Analysis
-
max time kernel
0s -
max time network
67s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
04/03/2023, 20:48
Static task
static1
Behavioral task
behavioral1
Sample
run.sh
Resource
ubuntu1804-amd64-en-20211208
General
-
Target
run.sh
-
Size
8KB
-
MD5
e34bac21135beadf24e557e6a8cd7a64
-
SHA1
def390dddd27d379d4fb38c80fc69d7997425ff8
-
SHA256
82c388aafffef7d131167904bba3a514f2480757489b0810d04437050784ad31
-
SHA512
8bacb26ecd8a6157e6eaedc271db20590fe62848c4e742339384c01e4fcb1df4a8f19a089c950337061b40998a9de52666e0a3c232aed69080be1a26ee2242c8
-
SSDEEP
96:bCUA/F3XH3t3Zu5bufqufVuHWK7ZXkTKk9kfKkQkRkfIk4kv2k8kalhX5KsU6uZR:b7qnpWAFuWK71gVfwzXUstqVk8EbYF
Malware Config
Signatures
-
Deletes system logs 1 TTPs 2 IoCs
description ioc Process /var/log/wtmp /var/log/wtmp run.sh /var/log/secure /var/log/secure run.sh -
Modifies hosts file 2 IoCs
Adds to hosts file used for mapping hosts to IP addresses.
description ioc Process /etc/hosts /etc/hosts http /etc/hosts /etc/hosts http -
Writes DNS configuration 1 TTPs 4 IoCs
Writes data to DNS resolver config file.
description ioc Process /etc/resolv.conf /etc/resolv.conf http /etc/resolv.conf /etc/resolv.conf grep /etc/resolv.conf /etc/resolv.conf run.sh /etc/resolv.conf /etc/resolv.conf http -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
description ioc Process /var/spool/cron/crontabs /var/spool/cron/crontabs rm -
Write file to user bin folder 1 TTPs 4 IoCs
description ioc Process /usr/bin/apt-key /usr/bin/apt-key apt-key /usr/bin/apt-key /usr/bin/apt-key apt-key /usr/bin/apt-key /usr/bin/apt-key apt-key /usr/bin/apt-key /usr/bin/apt-key apt-key -
Reads CPU attributes 1 TTPs 1 IoCs
description ioc Process /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process /proc/25/status /proc/25/status ps /proc/193/cmdline /proc/193/cmdline ps /proc/347/stat /proc/347/stat ps /proc/369/cmdline /proc/369/cmdline ps /proc/600/cmdline /proc/600/cmdline ps /proc/meminfo /proc/meminfo ps /proc/252/cmdline /proc/252/cmdline ps /proc/286/stat /proc/286/stat ps /proc/418/cmdline /proc/418/cmdline ps /proc/filesystems /proc/filesystems dpkg /proc/29/status /proc/29/status ps /proc/80/cmdline /proc/80/cmdline ps /proc/154/status /proc/154/status ps /proc/162/stat /proc/162/stat ps /proc/30/cmdline /proc/30/cmdline ps /proc/166/cmdline /proc/166/cmdline ps /proc/169/stat /proc/169/stat ps /proc/filesystems /proc/filesystems dpkg /proc/4/stat /proc/4/stat ps /proc/165/status /proc/165/status ps /proc/193/stat /proc/193/stat ps /proc/352/stat /proc/352/stat ps /proc/420/stat /proc/420/stat ps /proc/filesystems /proc/filesystems dpkg /proc/1/cmdline /proc/1/cmdline ps /proc/20/status /proc/20/status ps /proc/21/stat /proc/21/stat ps /proc/192/cmdline /proc/192/cmdline ps /proc/447/stat /proc/447/stat ps /proc/5/cmdline /proc/5/cmdline ps /proc/31/stat /proc/31/stat ps /proc/78/stat /proc/78/stat ps /proc/289/stat /proc/289/stat ps /proc/filesystems /proc/filesystems dpkg /proc/16/cmdline /proc/16/cmdline ps /proc/36/status /proc/36/status ps /proc/159/stat /proc/159/stat ps /proc/filesystems /proc/filesystems dpkg /proc/36/cmdline /proc/36/cmdline ps /proc/81/stat /proc/81/stat ps /proc/158/cmdline /proc/158/cmdline ps /proc/252/stat /proc/252/stat ps /proc/8/cmdline /proc/8/cmdline ps /proc/9/cmdline /proc/9/cmdline ps /proc/19/status /proc/19/status ps /proc/23/stat /proc/23/stat ps /proc/filesystems /proc/filesystems find /proc/filesystems /proc/filesystems dpkg /proc/filesystems /proc/filesystems sed /proc/uptime /proc/uptime ps /proc/17/status /proc/17/status ps /proc/333/cmdline /proc/333/cmdline ps /proc/369/stat /proc/369/stat ps /proc/1/stat /proc/1/stat ps /proc/10/status /proc/10/status ps /proc/81/cmdline /proc/81/cmdline ps /proc/filesystems /proc/filesystems dpkg /proc/13/cmdline /proc/13/cmdline ps /proc/30/status /proc/30/status ps /proc/filesystems /proc/filesystems dpkg /proc/599/stat /proc/599/stat ps /proc/filesystems /proc/filesystems cp /proc/7/stat /proc/7/stat ps /proc/35/cmdline /proc/35/cmdline ps -
Writes file to tmp directory 64 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process /tmp/fileutl.message.JOJR33 /tmp/fileutl.message.JOJR33 apt-get /tmp/apt.data.9zIadu /tmp/apt.data.9zIadu gpgv /tmp/fileutl.message.59Lfch /tmp/fileutl.message.59Lfch apt-get /tmp/apt.conf.rGINf0 /tmp/apt.conf.rGINf0 apt-config /tmp/ /tmp/ run.sh /tmp/apt.conf.7He0Xl /tmp/apt.conf.7He0Xl apt-config /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg gpgv /tmp/apt-key-gpghome.d2bwiCAUG9/gpg.1.sh /tmp/apt-key-gpghome.d2bwiCAUG9/gpg.1.sh rm /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg rm /tmp/apt.conf.KES3VI /tmp/apt.conf.KES3VI apt-config /tmp/apt.data.VfUbKq /tmp/apt.data.VfUbKq Process not Found /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg touch /tmp/apt.conf.hJphW7 /tmp/apt.conf.hJphW7 apt-config /tmp/apt.conf.rGINf0 /tmp/apt.conf.rGINf0 apt-config /tmp/apt.conf.rGINf0 /tmp/apt.conf.rGINf0 apt-config /tmp/apt-key-gpghome.Xp4PC2pycL/pubring.gpg /tmp/apt-key-gpghome.Xp4PC2pycL/pubring.gpg rm /tmp/apt.conf.7He0Xl /tmp/apt.conf.7He0Xl apt-config /tmp/apt.sig.CdcWkT /tmp/apt.sig.CdcWkT Process not Found /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg gpgv /tmp/apt.data.K3DOJ3 /tmp/apt.data.K3DOJ3 gpgv /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg rm /tmp/apt.conf.hJphW7 /tmp/apt.conf.hJphW7 apt-config /tmp/apt-key-gpghome.Xp4PC2pycL/pubring.gpg /tmp/apt-key-gpghome.Xp4PC2pycL/pubring.gpg touch /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg touch /tmp/apt.conf.rGINf0 /tmp/apt.conf.rGINf0 apt-config /tmp/systemd-private-ac1e6a06763947c182fe05199fb1756d-systemd-resolved.service-3vbPcN /tmp/systemd-private-ac1e6a06763947c182fe05199fb1756d-systemd-resolved.service-3vbPcN rm /tmp/apt.sig.O7HYxv /tmp/apt.sig.O7HYxv Process not Found /tmp/apt-key-gpghome.d2bwiCAUG9/gpg.1.sh /tmp/apt-key-gpghome.d2bwiCAUG9/gpg.1.sh apt-key /tmp/apt-key-gpghome.FK5C2Vq5ah/gpg.1.sh /tmp/apt-key-gpghome.FK5C2Vq5ah/gpg.1.sh apt-key /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.orig.gpg /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.orig.gpg rm /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg rm /tmp/apt.conf.rGINf0 /tmp/apt.conf.rGINf0 apt-config /tmp/apt.conf.rGINf0 /tmp/apt.conf.rGINf0 apt-config /tmp/apt-key-gpghome.Xp4PC2pycL/pubring.orig.gpg /tmp/apt-key-gpghome.Xp4PC2pycL/pubring.orig.gpg cp /tmp/apt.conf.7He0Xl /tmp/apt.conf.7He0Xl Process not Found /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.orig.gpg /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.orig.gpg cp /tmp/apt.data.7Qc87E /tmp/apt.data.7Qc87E gpgv /tmp/apt.sig.KNZI4i /tmp/apt.sig.KNZI4i Process not Found /tmp/apt.conf.hJphW7 /tmp/apt.conf.hJphW7 apt-config /tmp/apt.sig.tYGZud /tmp/apt.sig.tYGZud Process not Found /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.gpg /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.gpg cp /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.gpg /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.gpg gpgv /tmp/apt.sig.CdcWkT /tmp/apt.sig.CdcWkT gpgv /tmp/apt-key-gpghome.FK5C2Vq5ah /tmp/apt-key-gpghome.FK5C2Vq5ah rm /tmp/apt.conf.rGINf0 /tmp/apt.conf.rGINf0 apt-config /tmp/apt.sig.KNZI4i /tmp/apt.sig.KNZI4i gpgv /tmp/apt-key-gpghome.iyC3X6i1vW /tmp/apt-key-gpghome.iyC3X6i1vW rm /tmp/run.sh /tmp/run.sh rm /tmp/systemd-private-ac1e6a06763947c182fe05199fb1756d-systemd-timesyncd.service-thgPxt /tmp/systemd-private-ac1e6a06763947c182fe05199fb1756d-systemd-timesyncd.service-thgPxt rm /tmp/sh-thd.vIi3dW /tmp/sh-thd.vIi3dW Process not Found /tmp/apt.conf.7He0Xl /tmp/apt.conf.7He0Xl apt-config /tmp/apt.conf.hJphW7 /tmp/apt.conf.hJphW7 Process not Found /tmp/apt.conf.hJphW7 /tmp/apt.conf.hJphW7 apt-config /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg rm /tmp/apt.conf.rGINf0 /tmp/apt.conf.rGINf0 Process not Found /tmp/apt.data.9zIadu /tmp/apt.data.9zIadu Process not Found /tmp/apt.conf.hJphW7 /tmp/apt.conf.hJphW7 apt-config /tmp/run.sh /tmp/run.sh run.sh /tmp/apt.data.7Qc87E /tmp/apt.data.7Qc87E Process not Found /tmp/apt.conf.7He0Xl /tmp/apt.conf.7He0Xl apt-config /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.gpg /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.gpg rm /tmp/apt.data.K3DOJ3 /tmp/apt.data.K3DOJ3 Process not Found /tmp/apt.conf.KES3VI /tmp/apt.conf.KES3VI apt-config /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg apt-key
Processes
-
/tmp/run.sh/tmp/run.sh1⤵
- Deletes system logs
- Writes DNS configuration
- Writes file to tmp directory
PID:577 -
/bin/sleepsleep 12⤵PID:578
-
-
/usr/bin/findfind /tmp/ -maxdepth 1 -name .mxff0 -type f -mmin +60 -delete2⤵PID:583
-
-
/usr/bin/crontabcrontab -r2⤵PID:585
-
-
/bin/rmrm -rf /var/spool/cron2⤵
- Creates/modifies Cron job
PID:586
-
-
/bin/grepgrep -q 8.8.8.8 /etc/resolv.conf2⤵
- Writes DNS configuration
PID:587
-
-
/bin/rmrm -rf /tmp/run.sh /tmp/systemd-private-ac1e6a06763947c182fe05199fb1756d-systemd-resolved.service-3vbPcN /tmp/systemd-private-ac1e6a06763947c182fe05199fb1756d-systemd-timesyncd.service-thgPxt2⤵
- Writes file to tmp directory
PID:588
-
-
/bin/rmrm -rf /var/tmp/systemd-private-ac1e6a06763947c182fe05199fb1756d-systemd-resolved.service-ERRM2W /var/tmp/systemd-private-ac1e6a06763947c182fe05199fb1756d-systemd-timesyncd.service-wK0RmD2⤵PID:589
-
-
/bin/rmrm -rf /etc/root.sh2⤵PID:590
-
-
/bin/syncsync2⤵PID:591
-
-
/bin/catcat2⤵PID:592
-
-
/sbin/iptablesiptables -I INPUT 1 -p tcp --dport 6379 -j DROP2⤵PID:593
-
-
/sbin/iptablesiptables -I INPUT 1 -p tcp --dport 6379 -s 127.0.0.1 -j ACCEPT2⤵PID:598
-
-
/bin/psps xf2⤵
- Reads CPU attributes
- Reads runtime system information
PID:599
-
-
/bin/grepgrep -v grep2⤵PID:600
-
-
/bin/grepgrep "redis-server\\|nicehash\\|linuxs\\|linuxl\\|crawler.weibo\\|243/44444\\|cryptonight\\|stratum\\|gpg-daemon\\|jobs.flu.cc\\|nmap\\|cranberry\\|start.sh\\|watch.sh\\|krun.sh\\|killTop.sh\\|cpuminer\\|/60009\\|ssh_deny.sh\\|clean.sh\\|\\./over\\|mrx1\\|redisscan\\|ebscan\\|redis-cli\\|barad_agent\\|\\.sr0\\|clay\\|udevs\\|\\.sshd\\|/tmp/init"2⤵PID:601
-
-
/bin/rmrm -rf "/tmp/*"2⤵PID:603
-
-
/bin/rmrm -rf "/var/tmp/*"2⤵PID:604
-
-
/bin/catcat /etc/lsb-release /etc/os-release2⤵PID:605
-
-
/bin/grepgrep -i CentOS2⤵PID:606
-
-
/bin/catcat /etc/lsb-release /etc/os-release2⤵PID:607
-
-
/bin/grepgrep -qi Red2⤵PID:608
-
-
/bin/catcat /etc/lsb-release /etc/os-release2⤵PID:609
-
-
/bin/grepgrep -qi Fedora2⤵PID:610
-
-
/bin/catcat /etc/lsb-release /etc/os-release2⤵PID:611
-
-
/bin/grepgrep -qi Ubuntu2⤵PID:612
-
-
/bin/rmrm -rf /var/lib/apt/lists/auxfiles /var/lib/apt/lists/lock /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-backports_InRelease /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-backports_main_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-backports_main_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-backports_main_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-backports_universe_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-backports_universe_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-backports_universe_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_InRelease /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_main_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_main_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_main_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_multiverse_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_multiverse_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_multiverse_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_restricted_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_restricted_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_restricted_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_universe_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_universe_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_universe_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_InRelease /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_main_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_main_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_main_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_multiverse_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_multiverse_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_multiverse_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_restricted_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_restricted_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_restricted_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_universe_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_universe_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_universe_i18n_Translation-en /var/lib/apt/lists/partial /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_InRelease /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_main_binary-amd64_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_main_binary-i386_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_main_i18n_Translation-en /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_multiverse_binary-amd64_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_multiverse_binary-i386_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_multiverse_i18n_Translation-en /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_restricted_binary-amd64_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_restricted_binary-i386_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_restricted_i18n_Translation-en /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_universe_binary-amd64_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_universe_binary-i386_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_universe_i18n_Translation-en2⤵PID:613
-
-
/usr/bin/apt-getapt-get update -q --fix-missing2⤵
- Writes file to tmp directory
PID:614 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:615
-
-
/usr/lib/apt/methods/http/usr/lib/apt/methods/http3⤵PID:616
-
-
/usr/lib/apt/methods/http/usr/lib/apt/methods/http3⤵
- Modifies hosts file
- Writes DNS configuration
PID:617
-
-
/usr/lib/apt/methods/http/usr/lib/apt/methods/http3⤵
- Modifies hosts file
- Writes DNS configuration
PID:618
-
-
/usr/lib/apt/methods/gpgv/usr/lib/apt/methods/gpgv3⤵PID:619
-
-
/usr/lib/apt/methods/gpgv/usr/lib/apt/methods/gpgv3⤵PID:620
-
-
/usr/lib/apt/methods/store/usr/lib/apt/methods/store3⤵PID:739
-
-
/usr/lib/apt/methods/store/usr/lib/apt/methods/store3⤵PID:742
-
-
-
/usr/bin/apt-key/usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.O7HYxv /tmp/apt.data.7Qc87E1⤵
- Write file to user bin folder
- Writes file to tmp directory
PID:622 -
/usr/bin/apt-configapt-config shell MASTER_KEYRING APT::Key::MasterKeyring2⤵
- Writes file to tmp directory
PID:624 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:625
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring2⤵PID:626
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:627
-
-
-
/usr/bin/apt-configapt-config shell REMOVED_KEYS APT::Key::RemovedKeys2⤵PID:628
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:629
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI2⤵
- Writes file to tmp directory
PID:630 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:631
-
-
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring2⤵
- Writes file to tmp directory
PID:632 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:633
-
-
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Dir::Etc::Trusted/f2⤵PID:634
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:635
-
-
-
/usr/bin/apt-configapt-config shell GPGV Apt::Key::gpgvcommand2⤵PID:637
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:638
-
-
-
/bin/mktempmktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX2⤵PID:639
-
-
/bin/chmodchmod 700 /tmp/apt-key-gpghome.d2bwiCAUG92⤵PID:640
-
-
/bin/readlinkreadlink -f /tmp/apt-key-gpghome.d2bwiCAUG92⤵PID:641
-
-
/bin/rmrm -f /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.gpg2⤵PID:642
-
-
/usr/bin/touchtouch /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.gpg2⤵PID:643
-
-
/usr/bin/apt-configapt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d2⤵
- Writes file to tmp directory
PID:644 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:645
-
-
-
/bin/readlinkreadlink -f /etc/apt/trusted.gpg.d/2⤵PID:646
-
-
/usr/bin/findfind /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"2⤵PID:647
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵PID:652
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵PID:654
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵PID:656
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵PID:658
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵PID:660
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵PID:662
-
-
/bin/cpcp -a /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.gpg /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.orig.gpg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:663
-
-
/usr/bin/gpgvgpgv --homedir /tmp/apt-key-gpghome.d2bwiCAUG9 --keyring /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.O7HYxv /tmp/apt.data.7Qc87E2⤵
- Writes file to tmp directory
PID:670
-
-
/usr/bin/gpgconfgpgconf --kill all2⤵PID:671
-
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart KILLAGENT3⤵PID:672
-
-
/usr/bin/gpg-connect-agentgpg-connect-agent -s --no-autostart "GETINFO scd_running" "/if \${! \$?}" "scd killscd" /end3⤵PID:673
-
-
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR3⤵PID:674
-
-
-
/bin/rmrm -rf /tmp/apt-key-gpghome.d2bwiCAUG92⤵
- Writes file to tmp directory
PID:675
-
-
/usr/bin/sortsort1⤵PID:650
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵PID:666
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵PID:669
-
/usr/bin/apt-key/usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.CdcWkT /tmp/apt.data.K3DOJ31⤵
- Write file to user bin folder
- Writes file to tmp directory
PID:677 -
/usr/bin/apt-configapt-config shell MASTER_KEYRING APT::Key::MasterKeyring2⤵PID:679
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:680
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring2⤵PID:681
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:682
-
-
-
/usr/bin/apt-configapt-config shell REMOVED_KEYS APT::Key::RemovedKeys2⤵PID:683
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:684
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI2⤵PID:685
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:686
-
-
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring2⤵PID:687
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:688
-
-
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Dir::Etc::Trusted/f2⤵
- Writes file to tmp directory
PID:689 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:690
-
-
-
/usr/bin/apt-configapt-config shell GPGV Apt::Key::gpgvcommand2⤵PID:692
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:693
-
-
-
/bin/mktempmktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX2⤵PID:694
-
-
/bin/chmodchmod 700 /tmp/apt-key-gpghome.FK5C2Vq5ah2⤵PID:695
-
-
/bin/readlinkreadlink -f /tmp/apt-key-gpghome.FK5C2Vq5ah2⤵PID:696
-
-
/bin/rmrm -f /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg2⤵
- Writes file to tmp directory
PID:697
-
-
/usr/bin/touchtouch /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg2⤵
- Writes file to tmp directory
PID:698
-
-
/usr/bin/apt-configapt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d2⤵
- Writes file to tmp directory
PID:699 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:700
-
-
-
/bin/readlinkreadlink -f /etc/apt/trusted.gpg.d/2⤵PID:701
-
-
/usr/bin/findfind /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"2⤵
- Reads runtime system information
PID:702
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵PID:707
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵PID:709
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵PID:711
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵PID:713
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵PID:715
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵PID:717
-
-
/bin/cpcp -a /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.orig.gpg2⤵PID:718
-
-
/usr/bin/gpgvgpgv --homedir /tmp/apt-key-gpghome.FK5C2Vq5ah --keyring /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.CdcWkT /tmp/apt.data.K3DOJ32⤵
- Writes file to tmp directory
PID:725
-
-
/usr/bin/gpgconfgpgconf --kill all2⤵PID:726
-
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart KILLAGENT3⤵PID:727
-
-
/usr/bin/gpg-connect-agentgpg-connect-agent -s --no-autostart "GETINFO scd_running" "/if \${! \$?}" "scd killscd" /end3⤵PID:728
-
-
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR3⤵PID:729
-
-
-
/bin/rmrm -rf /tmp/apt-key-gpghome.FK5C2Vq5ah2⤵
- Writes file to tmp directory
PID:730
-
-
/usr/bin/sortsort1⤵PID:705
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵PID:721
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵PID:724
-
/usr/bin/apt-key/usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.KNZI4i /tmp/apt.data.9zIadu1⤵
- Write file to user bin folder
- Writes file to tmp directory
PID:732 -
/usr/bin/apt-configapt-config shell MASTER_KEYRING APT::Key::MasterKeyring2⤵
- Writes file to tmp directory
PID:734 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:735
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring2⤵PID:736
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:737
-
-
-
/usr/bin/apt-configapt-config shell REMOVED_KEYS APT::Key::RemovedKeys2⤵PID:738
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:740
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI2⤵
- Writes file to tmp directory
PID:741 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:743
-
-
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring2⤵PID:744
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:745
-
-
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Dir::Etc::Trusted/f2⤵
- Writes file to tmp directory
PID:746 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:747
-
-
-
/usr/bin/apt-configapt-config shell GPGV Apt::Key::gpgvcommand2⤵
- Writes file to tmp directory
PID:749 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:750
-
-
-
/bin/mktempmktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX2⤵PID:751
-
-
/bin/chmodchmod 700 /tmp/apt-key-gpghome.iyC3X6i1vW2⤵PID:752
-
-
/bin/readlinkreadlink -f /tmp/apt-key-gpghome.iyC3X6i1vW2⤵PID:753
-
-
/bin/rmrm -f /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg2⤵
- Writes file to tmp directory
PID:754
-
-
/usr/bin/touchtouch /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg2⤵
- Writes file to tmp directory
PID:755
-
-
/usr/bin/apt-configapt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d2⤵
- Writes file to tmp directory
PID:756 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:757
-
-
-
/bin/readlinkreadlink -f /etc/apt/trusted.gpg.d/2⤵PID:758
-
-
/usr/bin/findfind /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"2⤵PID:759
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵PID:764
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵PID:766
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵PID:768
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵PID:770
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵PID:772
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵PID:774
-
-
/bin/cpcp -a /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.orig.gpg2⤵PID:775
-
-
/usr/bin/gpgvgpgv --homedir /tmp/apt-key-gpghome.iyC3X6i1vW --keyring /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.KNZI4i /tmp/apt.data.9zIadu2⤵
- Writes file to tmp directory
PID:782
-
-
/usr/bin/gpgconfgpgconf --kill all2⤵PID:783
-
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart KILLAGENT3⤵PID:784
-
-
/usr/bin/gpg-connect-agentgpg-connect-agent -s --no-autostart "GETINFO scd_running" "/if \${! \$?}" "scd killscd" /end3⤵PID:785
-
-
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR3⤵PID:786
-
-
-
/bin/rmrm -rf /tmp/apt-key-gpghome.iyC3X6i1vW2⤵
- Writes file to tmp directory
PID:787
-
-
/usr/bin/sortsort1⤵PID:762
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵PID:778
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵
- Reads runtime system information
PID:781
-
/usr/bin/apt-key/usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.tYGZud /tmp/apt.data.VfUbKq1⤵
- Write file to user bin folder
PID:789 -
/usr/bin/apt-configapt-config shell MASTER_KEYRING APT::Key::MasterKeyring2⤵
- Writes file to tmp directory
PID:791 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:792
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring2⤵PID:793
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:794
-
-
-
/usr/bin/apt-configapt-config shell REMOVED_KEYS APT::Key::RemovedKeys2⤵
- Writes file to tmp directory
PID:795 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:796
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI2⤵
- Writes file to tmp directory
PID:797 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:798
-
-
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring2⤵
- Writes file to tmp directory
PID:799 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:800
-
-
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Dir::Etc::Trusted/f2⤵
- Writes file to tmp directory
PID:801 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:802
-
-
-
/usr/bin/apt-configapt-config shell GPGV Apt::Key::gpgvcommand2⤵
- Writes file to tmp directory
PID:804 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:805
-
-
-
/bin/mktempmktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX2⤵PID:806
-
-
/bin/chmodchmod 700 /tmp/apt-key-gpghome.Xp4PC2pycL2⤵PID:807
-
-
/bin/readlinkreadlink -f /tmp/apt-key-gpghome.Xp4PC2pycL2⤵PID:808
-
-
/bin/rmrm -f /tmp/apt-key-gpghome.Xp4PC2pycL/pubring.gpg2⤵
- Writes file to tmp directory
PID:809
-
-
/usr/bin/touchtouch /tmp/apt-key-gpghome.Xp4PC2pycL/pubring.gpg2⤵
- Writes file to tmp directory
PID:810
-
-
/usr/bin/apt-configapt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d2⤵
- Writes file to tmp directory
PID:811 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:812
-
-
-
/bin/readlinkreadlink -f /etc/apt/trusted.gpg.d/2⤵PID:813
-
-
/usr/bin/findfind /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"2⤵PID:814
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵PID:819
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵PID:821
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵PID:823
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵PID:825
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵PID:827
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵PID:829
-
-
/bin/cpcp -a /tmp/apt-key-gpghome.Xp4PC2pycL/pubring.gpg /tmp/apt-key-gpghome.Xp4PC2pycL/pubring.orig.gpg2⤵
- Writes file to tmp directory
PID:830
-
-
/usr/bin/sortsort1⤵PID:817
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵PID:833