Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • max time network
    67s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    04/03/2023, 20:48

General

  • Target

    run.sh

  • Size

    8KB

  • MD5

    e34bac21135beadf24e557e6a8cd7a64

  • SHA1

    def390dddd27d379d4fb38c80fc69d7997425ff8

  • SHA256

    82c388aafffef7d131167904bba3a514f2480757489b0810d04437050784ad31

  • SHA512

    8bacb26ecd8a6157e6eaedc271db20590fe62848c4e742339384c01e4fcb1df4a8f19a089c950337061b40998a9de52666e0a3c232aed69080be1a26ee2242c8

  • SSDEEP

    96:bCUA/F3XH3t3Zu5bufqufVuHWK7ZXkTKk9kfKkQkRkfIk4kv2k8kalhX5KsU6uZR:b7qnpWAFuWK71gVfwzXUstqVk8EbYF

Score
9/10

Malware Config

Signatures

  • Deletes system logs 1 TTPs 2 IoCs
  • Modifies hosts file 2 IoCs

    Adds to hosts file used for mapping hosts to IP addresses.

  • Writes DNS configuration 1 TTPs 4 IoCs

    Writes data to DNS resolver config file.

  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

  • Write file to user bin folder 1 TTPs 4 IoCs
  • Reads CPU attributes 1 TTPs 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 64 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/run.sh
    /tmp/run.sh
    1⤵
    • Deletes system logs
    • Writes DNS configuration
    • Writes file to tmp directory
    PID:577
    • /bin/sleep
      sleep 1
      2⤵
        PID:578
      • /usr/bin/find
        find /tmp/ -maxdepth 1 -name .mxff0 -type f -mmin +60 -delete
        2⤵
          PID:583
        • /usr/bin/crontab
          crontab -r
          2⤵
            PID:585
          • /bin/rm
            rm -rf /var/spool/cron
            2⤵
            • Creates/modifies Cron job
            PID:586
          • /bin/grep
            grep -q 8.8.8.8 /etc/resolv.conf
            2⤵
            • Writes DNS configuration
            PID:587
          • /bin/rm
            rm -rf /tmp/run.sh /tmp/systemd-private-ac1e6a06763947c182fe05199fb1756d-systemd-resolved.service-3vbPcN /tmp/systemd-private-ac1e6a06763947c182fe05199fb1756d-systemd-timesyncd.service-thgPxt
            2⤵
            • Writes file to tmp directory
            PID:588
          • /bin/rm
            rm -rf /var/tmp/systemd-private-ac1e6a06763947c182fe05199fb1756d-systemd-resolved.service-ERRM2W /var/tmp/systemd-private-ac1e6a06763947c182fe05199fb1756d-systemd-timesyncd.service-wK0RmD
            2⤵
              PID:589
            • /bin/rm
              rm -rf /etc/root.sh
              2⤵
                PID:590
              • /bin/sync
                sync
                2⤵
                  PID:591
                • /bin/cat
                  cat
                  2⤵
                    PID:592
                  • /sbin/iptables
                    iptables -I INPUT 1 -p tcp --dport 6379 -j DROP
                    2⤵
                      PID:593
                    • /sbin/iptables
                      iptables -I INPUT 1 -p tcp --dport 6379 -s 127.0.0.1 -j ACCEPT
                      2⤵
                        PID:598
                      • /bin/ps
                        ps xf
                        2⤵
                        • Reads CPU attributes
                        • Reads runtime system information
                        PID:599
                      • /bin/grep
                        grep -v grep
                        2⤵
                          PID:600
                        • /bin/grep
                          grep "redis-server\\|nicehash\\|linuxs\\|linuxl\\|crawler.weibo\\|243/44444\\|cryptonight\\|stratum\\|gpg-daemon\\|jobs.flu.cc\\|nmap\\|cranberry\\|start.sh\\|watch.sh\\|krun.sh\\|killTop.sh\\|cpuminer\\|/60009\\|ssh_deny.sh\\|clean.sh\\|\\./over\\|mrx1\\|redisscan\\|ebscan\\|redis-cli\\|barad_agent\\|\\.sr0\\|clay\\|udevs\\|\\.sshd\\|/tmp/init"
                          2⤵
                            PID:601
                          • /bin/rm
                            rm -rf "/tmp/*"
                            2⤵
                              PID:603
                            • /bin/rm
                              rm -rf "/var/tmp/*"
                              2⤵
                                PID:604
                              • /bin/cat
                                cat /etc/lsb-release /etc/os-release
                                2⤵
                                  PID:605
                                • /bin/grep
                                  grep -i CentOS
                                  2⤵
                                    PID:606
                                  • /bin/cat
                                    cat /etc/lsb-release /etc/os-release
                                    2⤵
                                      PID:607
                                    • /bin/grep
                                      grep -qi Red
                                      2⤵
                                        PID:608
                                      • /bin/cat
                                        cat /etc/lsb-release /etc/os-release
                                        2⤵
                                          PID:609
                                        • /bin/grep
                                          grep -qi Fedora
                                          2⤵
                                            PID:610
                                          • /bin/cat
                                            cat /etc/lsb-release /etc/os-release
                                            2⤵
                                              PID:611
                                            • /bin/grep
                                              grep -qi Ubuntu
                                              2⤵
                                                PID:612
                                              • /bin/rm
                                                rm -rf /var/lib/apt/lists/auxfiles /var/lib/apt/lists/lock /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-backports_InRelease /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-backports_main_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-backports_main_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-backports_main_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-backports_universe_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-backports_universe_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-backports_universe_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_InRelease /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_main_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_main_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_main_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_multiverse_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_multiverse_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_multiverse_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_restricted_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_restricted_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_restricted_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_universe_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_universe_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic_universe_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_InRelease /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_main_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_main_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_main_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_multiverse_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_multiverse_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_multiverse_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_restricted_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_restricted_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_restricted_i18n_Translation-en /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_universe_binary-amd64_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_universe_binary-i386_Packages /var/lib/apt/lists/nl.archive.ubuntu.com_ubuntu_dists_bionic-updates_universe_i18n_Translation-en /var/lib/apt/lists/partial /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_InRelease /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_main_binary-amd64_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_main_binary-i386_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_main_i18n_Translation-en /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_multiverse_binary-amd64_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_multiverse_binary-i386_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_multiverse_i18n_Translation-en /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_restricted_binary-amd64_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_restricted_binary-i386_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_restricted_i18n_Translation-en /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_universe_binary-amd64_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_universe_binary-i386_Packages /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_bionic-security_universe_i18n_Translation-en
                                                2⤵
                                                  PID:613
                                                • /usr/bin/apt-get
                                                  apt-get update -q --fix-missing
                                                  2⤵
                                                  • Writes file to tmp directory
                                                  PID:614
                                                  • /usr/bin/dpkg
                                                    /usr/bin/dpkg --print-foreign-architectures
                                                    3⤵
                                                      PID:615
                                                    • /usr/lib/apt/methods/http
                                                      /usr/lib/apt/methods/http
                                                      3⤵
                                                        PID:616
                                                      • /usr/lib/apt/methods/http
                                                        /usr/lib/apt/methods/http
                                                        3⤵
                                                        • Modifies hosts file
                                                        • Writes DNS configuration
                                                        PID:617
                                                      • /usr/lib/apt/methods/http
                                                        /usr/lib/apt/methods/http
                                                        3⤵
                                                        • Modifies hosts file
                                                        • Writes DNS configuration
                                                        PID:618
                                                      • /usr/lib/apt/methods/gpgv
                                                        /usr/lib/apt/methods/gpgv
                                                        3⤵
                                                          PID:619
                                                        • /usr/lib/apt/methods/gpgv
                                                          /usr/lib/apt/methods/gpgv
                                                          3⤵
                                                            PID:620
                                                          • /usr/lib/apt/methods/store
                                                            /usr/lib/apt/methods/store
                                                            3⤵
                                                              PID:739
                                                            • /usr/lib/apt/methods/store
                                                              /usr/lib/apt/methods/store
                                                              3⤵
                                                                PID:742
                                                          • /usr/bin/apt-key
                                                            /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.O7HYxv /tmp/apt.data.7Qc87E
                                                            1⤵
                                                            • Write file to user bin folder
                                                            • Writes file to tmp directory
                                                            PID:622
                                                            • /usr/bin/apt-config
                                                              apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
                                                              2⤵
                                                              • Writes file to tmp directory
                                                              PID:624
                                                              • /usr/bin/dpkg
                                                                /usr/bin/dpkg --print-foreign-architectures
                                                                3⤵
                                                                  PID:625
                                                              • /usr/bin/apt-config
