Analysis

  • max time kernel
    0s
  • max time network
    102s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    27-03-2023 09:42

General

  • Target

    7000.64

  • Size

    710KB

  • MD5

    d80e1546a194e42f049b1a15287aa4d6

  • SHA1

    980f2d902a250cd3298e2acf45bfbc31044cd8f5

  • SHA256

    7bce4673ac5b7db9bd5d27076c770925c181745b784f806024413a3b5552eebf

  • SHA512

    24501f6bb75078ebdb51999ed32ec1cea6ad57fe27dd48e12066de65dacf8570d0f875c79b9734f844f60042ad8c806d8293f9a92ee15d59fd9b68a50eec8a49

  • SSDEEP

    12288:ZIlddxPHCo90S9LTXIXs5im4MkQbSJDTdx4Is//O1ScnBM:ZI/dLTXIXw4jQb+Tffs//gScS

Score
7/10

Malware Config

Signatures

  • Modifies init.d 1 TTPs 1 IoCs

    Adds/modifies system service, likely for persistence.

  • Write file to user bin folder 1 TTPs 4 IoCs
  • Reads CPU attributes 1 TTPs 7 IoCs
  • Reads system network configuration 1 TTPs 2 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Enumerates kernel/hardware configuration 1 TTPs 5 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 13 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/7000.64
    /tmp/7000.64
    1⤵
    • Modifies init.d
    PID:580
    • /bin/sh
      sh -c "ps -ef"
      2⤵
        PID:581
        • /bin/ps
          ps -ef
          3⤵
          • Reads CPU attributes
          • Reads runtime system information
          PID:582
      • /bin/sh
        sh -c "chmod 777 /etc/init.d/.zl"
        2⤵
          PID:583
          • /bin/chmod
            chmod 777 /etc/init.d/.zl
            3⤵
              PID:584
          • /bin/sh
            sh -c "ps -ef"
            2⤵
              PID:585
              • /bin/ps
                ps -ef
                3⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:586
            • /bin/sh
              sh -c "(chmod -R 777 /tmp) ; (rm -f /tmp/.lz*) ; (echo yes|cp -p /tmp/7000.64 /tmp/.lz1638981833)"
              2⤵
                PID:587
                • /bin/chmod
                  chmod -R 777 /tmp
                  3⤵
                  • Writes file to tmp directory
                  PID:588
                • /bin/rm
                  rm -f "/tmp/.lz*"
                  3⤵
                  • Writes file to tmp directory
                  PID:589
              • /bin/sh
                sh -c "(chmod +x /tmp/.lz1638981833) ; (setsid /tmp/.lz1638981833 &) "
                2⤵
                  PID:597
                  • /bin/chmod
                    chmod +x /tmp/.lz1638981833
                    3⤵
                      PID:598
                • /bin/cp
                  cp -p /tmp/7000.64 /tmp/.lz1638981833
                  1⤵
                  • Writes file to tmp directory
                  PID:592
                • /usr/bin/setsid
                  setsid /tmp/.lz1638981833
                  1⤵
                    PID:600
                  • /tmp/.lz1638981833
                    /tmp/.lz1638981833
                    1⤵
                      PID:600
                      • /bin/sh
                        sh -c "ps -ef"
                        2⤵
                          PID:601
                          • /bin/ps
                            ps -ef
                            3⤵
                            • Reads CPU attributes
                            • Reads runtime system information
                            PID:602
                      • /bin/sh
                        sh -c "ps -ef"
                        1⤵
                          PID:604
                          • /bin/ps
                            ps -ef
                            2⤵
                            • Reads CPU attributes
                            • Reads runtime system information
                            PID:608
                        • /bin/sh
                          sh -c "chkconfig --level 0123456 iptables off > /dev/null"
                          1⤵
                            PID:606
                          • /bin/sh
                            sh -c "top -bn 1 | grep Cpu | cut -d \",\" -f 1 | cut -d \":\" -f 2"
                            1⤵
                              PID:609
                              • /usr/bin/top
                                top -bn 1
                                2⤵
                                • Reads CPU attributes
                                • Enumerates kernel/hardware configuration
                                • Reads runtime system information
                                PID:613
                              • /bin/grep
                                grep Cpu
                                2⤵
                                  PID:614
                                • /usr/bin/cut
                                  cut -d "," -f 1
                                  2⤵
                                    PID:615
                                  • /usr/bin/cut
                                    cut -d : -f 2
                                    2⤵
                                      PID:616
                                  • /bin/sh
                                    sh -c "chkconfig --level 0123456 ip6tables off > /dev/null"
                                    1⤵
                                      PID:610
                                    • /bin/sh
                                      sh -c "echo yes|cp -p /tmp/.lz1638981833 /etc/.zl"
                                      1⤵
                                        PID:611
                                        • /bin/cp
                                          cp -p /tmp/.lz1638981833 /etc/.zl
                                          2⤵
                                          • Writes file to tmp directory
                                          PID:619
                                      • /bin/sh
                                        sh -c "systemctl stop iptables.service > /dev/null"
                                        1⤵
                                          PID:617
                                          • /bin/systemctl
                                            systemctl stop iptables.service
                                            2⤵
                                            • Reads runtime system information
                                            PID:620
                                        • /bin/sh
                                          sh -c "service iptables stop > /dev/null"
                                          1⤵
                                            PID:621
                                            • /usr/sbin/service
                                              service iptables stop
                                              2⤵
                                              • Write file to user bin folder
                                              PID:622
                                              • /usr/bin/basename
                                                basename /usr/sbin/service
                                                3⤵
                                                  PID:623
                                                • /usr/bin/basename
                                                  basename /usr/sbin/service
                                                  3⤵
                                                    PID:624
                                                  • /bin/systemctl
                                                    systemctl --quiet is-active multi-user.target
                                                    3⤵
                                                      PID:625
                                                    • /bin/systemctl
                                                      systemctl -p Triggers show dbus.socket
                                                      3⤵
                                                        PID:637
                                                      • /bin/systemctl
                                                        systemctl -p Triggers show ssh.socket
                                                        3⤵
                                                        • Reads runtime system information
                                                        PID:638
                                                      • /bin/systemctl
                                                        systemctl -p Triggers show syslog.socket
                                                        3⤵
                                                          PID:639
                                                        • /bin/systemctl
                                                          systemctl -p Triggers show systemd-fsckd.socket
                                                          3⤵
                                                            PID:640
                                                          • /bin/systemctl
                                                            systemctl -p Triggers show systemd-initctl.socket
                                                            3⤵
                                                              PID:641
                                                            • /bin/systemctl
                                                              systemctl -p Triggers show systemd-journald-audit.socket
                                                              3⤵
                                                                PID:642
                                                              • /bin/systemctl
                                                                systemctl -p Triggers show systemd-journald-dev-log.socket
                                                                3⤵
                                                                  PID:643
                                                                • /bin/systemctl
                                                                  systemctl -p Triggers show systemd-journald.socket
                                                                  3⤵
                                                                    PID:644
                                                                  • /bin/systemctl
                                                                    systemctl -p Triggers show systemd-networkd.socket
                                                                    3⤵
                                                                      PID:645
                                                                    • /bin/systemctl
                                                                      systemctl -p Triggers show systemd-rfkill.socket
                                                                      3⤵
                                                                        PID:646
                                                                      • /bin/systemctl
                                                                        systemctl -p Triggers show systemd-udevd-control.socket
                                                                        3⤵
                                                                        • Reads runtime system information
                                                                        PID:647
                                                                      • /bin/systemctl
                                                                        systemctl -p Triggers show systemd-udevd-kernel.socket
                                                                        3⤵
                                                                          PID:648
                                                                        • /bin/systemctl
                                                                          systemctl -p Triggers show uuidd.socket
                                                                          3⤵
                                                                            PID:649
                                                                        • /usr/local/sbin/systemctl
                                                                          systemctl stop iptables.service
                                                                          2⤵
                                                                            PID:622
                                                                          • /usr/local/bin/systemctl
                                                                            systemctl stop iptables.service
                                                                            2⤵
                                                                              PID:622
                                                                            • /usr/sbin/systemctl
                                                                              systemctl stop iptables.service
                                                                              2⤵
                                                                                PID:622
                                                                              • /usr/bin/systemctl
                                                                                systemctl stop iptables.service
                                                                                2⤵
                                                                                  PID:622
                                                                                • /sbin/systemctl
                                                                                  systemctl stop iptables.service
                                                                                  2⤵
                                                                                    PID:622
                                                                                  • /bin/systemctl
                                                                                    systemctl stop iptables.service
                                                                                    2⤵
                                                                                      PID:622
                                                                                  • /bin/systemctl
                                                                                    systemctl list-unit-files --full "--type=socket"
                                                                                    1⤵
                                                                                      PID:627
                                                                                    • /bin/sed
                                                                                      sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
                                                                                      1⤵
                                                                                        PID:628
                                                                                      • /bin/sh
                                                                                        sh -c "grep \"\\beth\" /proc/net/dev |cut -d \":\" -f 2 | awk '{print \$9}'"
                                                                                        1⤵
                                                                                          PID:629
                                                                                          • /bin/grep
                                                                                            grep "\\beth" /proc/net/dev
                                                                                            2⤵
                                                                                            • Reads system network configuration
                                                                                            PID:630
                                                                                          • /usr/bin/cut
                                                                                            cut -d : -f 2
                                                                                            2⤵
                                                                                              PID:631
                                                                                            • /usr/bin/awk
                                                                                              awk "{print \$9}"
                                                                                              2⤵
                                                                                                PID:632
                                                                                            • /bin/sh
                                                                                              sh -c "grep \"\\beth\" /proc/net/dev |cut -d \":\" -f 2 | awk '{print \$10}'"
                                                                                              1⤵
                                                                                                PID:633
                                                                                                • /bin/grep
                                                                                                  grep "\\beth" /proc/net/dev
                                                                                                  2⤵
                                                                                                  • Reads system network configuration
                                                                                                  PID:634
                                                                                                • /usr/bin/awk
                                                                                                  awk "{print \$10}"
                                                                                                  2⤵
                                                                                                    PID:636
                                                                                                  • /usr/bin/cut
                                                                                                    cut -d : -f 2
                                                                                                    2⤵
                                                                                                      PID:635
                                                                                                  • /bin/sh
                                                                                                    sh -c "/etc/init.d/iptables stop > /dev/null"
                                                                                                    1⤵
                                                                                                      PID:650
                                                                                                      • /etc/init.d/iptables
                                                                                                        /etc/init.d/iptables stop
                                                                                                        2⤵
                                                                                                          PID:651
                                                                                                      • /bin/sh
                                                                                                        sh -c "reSuSEfirewall2 stop > /dev/null"
                                                                                                        1⤵
                                                                                                          PID:652
                                                                                                        • /bin/sh
                                                                                                          sh -c "SuSEfirewall2 stop > /dev/null"
                                                                                                          1⤵
                                                                                                            PID:653
                                                                                                          • /bin/sh
                                                                                                            sh -c "service ebtables stop > /dev/null"
                                                                                                            1⤵
                                                                                                              PID:654
                                                                                                              • /usr/sbin/service
                                                                                                                service ebtables stop
                                                                                                                2⤵
                                                                                                                • Write file to user bin folder
                                                                                                                PID:655
                                                                                                                • /usr/bin/basename
                                                                                                                  basename /usr/sbin/service
                                                                                                                  3⤵
                                                                                                                    PID:656
                                                                                                                  • /usr/bin/basename
                                                                                                                    basename /usr/sbin/service
                                                                                                                    3⤵
                                                                                                                      PID:657
                                                                                                                    • /bin/systemctl
                                                                                                                      systemctl --quiet is-active multi-user.target
                                                                                                                      3⤵
                                                                                                                        PID:658
                                                                                                                      • /bin/systemctl
                                                                                                                        systemctl -p Triggers show dbus.socket
                                                                                                                        3⤵
                                                                                                                          PID:662
                                                                                                                        • /bin/systemctl
                                                                                                                          systemctl -p Triggers show ssh.socket
                                                                                                                          3⤵
                                                                                                                            PID:663
                                                                                                                          • /bin/systemctl
                                                                                                                            systemctl -p Triggers show syslog.socket
                                                                                                                            3⤵
                                                                                                                            • Reads runtime system information
                                                                                                                            PID:664
                                                                                                                          • /bin/systemctl
                                                                                                                            systemctl -p Triggers show systemd-fsckd.socket
                                                                                                                            3⤵
                                                                                                                              PID:665
                                                                                                                            • /bin/systemctl
                                                                                                                              systemctl -p Triggers show systemd-initctl.socket
                                                                                                                              3⤵
                                                                                                                                PID:666
                                                                                                                              • /bin/systemctl
                                                                                                                                systemctl -p Triggers show systemd-journald-audit.socket
                                                                                                                                3⤵
                                                                                                                                  PID:667
                                                                                                                                • /bin/systemctl
                                                                                                                                  systemctl -p Triggers show systemd-journald-dev-log.socket
                                                                                                                                  3⤵
                                                                                                                                    PID:668
                                                                                                                                  • /bin/systemctl
                                                                                                                                    systemctl -p Triggers show systemd-journald.socket
                                                                                                                                    3⤵
                                                                                                                                      PID:669
                                                                                                                                    • /bin/systemctl
                                                                                                                                      systemctl -p Triggers show systemd-networkd.socket
                                                                                                                                      3⤵
                                                                                                                                        PID:670
                                                                                                                                      • /bin/systemctl
                                                                                                                                        systemctl -p Triggers show systemd-rfkill.socket
                                                                                                                                        3⤵
                                                                                                                                          PID:671
                                                                                                                                        • /bin/systemctl
                                                                                                                                          systemctl -p Triggers show systemd-udevd-control.socket
                                                                                                                                          3⤵
                                                                                                                                            PID:672
                                                                                                                                          • /bin/systemctl
                                                                                                                                            systemctl -p Triggers show systemd-udevd-kernel.socket
                                                                                                                                            3⤵
                                                                                                                                              PID:673
                                                                                                                                            • /bin/systemctl
                                                                                                                                              systemctl -p Triggers show uuidd.socket
                                                                                                                                              3⤵
                                                                                                                                                PID:674
                                                                                                                                            • /usr/local/sbin/systemctl
                                                                                                                                              systemctl stop ebtables.service
                                                                                                                                              2⤵
                                                                                                                                                PID:655
                                                                                                                                              • /usr/local/bin/systemctl
                                                                                                                                                systemctl stop ebtables.service
                                                                                                                                                2⤵
                                                                                                                                                  PID:655
                                                                                                                                                • /usr/sbin/systemctl
                                                                                                                                                  systemctl stop ebtables.service
                                                                                                                                                  2⤵
                                                                                                                                                    PID:655
                                                                                                                                                  • /usr/bin/systemctl
                                                                                                                                                    systemctl stop ebtables.service
                                                                                                                                                    2⤵
                                                                                                                                                      PID:655
                                                                                                                                                    • /sbin/systemctl
                                                                                                                                                      systemctl stop ebtables.service
                                                                                                                                                      2⤵
                                                                                                                                                        PID:655
                                                                                                                                                      • /bin/systemctl
                                                                                                                                                        systemctl stop ebtables.service
                                                                                                                                                        2⤵
                                                                                                                                                          PID:655
                                                                                                                                                      • /bin/systemctl
                                                                                                                                                        systemctl list-unit-files --full "--type=socket"
                                                                                                                                                        1⤵
                                                                                                                                                          PID:660
                                                                                                                                                        • /bin/sed
                                                                                                                                                          sed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"
                                                                                                                                                          1⤵
                                                                                                                                                            PID:661
                                                                                                                                                          • /bin/sh
                                                                                                                                                            sh -c "/etc/init.d/ebtables stop > /dev/null"
                                                                                                                                                            1⤵
                                                                                                                                                              PID:675
                                                                                                                                                              • /etc/init.d/ebtables
                                                                                                                                                                /etc/init.d/ebtables stop
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:676
                                                                                                                                                              • /bin/sh
                                                                                                                                                                sh -c "ufw disable > /dev/null"
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:677
                                                                                                                                                                  • /usr/sbin/ufw
                                                                                                                                                                    ufw disable
                                                                                                                                                                    2⤵
                                                                                                                                                                    • Write file to user bin folder
                                                                                                                                                                    PID:678
                                                                                                                                                                    • /sbin/iptables
                                                                                                                                                                      /sbin/iptables -V
                                                                                                                                                                      3⤵
                                                                                                                                                                        PID:679
                                                                                                                                                                      • /lib/ufw/ufw-init
                                                                                                                                                                        /lib/ufw/ufw-init force-stop
                                                                                                                                                                        3⤵
                                                                                                                                                                          PID:680
                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                            ip6tables -L INPUT -n
                                                                                                                                                                            4⤵
                                                                                                                                                                              PID:681
                                                                                                                                                                            • /sbin/iptables
                                                                                                                                                                              iptables -F ufw-logging-deny
                                                                                                                                                                              4⤵
                                                                                                                                                                                PID:686
                                                                                                                                                                              • /sbin/iptables
                                                                                                                                                                                iptables -F ufw-logging-allow
                                                                                                                                                                                4⤵
                                                                                                                                                                                  PID:689
                                                                                                                                                                                • /sbin/iptables
                                                                                                                                                                                  iptables -F ufw-not-local
                                                                                                                                                                                  4⤵
                                                                                                                                                                                    PID:690
                                                                                                                                                                                  • /sbin/iptables
                                                                                                                                                                                    iptables -F ufw-user-logging-input
                                                                                                                                                                                    4⤵
                                                                                                                                                                                      PID:691
                                                                                                                                                                                    • /sbin/iptables
                                                                                                                                                                                      iptables -F ufw-user-limit-accept
                                                                                                                                                                                      4⤵
                                                                                                                                                                                        PID:692
                                                                                                                                                                                      • /sbin/iptables
                                                                                                                                                                                        iptables -F ufw-user-limit
                                                                                                                                                                                        4⤵
                                                                                                                                                                                          PID:693
                                                                                                                                                                                        • /sbin/iptables
                                                                                                                                                                                          iptables -F ufw-skip-to-policy-input
                                                                                                                                                                                          4⤵
                                                                                                                                                                                            PID:694
                                                                                                                                                                                          • /sbin/iptables
                                                                                                                                                                                            iptables -F ufw-reject-input
                                                                                                                                                                                            4⤵
                                                                                                                                                                                              PID:695
                                                                                                                                                                                            • /sbin/iptables
                                                                                                                                                                                              iptables -F ufw-after-logging-input
                                                                                                                                                                                              4⤵
                                                                                                                                                                                                PID:696
                                                                                                                                                                                              • /sbin/iptables
                                                                                                                                                                                                iptables -F ufw-after-input
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                  PID:697
                                                                                                                                                                                                • /sbin/iptables
                                                                                                                                                                                                  iptables -F ufw-user-input
                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                    PID:698
                                                                                                                                                                                                  • /sbin/iptables
                                                                                                                                                                                                    iptables -F ufw-before-input
                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                      PID:699
                                                                                                                                                                                                    • /sbin/iptables
                                                                                                                                                                                                      iptables -F ufw-before-logging-input
                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                        PID:700
                                                                                                                                                                                                      • /sbin/iptables
                                                                                                                                                                                                        iptables -F ufw-skip-to-policy-forward
                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                          PID:701
                                                                                                                                                                                                        • /sbin/iptables
                                                                                                                                                                                                          iptables -F ufw-reject-forward
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                            PID:702
                                                                                                                                                                                                          • /sbin/iptables
                                                                                                                                                                                                            iptables -F ufw-after-logging-forward
                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                              PID:703
                                                                                                                                                                                                            • /sbin/iptables
                                                                                                                                                                                                              iptables -F ufw-after-forward
                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                PID:704
                                                                                                                                                                                                              • /sbin/iptables
                                                                                                                                                                                                                iptables -F ufw-user-logging-forward
                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                  PID:705
                                                                                                                                                                                                                • /sbin/iptables
                                                                                                                                                                                                                  iptables -F ufw-user-forward
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                    PID:706
                                                                                                                                                                                                                  • /sbin/iptables
                                                                                                                                                                                                                    iptables -F ufw-before-forward
                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                      PID:707
                                                                                                                                                                                                                    • /sbin/iptables
                                                                                                                                                                                                                      iptables -F ufw-before-logging-forward
                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                        PID:708
                                                                                                                                                                                                                      • /sbin/iptables
                                                                                                                                                                                                                        iptables -F ufw-track-forward
                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                          PID:709
                                                                                                                                                                                                                        • /sbin/iptables
                                                                                                                                                                                                                          iptables -F ufw-track-output
                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                            PID:710
                                                                                                                                                                                                                          • /sbin/iptables
                                                                                                                                                                                                                            iptables -F ufw-track-input
                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                              PID:711
                                                                                                                                                                                                                            • /sbin/iptables
                                                                                                                                                                                                                              iptables -F ufw-skip-to-policy-output
                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                PID:712
                                                                                                                                                                                                                              • /sbin/iptables
                                                                                                                                                                                                                                iptables -F ufw-reject-output
                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                  PID:713
                                                                                                                                                                                                                                • /sbin/iptables
                                                                                                                                                                                                                                  iptables -F ufw-after-logging-output
                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                    PID:714
                                                                                                                                                                                                                                  • /sbin/iptables
                                                                                                                                                                                                                                    iptables -F ufw-after-output
                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                      PID:715
                                                                                                                                                                                                                                    • /sbin/iptables
                                                                                                                                                                                                                                      iptables -F ufw-user-logging-output
                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                        PID:716
                                                                                                                                                                                                                                      • /sbin/iptables
                                                                                                                                                                                                                                        iptables -F ufw-user-output
                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                          PID:717
                                                                                                                                                                                                                                        • /sbin/iptables
                                                                                                                                                                                                                                          iptables -F ufw-before-output
                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                            PID:718
                                                                                                                                                                                                                                          • /sbin/iptables
                                                                                                                                                                                                                                            iptables -F ufw-before-logging-output
                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                              PID:719
                                                                                                                                                                                                                                            • /sbin/iptables
