups.xml -o -name pgsql.conf -o -name zabbix_server.conf -o -name https-xampp.conf -o -name nginx.conf -o -name docker.sock -o -name KeePass.ini -o -name db.php -o -name "elasticsearch.y*ml" -o -name pgadmin4.db -o -name "KeePass.config*" -o -name .htpasswd -o -name ddclient.conf -o -name Elastix.conf -o -name appcmd.exe -o -name .profile -o -name "krb5cc_*" -o -name printers.xml -o -name secrets.ldb -o -name "*.keyring" -o -name ipsec.conf -o -name fat.config -o -name "*.gnupg" -o -name sentry.conf.py -o -name software.sav -o -name .credentials.json -o -name SecEvent.Evt -o -name "*.p12" -o -name "*_history*" -o -name backups -o -name "*.csr" -o -name passbolt.php -o -name smb.conf -o -name RDCMan.settings -o -name sitemanager.xml -o -name hostapd.conf -o -name sssd.conf -o -name secrets.yml -o -name gitlab.yml -o -name "*credential*" -o -name amportal.conf -o -name filezilla.xml -o -name kadm5.acl -o -name mosquitto.conf -o -name containerd.sock -o -name "*.kdbx" -o -name passwd -o -name "*.keytab" -o -name "*.socket" -o -name access.log -o -name cesi.conf -o -name racoon.conf -o -name "*.timer" -o -name grafana.ini -o -name fastcgi_params -o -name setupinfo -o -name "*.der" -o -name datasources.xml -o -name "*vnc*.ini" -o -name tomcat-users.xml -o -name iis6.log -o -name rktlet.sock -o -name "*.pgp" -o -name kcpassword -o -name SYSTEM -o -name "*.pem" -o -name webserver_config.py -o -name "id_dsa*" -o -name access_tokens.json -o -name docker-compose.yml -o -name httpd.conf -o -name "*.keystore" -o -name glusterfs.ca -o -name winscp.ini -o -name master.key -o -name FreePBX.conf -o -name recentservers.xml -o -name sysprep.inf -o -name .k5login -o -name "KeePass.enforced*" -o -name docker.socket -o -name .lesshst -o -name "web*.config" -o -name wsl.exe -o -name "*.pfx" -o -name rpcd -o -name unattend.txt -o -name vault-ssh-helper.hcl -o -name hudson.util.Secret -o -name ftp.ini -o -name system.sav -o -name jetty-realm.properties -o -name "*.tf" -o -name error.log -o -name .vault-token -o -name hosts.equiv -o -name glusterfs.pem -o -name setupinfo.bak -o -name "*.key" -o -name "*vnc*.txt" -o -name "*.pub" -o -name .boto -o -name rocketchat.service -o -name "*.psk" -o -name config.xml -o -name ntuser.dat -o -name server.xml -o -name .ldaprc -o -name https.conf -o -name unattended.xml -o -name "*password*" -o -name adc.json -o -name .flyrc -o -name "*.crt" -o -name "*.sqlite3" -o -name my.cnf -o -name "password*.ibd" -o -name .gitconfig -o -name supervisord.conf -o -name sip.conf -o -name "pgadmin*.db" -o -name vsftpd.conf -o -name default.sav -o -name anaconda-ks.cfg -o -name "*.tfstate" -o -name api_key -o -name "*.db" -o -name "creds*" -o -name .msmtprc -o -name rsyncd.secrets -o -name SAM -o -name "*.service" -o -name .git-credentials -o -name wp-config.php -o -name debian.cnf -o -name FreeSSHDservice.ini -o -name bash.exe -o -name "*.jks" -o -name "*.viminfo" -o -name ffftp.ini -o -name sites.ini -o -name credentials.xml -o -name "*config*.php" -o -name "*.cer" -o -name airflow.cfg -o -name Ntds.dit -o -name config.php -o -name .git -o -name azureProfile.json -o -name passwd.ibd -o -name ipsec.secrets -o -name database.php -o -name pg_hba.conf -o -name 000-default.conf -o -name .plan -o -name autologin -o -name "*.rdg" -o -name security.sav -o -name "*vnc*.xml" -o -name cloud.cfg -o -name .erlang.cookie -o -name "*.gpg" -o -name index.dat -o -name "*.ftpconfig" -o -name frakti.sock -o -name software -o -name .secrets.mkey -o -name .recently-used.xbel -o -name "mongod*.conf" -o -name .pypirc -o -name unattend.xml -o -name settings.php -o -name firebase-tools.json -o -name plum.sqlite -o -name NetSetup.log -o -name redis.conf -o -name "log4j-core*.jar" -o -name snmpd.conf -o -name krb5.conf -o -name pagefile.sys -o -name "kibana.y*ml" -o -name scclient.exe -o -name "*.vhdx" -o -name storage.php -o -name .rhosts -o -name atlantis.db -o -name my.ini -o -name access_tokens.db -o -name php.ini -o -name snyk.json -o -name ".env*" -o -name .github -o -name rsyncd.conf -o -name TokenCache.dat -o -name glusterfs.key -o -name .Xauthority -o -name Dockerfile -o -name ftp.config -o -name dockershim.sock -o -name "*.vhd" -o -name snyk.config.json -o -name unattend.inf -o -name authorized_keys -o -name ws_ftp.ini -o -name "*.swp" -o -name authorized_hosts -o -name mysqld.cnf -o -name scheduledtasks.xml -o -name backup -o -name .sudo_as_admin_successful
2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1164