                                                                apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
                                                                2⤵
                                                                  PID:626
                                                                  • /usr/bin/dpkg
                                                                    /usr/bin/dpkg --print-foreign-architectures
                                                                    3⤵
                                                                      PID:627
                                                                  • /usr/bin/apt-config
                                                                    apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
                                                                    2⤵
                                                                      PID:628
                                                                      • /usr/bin/dpkg
                                                                        /usr/bin/dpkg --print-foreign-architectures
                                                                        3⤵
                                                                        • Reads runtime system information
                                                                        PID:629
                                                                    • /usr/bin/apt-config
                                                                      apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
                                                                      2⤵
                                                                      • Writes file to tmp directory
                                                                      PID:630
                                                                      • /usr/bin/dpkg
                                                                        /usr/bin/dpkg --print-foreign-architectures
                                                                        3⤵
                                                                          PID:631
                                                                      • /usr/bin/apt-config
                                                                        apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
                                                                        2⤵
                                                                        • Writes file to tmp directory
                                                                        PID:632
                                                                        • /usr/bin/dpkg
                                                                          /usr/bin/dpkg --print-foreign-architectures
                                                                          3⤵
                                                                          • Reads runtime system information
                                                                          PID:633
                                                                      • /usr/bin/apt-config
                                                                        apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
                                                                        2⤵
                                                                          PID:634
                                                                          • /usr/bin/dpkg
                                                                            /usr/bin/dpkg --print-foreign-architectures
                                                                            3⤵
                                                                            • Reads runtime system information
                                                                            PID:635
                                                                        • /usr/bin/apt-config
                                                                          apt-config shell GPGV Apt::Key::gpgvcommand
                                                                          2⤵
                                                                            PID:637
                                                                            • /usr/bin/dpkg
                                                                              /usr/bin/dpkg --print-foreign-architectures
                                                                              3⤵
                                                                                PID:638
                                                                            • /bin/mktemp
                                                                              mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
                                                                              2⤵
                                                                                PID:639
                                                                              • /bin/chmod
                                                                                chmod 700 /tmp/apt-key-gpghome.d2bwiCAUG9
                                                                                2⤵
                                                                                  PID:640
                                                                                • /bin/readlink
                                                                                  readlink -f /tmp/apt-key-gpghome.d2bwiCAUG9
                                                                                  2⤵
                                                                                    PID:641
                                                                                  • /bin/rm
                                                                                    rm -f /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.gpg
                                                                                    2⤵
                                                                                      PID:642
                                                                                    • /usr/bin/touch
                                                                                      touch /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.gpg
                                                                                      2⤵
                                                                                        PID:643
                                                                                      • /usr/bin/apt-config
                                                                                        apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
                                                                                        2⤵
                                                                                        • Writes file to tmp directory
                                                                                        PID:644
                                                                                        • /usr/bin/dpkg
                                                                                          /usr/bin/dpkg --print-foreign-architectures
                                                                                          3⤵
                                                                                            PID:645
                                                                                        • /bin/readlink
                                                                                          readlink -f /etc/apt/trusted.gpg.d/
                                                                                          2⤵
                                                                                            PID:646
                                                                                          • /usr/bin/find
                                                                                            find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
                                                                                            2⤵
                                                                                              PID:647
                                                                                            • /usr/bin/cmp
                                                                                              cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
                                                                                              2⤵
                                                                                                PID:652
                                                                                              • /bin/cat
                                                                                                cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
                                                                                                2⤵
                                                                                                  PID:654
                                                                                                • /usr/bin/cmp
                                                                                                  cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
                                                                                                  2⤵
                                                                                                    PID:656
                                                                                                  • /bin/cat
                                                                                                    cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
                                                                                                    2⤵
                                                                                                      PID:658
                                                                                                    • /usr/bin/cmp
                                                                                                      cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
                                                                                                      2⤵
                                                                                                        PID:660
                                                                                                      • /bin/cat
                                                                                                        cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
                                                                                                        2⤵
                                                                                                          PID:662
                                                                                                        • /bin/cp
                                                                                                          cp -a /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.gpg /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.orig.gpg
                                                                                                          2⤵
                                                                                                          • Reads runtime system information
                                                                                                          • Writes file to tmp directory
                                                                                                          PID:663
                                                                                                        • /usr/bin/gpgv
                                                                                                          gpgv --homedir /tmp/apt-key-gpghome.d2bwiCAUG9 --keyring /tmp/apt-key-gpghome.d2bwiCAUG9/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.O7HYxv /tmp/apt.data.7Qc87E
                                                                                                          2⤵
                                                                                                          • Writes file to tmp directory
                                                                                                          PID:670
                                                                                                        • /usr/bin/gpgconf
                                                                                                          gpgconf --kill all
                                                                                                          2⤵
                                                                                                            PID:671