                                                                                                                                                                                                                                              iptables -Z ufw-logging-deny
                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                PID:720
                                                                                                                                                                                                                                              • /sbin/iptables
                                                                                                                                                                                                                                                iptables -Z ufw-logging-allow
                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                  PID:721
                                                                                                                                                                                                                                                • /sbin/iptables
                                                                                                                                                                                                                                                  iptables -Z ufw-not-local
                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                    PID:722
                                                                                                                                                                                                                                                  • /sbin/iptables
                                                                                                                                                                                                                                                    iptables -Z ufw-user-logging-input
                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                      PID:723
                                                                                                                                                                                                                                                    • /sbin/iptables
                                                                                                                                                                                                                                                      iptables -Z ufw-user-limit-accept
                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                        PID:724
                                                                                                                                                                                                                                                      • /sbin/iptables
                                                                                                                                                                                                                                                        iptables -Z ufw-user-limit
                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                          PID:725
                                                                                                                                                                                                                                                        • /sbin/iptables
                                                                                                                                                                                                                                                          iptables -Z ufw-skip-to-policy-input
                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                            PID:726
                                                                                                                                                                                                                                                          • /sbin/iptables
                                                                                                                                                                                                                                                            iptables -Z ufw-reject-input
                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                              PID:727
                                                                                                                                                                                                                                                            • /sbin/iptables
                                                                                                                                                                                                                                                              iptables -Z ufw-after-logging-input
                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                PID:728
                                                                                                                                                                                                                                                              • /sbin/iptables
                                                                                                                                                                                                                                                                iptables -Z ufw-after-input
                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                  PID:729
                                                                                                                                                                                                                                                                • /sbin/iptables
                                                                                                                                                                                                                                                                  iptables -Z ufw-user-input
                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                    PID:730
                                                                                                                                                                                                                                                                  • /sbin/iptables
                                                                                                                                                                                                                                                                    iptables -Z ufw-before-input
                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                      PID:731
                                                                                                                                                                                                                                                                    • /sbin/iptables
                                                                                                                                                                                                                                                                      iptables -Z ufw-before-logging-input
                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                        PID:732
                                                                                                                                                                                                                                                                      • /sbin/iptables
                                                                                                                                                                                                                                                                        iptables -Z ufw-skip-to-policy-forward
                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                          PID:733
                                                                                                                                                                                                                                                                        • /sbin/iptables
                                                                                                                                                                                                                                                                          iptables -Z ufw-reject-forward
                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                            PID:734
                                                                                                                                                                                                                                                                          • /sbin/iptables
                                                                                                                                                                                                                                                                            iptables -Z ufw-after-logging-forward
                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                              PID:735
                                                                                                                                                                                                                                                                            • /sbin/iptables
                                                                                                                                                                                                                                                                              iptables -Z ufw-after-forward
                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                PID:736
                                                                                                                                                                                                                                                                              • /sbin/iptables
                                                                                                                                                                                                                                                                                iptables -Z ufw-user-logging-forward
                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                  PID:737
                                                                                                                                                                                                                                                                                • /sbin/iptables
                                                                                                                                                                                                                                                                                  iptables -Z ufw-user-forward
                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                    PID:738
                                                                                                                                                                                                                                                                                  • /sbin/iptables
                                                                                                                                                                                                                                                                                    iptables -Z ufw-before-forward
                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                      PID:739
                                                                                                                                                                                                                                                                                    • /sbin/iptables
                                                                                                                                                                                                                                                                                      iptables -Z ufw-before-logging-forward
                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                        PID:740
                                                                                                                                                                                                                                                                                      • /sbin/iptables
                                                                                                                                                                                                                                                                                        iptables -Z ufw-track-forward
                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                          PID:741
                                                                                                                                                                                                                                                                                        • /sbin/iptables
                                                                                                                                                                                                                                                                                          iptables -Z ufw-track-output
                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                            PID:742
                                                                                                                                                                                                                                                                                          • /sbin/iptables