/usr/bin/sort
sort
2⤵
PID:1169

/usr/bin/find
find /concourse-auth -name "*.service" -o -name "*.socket" -o -name "*.timer"
2⤵
PID:1168

/usr/bin/sort
sort
2⤵
PID:1173

/usr/bin/find
find /concourse-keys -name "*.service" -o -name "*.socket" -o -name "*.timer"
2⤵
PID:1172

/bin/grep
grep -q procs_crons_timers_srvcs_sockets
2⤵
PID:1175

/bin/grep
grep -E ".*\\.service\$"
2⤵
PID:1179

/usr/bin/sort
sort
2⤵
PID:1180

/bin/grep
grep -E "^/sys|^/cdrom|^/home/|/Users/|/root/|/var/www|^/snap|^/srv|^/lib64|^/media|^/bin|^/run|^/concourse-auth|^/systemd|^/private|^/tmp|^/lib|^/.cache|^/system|^/sbin|^/mnt|^/lib32|^/applications|^/etc|^/concourse-keys|^/opt|^/usr|^/var"
2⤵
PID:1178

/usr/bin/uniq
uniq
2⤵
PID:1181

/usr/bin/head
head -n 70
2⤵
PID:1182

/bin/grep
grep -E ".*\\.timer\$"
2⤵
PID:1186

/usr/bin/sort
sort
2⤵
PID:1187

/bin/grep
grep -E "^/sys|^/cdrom|^/home/|/Users/|/root/|/var/www|^/snap|^/srv|^/lib64|^/media|^/bin|^/run|^/concourse-auth|^/systemd|^/private|^/tmp|^/lib|^/.cache|^/system|^/sbin|^/mnt|^/lib32|^/applications|^/etc|^/concourse-keys|^/opt|^/usr|^/var"
2⤵
PID:1185

/usr/bin/uniq
uniq
2⤵
PID:1188

/usr/bin/head
head -n 70
2⤵
PID:1189

/bin/grep
grep -E ".*\\.socket\$"
2⤵
PID:1193

/usr/bin/sort
sort
2⤵
PID:1194

/bin/grep
grep -E "^/sys|^/cdrom|^/home/|/Users/|/root/|/var/www|^/snap|^/srv|^/lib64|^/media|^/bin|^/run|^/concourse-auth|^/systemd|^/private|^/tmp|^/lib|^/.cache|^/system|^/sbin|^/mnt|^/lib32|^/applications|^/etc|^/concourse-keys|^/opt|^/usr|^/var"
2⤵
PID:1192

/usr/bin/uniq
uniq
2⤵
PID:1195

/usr/bin/head
head -n 70
2⤵
PID:1196

/bin/grep
grep -E "system\\.d\$"
2⤵
PID:1200

/bin/grep
grep -E "^/etc"
2⤵
PID:1199

/usr/bin/sort
sort
2⤵
PID:1201

/usr/bin/uniq
uniq
2⤵
PID:1202

/usr/bin/head
head -n 70
2⤵
PID:1203

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1208

/bin/grep
grep -E "^/etc/.*mysql|/usr/var/lib/.*mysql|/var/lib/.*mysql"
2⤵
PID:1207