                                                                                                            • /usr/bin/gpg-connect-agent
                                                                                                              gpg-connect-agent --no-autostart KILLAGENT
                                                                                                              3⤵
                                                                                                                PID:672
                                                                                                              • /usr/bin/gpg-connect-agent
                                                                                                                gpg-connect-agent -s --no-autostart "GETINFO scd_running" "/if \${! \$?}" "scd killscd" /end
                                                                                                                3⤵
                                                                                                                  PID:673
                                                                                                                • /usr/bin/gpg-connect-agent
                                                                                                                  gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR
                                                                                                                  3⤵
                                                                                                                    PID:674
                                                                                                                • /bin/rm
                                                                                                                  rm -rf /tmp/apt-key-gpghome.d2bwiCAUG9
                                                                                                                  2⤵
                                                                                                                  • Writes file to tmp directory
                                                                                                                  PID:675
                                                                                                              • /usr/bin/sort
                                                                                                                sort
                                                                                                                1⤵
                                                                                                                  PID:650
                                                                                                                • /bin/sed
                                                                                                                  sed -e "s#'#'\"'\"'#g"
                                                                                                                  1⤵
                                                                                                                    PID:666
                                                                                                                  • /bin/sed
                                                                                                                    sed -e "s#'#'\"'\"'#g"
                                                                                                                    1⤵
                                                                                                                      PID:669
                                                                                                                    • /usr/bin/apt-key
                                                                                                                      /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.CdcWkT /tmp/apt.data.K3DOJ3
                                                                                                                      1⤵
                                                                                                                      • Write file to user bin folder
                                                                                                                      • Writes file to tmp directory
                                                                                                                      PID:677
                                                                                                                      • /usr/bin/apt-config
                                                                                                                        apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
                                                                                                                        2⤵
                                                                                                                          PID:679
                                                                                                                          • /usr/bin/dpkg
                                                                                                                            /usr/bin/dpkg --print-foreign-architectures
                                                                                                                            3⤵
                                                                                                                              PID:680
                                                                                                                          • /usr/bin/apt-config
                                                                                                                            apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
                                                                                                                            2⤵
                                                                                                                              PID:681
                                                                                                                              • /usr/bin/dpkg
                                                                                                                                /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                3⤵
                                                                                                                                  PID:682
                                                                                                                              • /usr/bin/apt-config
                                                                                                                                apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
                                                                                                                                2⤵
                                                                                                                                  PID:683
                                                                                                                                  • /usr/bin/dpkg
                                                                                                                                    /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                    3⤵
                                                                                                                                      PID:684
                                                                                                                                  • /usr/bin/apt-config
                                                                                                                                    apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
                                                                                                                                    2⤵
                                                                                                                                      PID:685
                                                                                                                                      • /usr/bin/dpkg
                                                                                                                                        /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                        3⤵
                                                                                                                                          PID:686
                                                                                                                                      • /usr/bin/apt-config
                                                                                                                                        apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
                                                                                                                                        2⤵
                                                                                                                                          PID:687
                                                                                                                                          • /usr/bin/dpkg
                                                                                                                                            /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                            3⤵
                                                                                                                                              PID:688
                                                                                                                                          • /usr/bin/apt-config
                                                                                                                                            apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
                                                                                                                                            2⤵
                                                                                                                                            • Writes file to tmp directory
                                                                                                                                            PID:689
                                                                                                                                            • /usr/bin/dpkg
                                                                                                                                              /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                              3⤵
                                                                                                                                                PID:690
                                                                                                                                            • /usr/bin/apt-config
                                                                                                                                              apt-config shell GPGV Apt::Key::gpgvcommand
                                                                                                                                              2⤵
                                                                                                                                                PID:692
                                                                                                                                                • /usr/bin/dpkg
                                                                                                                                                  /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                  3⤵
                                                                                                                                                  • Reads runtime system information
                                                                                                                                                  PID:693
                                                                                                                                              • /bin/mktemp
                                                                                                                                                mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
                                                                                                                                                2⤵
                                                                                                                                                  PID:694
                                                                                                                                                • /bin/chmod
                                                                                                                                                  chmod 700 /tmp/apt-key-gpghome.FK5C2Vq5ah
                                                                                                                                                  2⤵
                                                                                                                                                    PID:695
                                                                                                                                                  • /bin/readlink
                                                                                                                                                    readlink -f /tmp/apt-key-gpghome.FK5C2Vq5ah
                                                                                                                                                    2⤵
                                                                                                                                                      PID:696
                                                                                                                                                    • /bin/rm
                                                                                                                                                      rm -f /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg
                                                                                                                                                      2⤵
                                                                                                                                                      • Writes file to tmp directory
                                                                                                                                                      PID:697
                                                                                                                                                    • /usr/bin/touch
                                                                                                                                                      touch /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg
                                                                                                                                                      2⤵
                                                                                                                                                      • Writes file to tmp directory
                                                                                                                                                      PID:698
                                                                                                                                                    • /usr/bin/apt-config
                                                                                                                                                      apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
                                                                                                                                                      2⤵
                                                                                                                                                      • Writes file to tmp directory
                                                                                                                                                      PID:699
                                                                                                                                                      • /usr/bin/dpkg
                                                                                                                                                        /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                        3⤵
                                                                                                                                                          PID:700
                                                                                                                                                      • /bin/readlink
                                                                                                                                                        readlink -f /etc/apt/trusted.gpg.d/
                                                                                                                                                        2⤵
                                                                                                                                                          PID:701
                                                                                                                                                        • /usr/bin/find
                                                                                                                                                          find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
                                                                                                                                                          2⤵
                                                                                                                                                          • Reads runtime system information
                                                                                                                                                          PID:702
                                                                                                                                                        • /usr/bin/cmp
                                                                                                                                                          cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
                                                                                                                                                          2⤵
                                                                                                                                                            PID:707
                                                                                                                                                          • /bin/cat
                                                                                                                                                            cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
                                                                                                                                                            2⤵
                                                                                                                                                              PID:709
                                                                                                                                                            • /usr/bin/cmp
                                                                                                                                                              cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
                                                                                                                                                              2⤵
                                                                                                                                                                PID:711
                                                                                                                                                              • /bin/cat
                                                                                                                                                                cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:713
                                                                                                                                                                • /usr/bin/cmp
                                                                                                                                                                  cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:715
                                                                                                                                                                  • /bin/cat
                                                                                                                                                                    cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:717
                                                                                                                                                                    • /bin/cp
                                                                                                                                                                      cp -a /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.orig.gpg
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:718
                                                                                                                                                                      • /usr/bin/gpgv
                                                                                                                                                                        gpgv --homedir /tmp/apt-key-gpghome.FK5C2Vq5ah --keyring /tmp/apt-key-gpghome.FK5C2Vq5ah/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.CdcWkT /tmp/apt.data.K3DOJ3
                                                                                                                                                                        2⤵
                                                                                                                                                                        • Writes file to tmp directory
                                                                                                                                                                        PID:725
                                                                                                                                                                      • /usr/bin/gpgconf
                                                                                                                                                                        gpgconf --kill all
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:726
                                                                                                                                                                          • /usr/bin/gpg-connect-agent
                                                                                                                                                                            gpg-connect-agent --no-autostart KILLAGENT
                                                                                                                                                                            3⤵
                                                                                                                                                                              PID:727
                                                                                                                                                                            • /usr/bin/gpg-connect-agent
                                                                                                                                                                              gpg-connect-agent -s --no-autostart "GETINFO scd_running" "/if \${! \$?}" "scd killscd" /end
                                                                                                                                                                              3⤵
                                                                                                                                                                                PID:728
                                                                                                                                                                              • /usr/bin/gpg-connect-agent
                                                                                                                                                                                gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR
                                                                                                                                                                                3⤵
                                                                                                                                                                                  PID:729
