type=PROCTITLE msg=audit(02/20/2025 10:02:51.145:89899) : proctitle=grep -EiH az login|enable_autologin|7z|unzip|useradd|linenum|linpeas|mkpasswd|htpasswd|openssl|PASSW|passw|shadow|roadrecon auth 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.194:44535) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.192:44534) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.184:44533) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.184:44532) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.182:44531) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.179:44530) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.176:44529) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.176:44528) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.176:44527) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.176:44526) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.176:44525) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.176:44524) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.176:44523) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.173:44522) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.170:44521) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.167:44520) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.167:44519) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.167:44518) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.164:44517) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.164:44516) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.161:44515) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.161:44514) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.161:44513) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.159:44512) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.159:44511) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.156:44510) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.156:44509) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.156:44508) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.154:44507) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.154:44506) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.145:44505) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.145:44504) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.139:44502) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.138:44501) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.138:44500) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.131:44499) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.131:44498) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.131:44497) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.131:44496) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.131:44495) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.131:44494) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.130:44493) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.130:44492) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:25.122:44491) : proctitle=/sbin/useradd -d /home/malware_user2 -g malware_user2 -s /bin/bash -u 1003 malware_user2 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.898:44443) : proctitle=sudo useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.896:44442) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.895:44441) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.895:44440) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.893:44439) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.892:44438) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.889:44437) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.888:44436) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.888:44435) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.888:44434) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.886:44433) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.886:44432) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.886:44431) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.886:44430) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.884:44429) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.884:44428) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.881:44427) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.881:44426) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.881:44425) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.877:44424) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.876:44423) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.874:44422) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.874:44421) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.874:44420) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.872:44419) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.872:44418) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.870:44417) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.870:44416) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.870:44415) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.868:44414) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.868:44413) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.866:44412) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.866:44411) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.865:44410) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.863:44409) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.863:44408) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.861:44407) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.861:44406) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.860:44405) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.858:44404) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.858:44403) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.855:44402) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.855:44401) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.851:44399) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.849:44397) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.849:44396) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.845:44395) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.844:44394) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.843:44393) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.843:44392) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.843:44391) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.843:44390) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.842:44389) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.842:44388) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.822:44387) : proctitle=useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.814:44384) : proctitle=sudo useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.814:44383) : proctitle=sudo useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.813:44380) : proctitle=sudo useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.808:44379) : proctitle=sudo useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.808:44378) : proctitle=sudo useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.808:44377) : proctitle=sudo useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.807:44376) : proctitle=sudo useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.807:44375) : proctitle=sudo useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.804:44370) : proctitle=sudo useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.804:44369) : proctitle=sudo useradd malware_user 
type=PROCTITLE msg=audit(02/20/2025 10:00:24.796:44368) : proctitle=sudo useradd malware_user