/bin/grep
grep -E "mysql\$|passwd\\.ibd\$|password.*\\.ibd\$|pwd\\.ibd\$|mysqld\\.cnf\$"
2⤵
PID:1209

/bin/grep
grep -v -E mysql/mysql
2⤵
PID:1206

/usr/bin/sort
sort
2⤵
PID:1210

/usr/bin/uniq
uniq
2⤵
PID:1211

/usr/bin/head
head -n 70
2⤵
PID:1212

/bin/grep
grep -E "mariadb\\.cnf\$|debian\\.cnf\$"
2⤵
PID:1216

/usr/bin/sort
sort
2⤵
PID:1217

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1215

/usr/bin/uniq
uniq
2⤵
PID:1218

/usr/bin/head
head -n 70
2⤵
PID:1219

/bin/grep
grep -E "pgadmin.*\\.db\$|pg_hba\\.conf\$|postgresql\\.conf\$|pgsql\\.conf\$|pgadmin4\\.db\$"
2⤵
PID:1223

/usr/bin/sort
sort
2⤵
PID:1224

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1222

/usr/bin/uniq
uniq
2⤵
PID:1225

/usr/bin/head
head -n 70
2⤵
PID:1226

/bin/grep
grep -E "sites-enabled\$|000-default\\.conf\$|php\\.ini\$|nginx\\.conf\$|nginx\$"
2⤵
PID:1230

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1229

/usr/bin/sort
sort
2⤵
PID:1231

/usr/bin/uniq
uniq
2⤵
PID:1232

/usr/bin/head
head -n 70
2⤵
PID:1233

/bin/grep
grep -E "varnish\$"
2⤵
PID:1237

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1236

/usr/bin/sort
sort
2⤵
PID:1238

/usr/bin/uniq
uniq
2⤵
PID:1239

/usr/bin/head
head -n 70
2⤵
PID:1240

/bin/grep
grep -E "sess_.*\$"
2⤵
PID:1245

/bin/grep
grep -E "^/tmp|^/private|^/mnt|^/var"
2⤵
PID:1244

/bin/grep
grep -E "/tmp/.*sess_.*|/var/tmp/.*sess_.*"
2⤵
PID:1243

/usr/bin/sort
sort
2⤵
PID:1246

/usr/bin/uniq
uniq
2⤵
PID:1247

/usr/bin/head
head -n 70
2⤵
PID:1248

/bin/grep
grep -E ".*config.*\\.php\$|database\\.php\$|db\\.php\$|storage\\.php\$|settings\\.php\$"
2⤵
PID:1252