                                                                                                                                                                              • /bin/rm
                                                                                                                                                                                rm -rf /tmp/apt-key-gpghome.FK5C2Vq5ah
                                                                                                                                                                                2⤵
                                                                                                                                                                                • Writes file to tmp directory
                                                                                                                                                                                PID:730
                                                                                                                                                                            • /usr/bin/sort
                                                                                                                                                                              sort
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:705
                                                                                                                                                                              • /bin/sed
                                                                                                                                                                                sed -e "s#'#'\"'\"'#g"
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:721
                                                                                                                                                                                • /bin/sed
                                                                                                                                                                                  sed -e "s#'#'\"'\"'#g"
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:724
                                                                                                                                                                                  • /usr/bin/apt-key
                                                                                                                                                                                    /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.KNZI4i /tmp/apt.data.9zIadu
                                                                                                                                                                                    1⤵
                                                                                                                                                                                    • Write file to user bin folder
                                                                                                                                                                                    • Writes file to tmp directory
                                                                                                                                                                                    PID:732
                                                                                                                                                                                    • /usr/bin/apt-config
                                                                                                                                                                                      apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
                                                                                                                                                                                      2⤵
                                                                                                                                                                                      • Writes file to tmp directory
                                                                                                                                                                                      PID:734
                                                                                                                                                                                      • /usr/bin/dpkg
                                                                                                                                                                                        /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                        3⤵
                                                                                                                                                                                          PID:735
                                                                                                                                                                                      • /usr/bin/apt-config
                                                                                                                                                                                        apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
                                                                                                                                                                                        2⤵
                                                                                                                                                                                          PID:736
                                                                                                                                                                                          • /usr/bin/dpkg
                                                                                                                                                                                            /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                            3⤵
                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                            PID:737
                                                                                                                                                                                        • /usr/bin/apt-config
                                                                                                                                                                                          apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
                                                                                                                                                                                          2⤵
                                                                                                                                                                                            PID:738
                                                                                                                                                                                            • /usr/bin/dpkg
                                                                                                                                                                                              /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                              3⤵
                                                                                                                                                                                                PID:740
                                                                                                                                                                                            • /usr/bin/apt-config
                                                                                                                                                                                              apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
                                                                                                                                                                                              2⤵
                                                                                                                                                                                              • Writes file to tmp directory
                                                                                                                                                                                              PID:741
                                                                                                                                                                                              • /usr/bin/dpkg
                                                                                                                                                                                                /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                                3⤵
                                                                                                                                                                                                  PID:743
                                                                                                                                                                                              • /usr/bin/apt-config
                                                                                                                                                                                                apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                  PID:744
                                                                                                                                                                                                  • /usr/bin/dpkg
                                                                                                                                                                                                    /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                      PID:745
                                                                                                                                                                                                  • /usr/bin/apt-config
                                                                                                                                                                                                    apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                    • Writes file to tmp directory
                                                                                                                                                                                                    PID:746
                                                                                                                                                                                                    • /usr/bin/dpkg
                                                                                                                                                                                                      /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                        PID:747
                                                                                                                                                                                                    • /usr/bin/apt-config
                                                                                                                                                                                                      apt-config shell GPGV Apt::Key::gpgvcommand
                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                      • Writes file to tmp directory
                                                                                                                                                                                                      PID:749
                                                                                                                                                                                                      • /usr/bin/dpkg
                                                                                                                                                                                                        /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                        • Reads runtime system information
                                                                                                                                                                                                        PID:750
                                                                                                                                                                                                    • /bin/mktemp
                                                                                                                                                                                                      mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                        PID:751
                                                                                                                                                                                                      • /bin/chmod
                                                                                                                                                                                                        chmod 700 /tmp/apt-key-gpghome.iyC3X6i1vW
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                          PID:752
                                                                                                                                                                                                        • /bin/readlink
                                                                                                                                                                                                          readlink -f /tmp/apt-key-gpghome.iyC3X6i1vW
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                            PID:753
                                                                                                                                                                                                          • /bin/rm
                                                                                                                                                                                                            rm -f /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg
                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                            • Writes file to tmp directory
                                                                                                                                                                                                            PID:754
                                                                                                                                                                                                          • /usr/bin/touch
                                                                                                                                                                                                            touch /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg
                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                            • Writes file to tmp directory
                                                                                                                                                                                                            PID:755
                                                                                                                                                                                                          • /usr/bin/apt-config
                                                                                                                                                                                                            apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                            • Writes file to tmp directory
                                                                                                                                                                                                            PID:756
                                                                                                                                                                                                            • /usr/bin/dpkg
                                                                                                                                                                                                              /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                              • Reads runtime system information
                                                                                                                                                                                                              PID:757
                                                                                                                                                                                                          • /bin/readlink
                                                                                                                                                                                                            readlink -f /etc/apt/trusted.gpg.d/
                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                              PID:758
                                                                                                                                                                                                            • /usr/bin/find
                                                                                                                                                                                                              find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                PID:759
                                                                                                                                                                                                              • /usr/bin/cmp
                                                                                                                                                                                                                cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                  PID:764
                                                                                                                                                                                                                • /bin/cat
                                                                                                                                                                                                                  cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                    PID:766
                                                                                                                                                                                                                  • /usr/bin/cmp
                                                                                                                                                                                                                    cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                      PID:768
                                                                                                                                                                                                                    • /bin/cat
                                                                                                                                                                                                                      cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                        PID:770
                                                                                                                                                                                                                      • /usr/bin/cmp
                                                                                                                                                                                                                        cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                          PID:772
                                                                                                                                                                                                                        • /bin/cat
                                                                                                                                                                                                                          cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                            PID:774
                                                                                                                                                                                                                          • /bin/cp
                                                                                                                                                                                                                            cp -a /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.orig.gpg
                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                              PID:775
                                                                                                                                                                                                                            • /usr/bin/gpgv
                                                                                                                                                                                                                              gpgv --homedir /tmp/apt-key-gpghome.iyC3X6i1vW --keyring /tmp/apt-key-gpghome.iyC3X6i1vW/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.KNZI4i /tmp/apt.data.9zIadu
                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                              • Writes file to tmp directory
                                                                                                                                                                                                                              PID:782
                                                                                                                                                                                                                            • /usr/bin/gpgconf
                                                                                                                                                                                                                              gpgconf --kill all
                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                PID:783
                                                                                                                                                                                                                                • /usr/bin/gpg-connect-agent
                                                                                                                                                                                                                                  gpg-connect-agent --no-autostart KILLAGENT
                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                    PID:784
                                                                                                                                                                                                                                  • /usr/bin/gpg-connect-agent
                                                                                                                                                                                                                                    gpg-connect-agent -s --no-autostart "GETINFO scd_running" "/if \${! \$?}" "scd killscd" /end
                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                      PID:785
                                                                                                                                                                                                                                    • /usr/bin/gpg-connect-agent
                                                                                                                                                                                                                                      gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR
                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                        PID:786
                                                                                                                                                                                                                                    • /bin/rm
                                                                                                                                                                                                                                      rm -rf /tmp/apt-key-gpghome.iyC3X6i1vW
                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                      • Writes file to tmp directory
                                                                                                                                                                                                                                      PID:787
                                                                                                                                                                                                                                  • /usr/bin/sort
                                                                                                                                                                                                                                    sort
                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                      PID:762
                                                                                                                                                                                                                                    • /bin/sed
                                                                                                                                                                                                                                      sed -e "s#'#'\"'\"'#g"
                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                        PID:778
                                                                                                                                                                                                                                      • /bin/sed
                                                                                                                                                                                                                                        sed -e "s#'#'\"'\"'#g"
                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                        • Reads runtime system information
                                                                                                                                                                                                                                        PID:781
                                                                                                                                                                                                                                      • /usr/bin/apt-key
                                                                                                                                                                                                                                        /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.tYGZud /tmp/apt.data.VfUbKq
                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                        • Write file to user bin folder
                                                                                                                                                                                                                                        PID:789
                                                                                                                                                                                                                                        • /usr/bin/apt-config
                                                                                                                                                                                                                                          apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                          • Writes file to tmp directory
                                                                                                                                                                                                                                          PID:791
                                                                                                                                                                                                                                          • /usr/bin/dpkg
                                                                                                                                                                                                                                            /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                              PID:792
                                                                                                                                                                                                                                          • /usr/bin/apt-config
                                                                                                                                                                                                                                            apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                              PID:793
                                                                                                                                                                                                                                              • /usr/bin/dpkg
                                                                                                                                                                                                                                                /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                • Reads runtime system information
                                                                                                                                                                                                                                                PID:794
                                                                                                                                                                                                                                            • /usr/bin/apt-config
                                                                                                                                                                                                                                              apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                              • Writes file to tmp directory
                                                                                                                                                                                                                                              PID:795
                                                                                                                                                                                                                                              • /usr/bin/dpkg
                                                                                                                                                                                                                                                /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                  PID:796
                                                                                                                                                                                                                                              • /usr/bin/apt-config
                                                                                                                                                                                                                                                apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                • Writes file to tmp directory
                                                                                                                                                                                                                                                PID:797
                                                                                                                                                                                                                                                • /usr/bin/dpkg
                                                                                                                                                                                                                                                  /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                    PID:798
                                                                                                                                                                                                                                                • /usr/bin/apt-config
                                                                                                                                                                                                                                                  apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                  • Writes file to tmp directory
                                                                                                                                                                                                                                                  PID:799
                                                                                                                                                                                                                                                  • /usr/bin/dpkg
                                                                                                                                                                                                                                                    /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                      PID:800
                                                                                                                                                                                                                                                  • /usr/bin/apt-config
                                                                                                                                                                                                                                                    apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                    • Writes file to tmp directory
                                                                                                                                                                                                                                                    PID:801
                                                                                                                                                                                                                                                    • /usr/bin/dpkg
                                                                                                                                                                                                                                                      /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                        PID:802
                                                                                                                                                                                                                                                    • /usr/bin/apt-config
                                                                                                                                                                                                                                                      apt-config shell GPGV Apt::Key::gpgvcommand
                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                      • Writes file to tmp directory
                                                                                                                                                                                                                                                      PID:804
                                                                                                                                                                                                                                                      • /usr/bin/dpkg
                                                                                                                                                                                                                                                        /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                          PID:805
                                                                                                                                                                                                                                                      • /bin/mktemp
                                                                                                                                                                                                                                                        mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                          PID:806
                                                                                                                                                                                                                                                        • /bin/chmod
                                                                                                                                                                                                                                                          chmod 700 /tmp/apt-key-gpghome.Xp4PC2pycL
                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                            PID:807
                                                                                                                                                                                                                                                          • /bin/readlink
                                                                                                                                                                                                                                                            readlink -f /tmp/apt-key-gpghome.Xp4PC2pycL
                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                              PID:808
                                                                                                                                                                                                                                                            • /bin/rm
                                                                                                                                                                                                                                                              rm -f /tmp/apt-key-gpghome.Xp4PC2pycL/pubring.gpg
                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                              • Writes file to tmp directory
                                                                                                                                                                                                                                                              PID:809
                                                                                                                                                                                                                                                            • /usr/bin/touch
                                                                                                                                                                                                                                                              touch /tmp/apt-key-gpghome.Xp4PC2pycL/pubring.gpg
                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                              • Writes file to tmp directory
                                                                                                                                                                                                                                                              PID:810
                                                                                                                                                                                                                                                            • /usr/bin/apt-config
                                                                                                                                                                                                                                                              apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                              • Writes file to tmp directory
                                                                                                                                                                                                                                                              PID:811
                                                                                                                                                                                                                                                              • /usr/bin/dpkg
                                                                                                                                                                                                                                                                /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                  PID:812
                                                                                                                                                                                                                                                              • /bin/readlink
                                                                                                                                                                                                                                                                readlink -f /etc/apt/trusted.gpg.d/
                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                  PID:813
                                                                                                                                                                                                                                                                • /usr/bin/find
                                                                                                                                                                                                                                                                  find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                    PID:814
                                                                                                                                                                                                                                                                  • /usr/bin/cmp
                                                                                                                                                                                                                                                                    cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                      PID:819
                                                                                                                                                                                                                                                                    • /bin/cat
                                                                                                                                                                                                                                                                      cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                        PID:821
                                                                                                                                                                                                                                                                      • /usr/bin/cmp
                                                                                                                                                                                                                                                                        cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                          PID:823
                                                                                                                                                                                                                                                                        • /bin/cat
                                                                                                                                                                                                                                                                          cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                            PID:825
                                                                                                                                                                                                                                                                          • /usr/bin/cmp
                                                                                                                                                                                                                                                                            cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                              PID:827
                                                                                                                                                                                                                                                                            • /bin/cat
                                                                                                                                                                                                                                                                              cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                PID:829
                                                                                                                                                                                                                                                                              • /bin/cp
                                                                                                                                                                                                                                                                                cp -a /tmp/apt-key-gpghome.Xp4PC2pycL/pubring.gpg /tmp/apt-key-gpghome.Xp4PC2pycL/pubring.orig.gpg
                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                • Writes file to tmp directory
                                                                                                                                                                                                                                                                                PID:830
                                                                                                                                                                                                                                                                            • /usr/bin/sort
                                                                                                                                                                                                                                                                              sort
                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                PID:817
                                                                                                                                                                                                                                                                              • /bin/sed
                                                                                                                                                                                                                                                                                sed -e "s#'#'\"'\"'#g"
                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                  PID:833

                                                                                                                                                                                                                                                                                Network

                                                                                                                                                                                                                                                                                MITRE ATT&CK Enterprise v6

                                                                                                                                                                                                                                                                                Replay Monitor

                                                                                                                                                                                                                                                                                Loading Replay Monitor...

                                                                                                                                                                                                                                                                                Downloads