                                                                                                                                                                                                                                                                                            iptables -Z ufw-track-input
                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                              PID:743
                                                                                                                                                                                                                                                                                            • /sbin/iptables
                                                                                                                                                                                                                                                                                              iptables -Z ufw-skip-to-policy-output
                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                PID:744
                                                                                                                                                                                                                                                                                              • /sbin/iptables
                                                                                                                                                                                                                                                                                                iptables -Z ufw-reject-output
                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                  PID:745
                                                                                                                                                                                                                                                                                                • /sbin/iptables
                                                                                                                                                                                                                                                                                                  iptables -Z ufw-after-logging-output
                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                    PID:746
                                                                                                                                                                                                                                                                                                  • /sbin/iptables
                                                                                                                                                                                                                                                                                                    iptables -Z ufw-after-output
                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                      PID:747
                                                                                                                                                                                                                                                                                                    • /sbin/iptables
                                                                                                                                                                                                                                                                                                      iptables -Z ufw-user-logging-output
                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                        PID:748
                                                                                                                                                                                                                                                                                                      • /sbin/iptables
                                                                                                                                                                                                                                                                                                        iptables -Z ufw-user-output
                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                          PID:749
                                                                                                                                                                                                                                                                                                        • /sbin/iptables
                                                                                                                                                                                                                                                                                                          iptables -Z ufw-before-output
                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                            PID:750
                                                                                                                                                                                                                                                                                                          • /sbin/iptables
                                                                                                                                                                                                                                                                                                            iptables -Z ufw-before-logging-output
                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                              PID:751
                                                                                                                                                                                                                                                                                                            • /sbin/iptables
                                                                                                                                                                                                                                                                                                              iptables -X ufw-logging-deny
                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                PID:752
                                                                                                                                                                                                                                                                                                              • /sbin/iptables
                                                                                                                                                                                                                                                                                                                iptables -X ufw-logging-allow
                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                  PID:753
                                                                                                                                                                                                                                                                                                                • /sbin/iptables
                                                                                                                                                                                                                                                                                                                  iptables -X ufw-not-local
                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                    PID:754
                                                                                                                                                                                                                                                                                                                  • /sbin/iptables
                                                                                                                                                                                                                                                                                                                    iptables -X ufw-user-logging-input
                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                      PID:755
                                                                                                                                                                                                                                                                                                                    • /sbin/iptables
                                                                                                                                                                                                                                                                                                                      iptables -X ufw-user-logging-output
                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                        PID:756
                                                                                                                                                                                                                                                                                                                      • /sbin/iptables
                                                                                                                                                                                                                                                                                                                        iptables -X ufw-user-logging-forward
                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                          PID:757
                                                                                                                                                                                                                                                                                                                        • /sbin/iptables
                                                                                                                                                                                                                                                                                                                          iptables -X ufw-user-limit-accept
                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                            PID:758
                                                                                                                                                                                                                                                                                                                          • /sbin/iptables
                                                                                                                                                                                                                                                                                                                            iptables -X ufw-user-limit
                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                              PID:759
                                                                                                                                                                                                                                                                                                                            • /sbin/iptables
                                                                                                                                                                                                                                                                                                                              iptables -X ufw-user-input
                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                PID:760
                                                                                                                                                                                                                                                                                                                              • /sbin/iptables
                                                                                                                                                                                                                                                                                                                                iptables -X ufw-user-forward
                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                  PID:761
                                                                                                                                                                                                                                                                                                                                • /sbin/iptables
                                                                                                                                                                                                                                                                                                                                  iptables -X ufw-user-output
                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                    PID:762
                                                                                                                                                                                                                                                                                                                                  • /sbin/iptables
                                                                                                                                                                                                                                                                                                                                    iptables -X ufw-skip-to-policy-input
                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                      PID:763
                                                                                                                                                                                                                                                                                                                                    • /sbin/iptables
                                                                                                                                                                                                                                                                                                                                      iptables -X ufw-skip-to-policy-output
                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                        PID:764
                                                                                                                                                                                                                                                                                                                                      • /sbin/iptables
                                                                                                                                                                                                                                                                                                                                        iptables -X ufw-skip-to-policy-forward
                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                          PID:765
                                                                                                                                                                                                                                                                                                                                        • /sbin/iptables
                                                                                                                                                                                                                                                                                                                                          iptables -P INPUT ACCEPT
                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                            PID:766
                                                                                                                                                                                                                                                                                                                                          • /sbin/iptables
                                                                                                                                                                                                                                                                                                                                            iptables -P OUTPUT ACCEPT
                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                              PID:767
                                                                                                                                                                                                                                                                                                                                            • /sbin/iptables
                                                                                                                                                                                                                                                                                                                                              iptables -P FORWARD ACCEPT
                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                PID:769
                                                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                ip6tables -F ufw6-logging-deny
                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                  PID:770
                                                                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                  ip6tables -F ufw6-logging-allow
                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                    PID:771
                                                                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                    ip6tables -F ufw6-not-local
                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                      PID:772
                                                                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                      ip6tables -F ufw6-user-logging-input
                                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                                        PID:774
                                                                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                        ip6tables -F ufw6-user-limit-accept
                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                          PID:776
                                                                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                          ip6tables -F ufw6-user-limit
                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                            PID:778
                                                                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                            ip6tables -F ufw6-skip-to-policy-input
                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                              PID:781
                                                                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                              ip6tables -F ufw6-reject-input
                                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                                PID:782
                                                                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                ip6tables -F ufw6-after-logging-input
                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:783
                                                                                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                  ip6tables -F ufw6-after-input
                                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                                    PID:785
                                                                                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                    ip6tables -F ufw6-user-input
                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:787
                                                                                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                      ip6tables -F ufw6-before-input
                                                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                                                        PID:788
                                                                                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                        ip6tables -F ufw6-before-logging-input
                                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:789
                                                                                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                          ip6tables -F ufw6-skip-to-policy-forward
                                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                                            PID:790
                                                                                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                            ip6tables -F ufw6-reject-forward
                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:791
                                                                                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                              ip6tables -F ufw6-after-logging-forward
                                                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:792
                                                                                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                ip6tables -F ufw6-after-forward
                                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                                  PID:793
                                                                                                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                  ip6tables -F ufw6-user-logging-forward
                                                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:794
                                                                                                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                    ip6tables -F ufw6-user-forward
                                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                                      PID:795
                                                                                                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                      ip6tables -F ufw6-before-forward
                                                                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                                                                        PID:796
                                                                                                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                        ip6tables -F ufw6-before-logging-forward
                                                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:797
                                                                                                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                          ip6tables -F ufw6-track-forward
                                                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                                                            PID:798
                                                                                                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                            ip6tables -F ufw6-track-output
                                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:799
                                                                                                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                              ip6tables -F ufw6-track-input
                                                                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                                                                PID:800
                                                                                                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                ip6tables -F ufw6-skip-to-policy-output
                                                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:801
                                                                                                                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                  ip6tables -F ufw6-reject-output
                                                                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:802
                                                                                                                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                    ip6tables -F ufw6-after-logging-output
                                                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                                                      PID:803
                                                                                                                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                      ip6tables -F ufw6-after-output
                                                                                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:804
                                                                                                                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                        ip6tables -F ufw6-user-logging-output
                                                                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:805
                                                                                                                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                          ip6tables -F ufw6-user-output
                                                                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:806
                                                                                                                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                            ip6tables -F ufw6-before-output
                                                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:807
                                                                                                                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                              ip6tables -F ufw6-before-logging-output
                                                                                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:808
                                                                                                                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                ip6tables -Z ufw6-logging-deny
                                                                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:809
                                                                                                                                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                  ip6tables -Z ufw6-logging-allow
                                                                                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:810
                                                                                                                                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                    ip6tables -Z ufw6-not-local
                                                                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:811
                                                                                                                                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                      ip6tables -Z ufw6-user-logging-input
                                                                                                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                        PID:812
                                                                                                                                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                        ip6tables -Z ufw6-user-limit-accept
                                                                                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:813
                                                                                                                                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                          ip6tables -Z ufw6-user-limit
                                                                                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:814
                                                                                                                                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                            ip6tables -Z ufw6-skip-to-policy-input
                                                                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:815
                                                                                                                                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                              ip6tables -Z ufw6-reject-input
                                                                                                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:816
                                                                                                                                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                ip6tables -Z ufw6-after-logging-input
                                                                                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:817
                                                                                                                                                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                  ip6tables -Z ufw6-after-input
                                                                                                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:818
                                                                                                                                                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                    ip6tables -Z ufw6-user-input
                                                                                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:819
                                                                                                                                                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                      ip6tables -Z ufw6-before-input
                                                                                                                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:820
                                                                                                                                                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                        ip6tables -Z ufw6-before-logging-input
                                                                                                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:821
                                                                                                                                                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                          ip6tables -Z ufw6-skip-to-policy-forward
                                                                                                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:822
                                                                                                                                                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                            ip6tables -Z ufw6-reject-forward
                                                                                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:823
                                                                                                                                                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                              ip6tables -Z ufw6-after-logging-forward
                                                                                                                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:824
                                                                                                                                                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                ip6tables -Z ufw6-after-forward
                                                                                                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:825
                                                                                                                                                                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                  ip6tables -Z ufw6-user-logging-forward
                                                                                                                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:826
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                    ip6tables -Z ufw6-user-forward
                                                                                                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:827
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                      ip6tables -Z ufw6-before-forward
                                                                                                                                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:828
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                        ip6tables -Z ufw6-before-logging-forward
                                                                                                                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:829
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                          ip6tables -Z ufw6-track-forward
                                                                                                                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:830
                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                            ip6tables -Z ufw6-track-output
                                                                                                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:831
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                              ip6tables -Z ufw6-track-input
                                                                                                                                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:832
                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                ip6tables -Z ufw6-skip-to-policy-output
                                                                                                                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:833
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ip6tables -Z ufw6-reject-output
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:834
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    ip6tables -Z ufw6-after-logging-output
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:835
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      ip6tables -Z ufw6-after-output
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:836
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ip6tables -Z ufw6-user-logging-output
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:837
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ip6tables -Z ufw6-user-output
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:838
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ip6tables -Z ufw6-before-output
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:839
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              ip6tables -Z ufw6-before-logging-output
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:840
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ip6tables -X ufw6-logging-deny
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:841
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ip6tables -X ufw6-logging-allow
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:842
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    ip6tables -X ufw6-not-local
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:843
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      ip6tables -X ufw6-user-logging-input
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:844
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ip6tables -X ufw6-user-logging-output
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:845
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ip6tables -X ufw6-user-logging-forward
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:846
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ip6tables -X ufw6-user-limit-accept
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:847
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              ip6tables -X ufw6-user-limit
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:848
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ip6tables -X ufw6-user-input
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:849
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  ip6tables -X ufw6-user-forward
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:850
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    ip6tables -X ufw6-user-output
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:851
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      ip6tables -X ufw6-skip-to-policy-input
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:852
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ip6tables -X ufw6-skip-to-policy-output
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:853
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ip6tables -X ufw6-skip-to-policy-forward
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:854
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ip6tables -P INPUT ACCEPT
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:855
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              ip6tables -P OUTPUT ACCEPT
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:856
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /sbin/ip6tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ip6tables -P FORWARD ACCEPT
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:857
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /sbin/modprobe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            /sbin/modprobe ip6_tables
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Enumerates kernel/hardware configuration
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:682
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /bin/sh
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            sh -c "(chmod +x /etc/.zl) ; (setsid /etc/.zl &) "
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:768
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /bin/chmod
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                chmod +x /etc/.zl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:773
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/setsid
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                setsid /etc/.zl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:777
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • /etc/.zl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  /etc/.zl
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:777
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • /bin/sh
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      sh -c "ps -ef"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:779
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /bin/ps
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ps -ef
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:780
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • /bin/sh
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        sh -c "ps -ef"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:784
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • /bin/ps
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ps -ef
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads CPU attributes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:786
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /bin/sh
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          sh -c "ps -ef"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:864
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • /bin/sh
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          sh -c "netstat -anp | grep \":6009\" |awk '{print \$NF}' |cut -d \"/\" -f 1 | xargs kill -9 > /dev/null ;free -m > /dev/null"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:858
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • /bin/grep
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              grep :6009
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:860
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • /usr/bin/awk
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                awk "{print \$NF}"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:861

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Network

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              MITRE ATT&CK Matrix ATT&CK v6

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Persistence

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1547

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Hijack Execution Flow

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1574

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Privilege Escalation

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1547

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Hijack Execution Flow

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1574

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Defense Evasion

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Hijack Execution Flow

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1574

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              System Information Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1082

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              System Network Configuration Discovery

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              T1016

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Downloads