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1251

/usr/bin/sort
sort
2⤵
PID:1253

/usr/bin/uniq
uniq
2⤵
PID:1254

/usr/bin/head
head -n 70
2⤵
PID:1255

/bin/grep
grep -E "airflow\\.cfg\$|webserver_config\\.py\$"
2⤵
PID:1259

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1258

/usr/bin/sort
sort
2⤵
PID:1260

/usr/bin/uniq
uniq
2⤵
PID:1261

/usr/bin/head
head -n 70
2⤵
PID:1262

/bin/grep
grep -E "\\.Xauthority\$"
2⤵
PID:1266

/usr/bin/sort
sort
2⤵
PID:1267

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1265

/usr/bin/uniq
uniq
2⤵
PID:1268

/usr/bin/head
head -n 70
2⤵
PID:1269

/bin/grep
grep -E "wp-config\\.php\$"
2⤵
PID:1273

/usr/bin/sort
sort
2⤵
PID:1274

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1272

/usr/bin/uniq
uniq
2⤵
PID:1275

/usr/bin/head
head -n 70
2⤵
PID:1276

/bin/grep
grep -E "settings\\.php\$"
2⤵
PID:1281

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1280

/usr/bin/sort
sort
2⤵
PID:1282

/bin/grep
grep -E /default/settings.php
2⤵
PID:1279

/usr/bin/uniq
uniq
2⤵
PID:1283

/usr/bin/head
head -n 70
2⤵
PID:1284

/bin/grep
grep -E "config\\.php\$"
2⤵
PID:1289

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1288

/bin/grep
grep -E moodle/config.php
2⤵
PID:1287

/usr/bin/sort
sort
2⤵
PID:1290

/usr/bin/uniq
uniq
2⤵
PID:1291

/usr/bin/head
head -n 70
2⤵
PID:1292

/bin/grep
grep -E "tomcat-users\\.xml\$"
2⤵
PID:1296

/usr/bin/sort
sort
2⤵
PID:1297

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1295

/usr/bin/uniq
uniq
2⤵
PID:1298

/usr/bin/head
head -n 70
2⤵
PID:1299

/bin/grep
grep -E "mongod.*\\.conf\$"
2⤵
PID:1303

/usr/bin/sort
sort
2⤵
PID:1304

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1302

/usr/bin/uniq
uniq
2⤵
PID:1305

/usr/bin/head
head -n 70
2⤵
PID:1306

/bin/grep
grep -E "rocketchat\\.service\$"
2⤵
PID:1310

/usr/bin/sort
sort
2⤵
PID:1311

/bin/grep
grep -E "^/private|^/snap|^/systemd|^/applications|^/tmp|^/lib|^/srv|^/etc|^/.cache|^/bin|^/cdrom|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1309

/usr/bin/uniq
uniq
2⤵
PID:1312

/usr/bin/head
head -n 70
2⤵
PID:1313

/bin/grep
grep -E "supervisord\\.conf\$"
2⤵
PID:1317

/usr/bin/sort
sort
2⤵
PID:1318

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1316

/usr/bin/uniq
uniq
2⤵
PID:1319

/usr/bin/head
head -n 70
2⤵
PID:1320

/bin/grep
grep -E "cesi\\.conf\$"
2⤵
PID:1324

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1323

/usr/bin/sort
sort
2⤵
PID:1325

/usr/bin/uniq
uniq
2⤵
PID:1326

/usr/bin/head
head -n 70
2⤵
PID:1327

/bin/grep
grep -E "rsyncd\\.conf\$|rsyncd\\.secrets\$"
2⤵
PID:1331

/usr/bin/sort
sort
2⤵
PID:1332

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1330

/usr/bin/uniq
uniq
2⤵
PID:1333

/usr/bin/head
head -n 70
2⤵
PID:1334

/bin/grep
grep -E "rpcd\$"
2⤵
PID:1339

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1338

/usr/bin/sort
sort
2⤵
PID:1340

/bin/grep
grep -v -E "/init.d/|/sbin/|/usr/share/"
2⤵
PID:1337

/usr/bin/uniq
uniq
2⤵
PID:1341

/usr/bin/head
head -n 70
2⤵
PID:1342

/bin/grep
grep -E "bitcoin\\.conf\$"
2⤵
PID:1346

/usr/bin/sort
sort
2⤵
PID:1347

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1345

/usr/bin/uniq
uniq
2⤵
PID:1348

/usr/bin/head
head -n 70
2⤵
PID:1349

/bin/grep
grep -E "hostapd\\.conf\$"
2⤵
PID:1353

/usr/bin/sort
sort
2⤵
PID:1354

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1352

/usr/bin/uniq
uniq
2⤵
PID:1355

/usr/bin/head
head -n 70
2⤵
PID:1356

/bin/grep
grep -E "system-connections\$"
2⤵
PID:1360

/usr/bin/sort
sort
2⤵
PID:1361

/bin/grep
grep -E "^/etc"
2⤵
PID:1359

/usr/bin/uniq
uniq
2⤵
PID:1362

/usr/bin/head
head -n 70
2⤵
PID:1363

/bin/grep
grep -E "pam\\.d\$"
2⤵
PID:1367

/bin/grep
grep -E "^/etc"
2⤵
PID:1366

/usr/bin/sort
sort
2⤵
PID:1368

/usr/bin/uniq
uniq
2⤵
PID:1369

/usr/bin/head
head -n 70
2⤵
PID:1370

/bin/grep
grep -E "exports\$"
2⤵
PID:1374

/bin/grep
grep -E "^/etc"
2⤵
PID:1373

/usr/bin/sort
sort
2⤵
PID:1375

/usr/bin/uniq
uniq
2⤵
PID:1376

/usr/bin/head
head -n 70
2⤵
PID:1377

/bin/grep
grep -E "glusterfs\\.pem\$|glusterfs\\.ca\$|glusterfs\\.key\$"
2⤵
PID:1381

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1380

/usr/bin/sort
sort
2⤵
PID:1382

/usr/bin/uniq
uniq
2⤵
PID:1383

/usr/bin/head
head -n 70
2⤵
PID:1384

/bin/grep
grep -E "anaconda-ks\\.cfg\$"
2⤵
PID:1388

/usr/bin/sort
sort
2⤵
PID:1389

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1387

/usr/bin/uniq
uniq
2⤵
PID:1390

/usr/bin/head
head -n 70
2⤵
PID:1391

/bin/grep
grep -E ".*\\.tfstate\$|.*\\.tf\$"
2⤵
PID:1395

/usr/bin/sort
sort
2⤵
PID:1396

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1394

/usr/bin/uniq
uniq
2⤵
PID:1397

/usr/bin/head
head -n 70
2⤵
PID:1398

/bin/grep
grep -E "racoon\\.conf\$|psk\\.txt\$"
2⤵
PID:1402

/usr/bin/sort
sort
2⤵
PID:1403

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1401

/usr/bin/uniq
uniq
2⤵
PID:1404

/usr/bin/head
head -n 70
2⤵
PID:1405

/bin/grep
grep -E "kubeconfig\$|bootstrap-kubeconfig\$|kubelet-kubeconfig\$|kubelet\\.conf\$|psk\\.txt\$|\\.kube.*\$|kubelet\$|kube-proxy\$|kubernetes\$"
2⤵
PID:1409

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1408

/usr/bin/sort
sort
2⤵
PID:1410

/usr/bin/uniq
uniq
2⤵
PID:1411

/usr/bin/head
head -n 70
2⤵
PID:1412

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1416

/bin/grep
grep -v -E /mime/
2⤵
PID:1415

/usr/bin/sort
sort
2⤵
PID:1418

/bin/grep
grep -E "\\.vnc\$|.*vnc.*\\.c.*nf.*\$|.*vnc.*\\.ini\$|.*vnc.*\\.txt\$|.*vnc.*\\.xml\$"
2⤵
PID:1417

/usr/bin/uniq
uniq
2⤵
PID:1419

/usr/bin/head
head -n 70
2⤵
PID:1420

/bin/grep
grep -E "ldap\$"
2⤵
PID:1424

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1423

/usr/bin/sort
sort
2⤵
PID:1425

/usr/bin/uniq
uniq
2⤵
PID:1426

/usr/bin/head
head -n 70
2⤵
PID:1427

/bin/grep
grep -E "log4j-core.*\\.jar\$"
2⤵
PID:1431

/bin/grep
grep -E "^/cdrom|^/home/|/Users/|/root/|/var/www|^/snap|^/srv|^/lib64|^/media|^/bin|^/private|^/tmp|^/lib|^/.cache|^/sbin|^/mnt|^/lib32|^/applications|^/etc|^/opt|^/usr|^/var"
2⤵
PID:1430

/usr/bin/sort
sort
2⤵
PID:1432

/usr/bin/uniq
uniq
2⤵
PID:1433

/usr/bin/head
head -n 70
2⤵
PID:1434

/bin/grep
grep -E ".*\\.ovpn\$"
2⤵
PID:1438

/usr/bin/sort
sort
2⤵
PID:1439

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1437

/usr/bin/uniq
uniq
2⤵
PID:1440

/usr/bin/head
head -n 70
2⤵
PID:1441

/bin/grep
grep -E "id_dsa.*\$|id_rsa.*\$|known_hosts\$|authorized_hosts\$|authorized_keys\$|.*\\.pub\$"
2⤵
PID:1445

/usr/bin/sort
sort
2⤵
PID:1446

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1444

/usr/bin/uniq
uniq
2⤵
PID:1447

/usr/bin/head
head -n 70
2⤵
PID:1448

/bin/grep
grep -E ".*\\.pem\$|.*\\.cer\$|.*\\.crt\$"
2⤵
PID:1453

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1452

/bin/grep
grep -v -E "/usr/share/|/usr/local/lib/|/usr/lib.*"
2⤵
PID:1451

/usr/bin/sort
sort
2⤵
PID:1454

/usr/bin/uniq
uniq
2⤵
PID:1455

/usr/bin/head
head -n 70
2⤵
PID:1456

/bin/grep
grep -E ".*\\.csr\$|.*\\.der\$"
2⤵
PID:1461

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1460

/bin/grep
grep -v -E "^/usr/share/|/usr/local/lib/|/usr/lib/.*|/usr/share/|/usr/local/lib/|/usr/lib/.*"
2⤵
PID:1459

/usr/bin/sort
sort
2⤵
PID:1462

/usr/bin/uniq
uniq
2⤵
PID:1463

/usr/bin/head
head -n 70
2⤵
PID:1464

/bin/grep
grep -E ".*\\.pfx\$|.*\\.p12\$"
2⤵
PID:1469

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1468

/usr/bin/sort
sort
2⤵
PID:1470

/bin/grep
grep -v -E "/usr/share/|/usr/local/lib/|/usr/lib/.*"
2⤵
PID:1467

/usr/bin/uniq
uniq
2⤵
PID:1471

/usr/bin/head
head -n 70
2⤵
PID:1472

/bin/grep
grep -E "agent.*\$"
2⤵
PID:1477

/bin/grep
grep -E "^/tmp"
2⤵
PID:1476

/bin/grep
grep -v -E .dll
2⤵
PID:1475

/usr/bin/sort
sort
2⤵
PID:1478

/usr/bin/uniq
uniq
2⤵
PID:1479

/usr/bin/head
head -n 70
2⤵
PID:1480

/bin/grep
grep -E "ssh.*config\$"
2⤵
PID:1484

/usr/bin/sort
sort
2⤵
PID:1485

/bin/grep
grep -E "^/home/|/Users/|/root/|/var/www|^/usr"
2⤵
PID:1483

/usr/bin/uniq
uniq
2⤵
PID:1486

/usr/bin/head
head -n 70
2⤵
PID:1487

/bin/grep
grep -E "snyk\\.json\$|snyk\\.config\\.json\$"
2⤵
PID:1491

/usr/bin/sort
sort
2⤵
PID:1492

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1490

/usr/bin/uniq
uniq
2⤵
PID:1493

/usr/bin/head
head -n 70
2⤵
PID:1494

/bin/grep
grep -E "credentials\\.db\$|legacy_credentials\\.db\$|adc\\.json\$|\\.boto\$|\\.credentials\\.json\$|firebase-tools\\.json\$|access_tokens\\.db\$|access_tokens\\.json\$|accessTokens\\.json\$|gcloud\$|legacy_credentials\$|azureProfile\\.json\$|TokenCache\\.dat\$|AzureRMContext\\.json\$|ErrorRecords\$|TokenCache\\.dat\$|\\.bluemix\$|doctl\$"
2⤵
PID:1498

/usr/bin/sort
sort
2⤵
PID:1499

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1497

/usr/bin/uniq
uniq
2⤵
PID:1500

/usr/bin/head
head -n 70
2⤵
PID:1501

/bin/grep
grep -E "\\.roadtools_auth\$"
2⤵
PID:1505

/usr/bin/sort
sort
2⤵
PID:1506

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1504

/usr/bin/uniq
uniq
2⤵
PID:1507

/usr/bin/head
head -n 70
2⤵
PID:1508

/bin/grep
grep -E "ipa\$|dirsrv\$"
2⤵
- System Network Configuration Discovery
PID:1512

/usr/bin/sort
sort
2⤵
PID:1513

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1511

/usr/bin/uniq
uniq
2⤵
PID:1514

/usr/bin/head
head -n 70
2⤵
PID:1515

/bin/grep
grep -E "krb5\\.conf\$|.*\\.keytab\$|\\.k5login\$|krb5cc_.*\$|kadm5\\.acl\$|secrets\\.ldb\$|\\.secrets\\.mkey\$|sssd\\.conf\$"
2⤵
PID:1519

/usr/bin/sort
sort
2⤵
PID:1520

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1518

/usr/bin/uniq
uniq
2⤵
PID:1521

/usr/bin/head
head -n 70
2⤵
PID:1522

/bin/grep
grep -E "kibana\\.y.*ml\$"
2⤵
PID:1526

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1525

/usr/bin/sort
sort
2⤵
PID:1527

/usr/bin/uniq
uniq
2⤵
PID:1528

/usr/bin/head
head -n 70
2⤵
PID:1529

/bin/grep
grep -E "grafana\\.ini\$"
2⤵
PID:1533

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1532

/usr/bin/sort
sort
2⤵
PID:1534

/usr/bin/uniq
uniq
2⤵
PID:1535

/usr/bin/head
head -n 70
2⤵
PID:1536

/bin/grep
grep -E ".*knockd.*\$"
2⤵
PID:1541

/bin/grep
grep -E "^/etc"
2⤵
PID:1540

/bin/grep
grep -E /etc/init.d/
2⤵
PID:1539

/usr/bin/sort
sort
2⤵
PID:1542

/usr/bin/uniq
uniq
2⤵
PID:1543

/usr/bin/head
head -n 70
2⤵
PID:1544

/bin/grep
grep -E "logstash\$"
2⤵
PID:1548

/usr/bin/sort
sort
2⤵
PID:1549

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1547

/usr/bin/uniq
uniq
2⤵
PID:1550

/usr/bin/head
head -n 70
2⤵
PID:1551

/bin/grep
grep -E "elasticsearch\\.y.*ml\$"
2⤵
PID:1555

/usr/bin/sort
sort
2⤵
PID:1556

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1554

/usr/bin/uniq
uniq
2⤵
PID:1557

/usr/bin/head
head -n 70
2⤵
PID:1558

/bin/grep
grep -E "vault-ssh-helper\\.hcl\$"
2⤵
PID:1562

/usr/bin/sort
sort
2⤵
PID:1563

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1561

/usr/bin/uniq
uniq
2⤵
PID:1564

/usr/bin/head
head -n 70
2⤵
PID:1565

/bin/grep
grep -E "\\.vault-token\$"
2⤵
PID:1569

/usr/bin/sort
sort
2⤵
PID:1570

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1568

/usr/bin/uniq
uniq
2⤵
PID:1571

/usr/bin/head
head -n 70
2⤵
PID:1572

/bin/grep
grep -E "couchdb\$"
2⤵
PID:1576

/usr/bin/sort
sort
2⤵
PID:1577

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1575

/usr/bin/uniq
uniq
2⤵
PID:1578

/usr/bin/head
head -n 70
2⤵
PID:1579

/bin/grep
grep -E "redis\\.conf\$"
2⤵
PID:1583

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1582

/usr/bin/sort
sort
2⤵
PID:1584

/usr/bin/uniq
uniq
2⤵
PID:1585

/usr/bin/head
head -n 70
2⤵
PID:1586

/bin/grep
grep -E "mosquitto\\.conf\$"
2⤵
PID:1590

/usr/bin/sort
sort
2⤵
PID:1591

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1589

/usr/bin/uniq
uniq
2⤵
PID:1592

/usr/bin/head
head -n 70
2⤵
PID:1593

/bin/grep
grep -E "neo4j\$"
2⤵
PID:1597

/usr/bin/sort
sort
2⤵
PID:1598

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1596

/usr/bin/uniq
uniq
2⤵
PID:1599

/usr/bin/head
head -n 70
2⤵
PID:1600

/bin/grep
grep -E "cloud\\.cfg\$"
2⤵
PID:1604

/bin/grep
grep -E "^/private|^/snap|^/applications|^/tmp|^/srv|^/etc|^/cdrom|^/.cache|^/bin|^/media|^/mnt|^/home/|/Users/|/root/|/var/www|^/opt|^/sbin|^/usr|^/var"
2⤵
PID:1603

/usr/bin/sort
sort
2⤵
PID:1605

/usr/bin/uniq
uniq
2⤵
PID:1606

/usr/bin/head
head -n 70
2⤵
PID:1607

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads