Malware Analysis Report

2024-10-16 06:06

Sample ID 240715-fq8exasbrb
Target k3s-master.zip
SHA256 5970adefd66635b0a58c373c4ca8632c379eb21503270ff1329d90ae66e45e31
Tags
evasion antivm
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

5970adefd66635b0a58c373c4ca8632c379eb21503270ff1329d90ae66e45e31

Threat Level: Shows suspicious behavior

The file k3s-master.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion antivm

Reads list of loaded kernel modules

Enumerates running processes

Write file to user bin folder

Reads CPU attributes

Checks CPU configuration

Reads runtime system information

Enumerates kernel/hardware configuration

Enumerates physical storage devices

Writes file to tmp directory

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-15 05:05

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:14

Platform

win10v2004-20240709-en

Max time kernel

148s

Max time network

153s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\k3s-master.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\k3s-master.zip

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 17.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:14

Platform

win7-20240705-en

Max time kernel

121s

Max time network

124s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.drone.yml

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\yml_auto_file C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\yml_auto_file\ C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\.yml C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\.yml\ = "yml_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\yml_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\yml_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\yml_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\yml_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.drone.yml

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\k3s-master\.drone.yml

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\k3s-master\.drone.yml"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 a5d8913803d9b7b30dbc7af3afad10b3
SHA1 2ad12c0b6851b3d2ad6449a33f199e9c3ef03f8c
SHA256 e00d04befba93863930526f60b6a4c2e0e791d469baa58152ce83d62a0a5a24d
SHA512 5a75a788c6cdf609a20f0c4295258521551cdc0ed33a01cef66ced7eef1109c2a9114e6d4f535f71a12bad76719cf8cc63cb6c480deb149640661d8830ec1305

Analysis: behavioral18

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-mipsel-20240418-en

Max time kernel

9s

Max time network

9s

Command Line

[/tmp/k3s-master/contrib/util/diagnostics.sh]

Signatures

Enumerates running processes

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /sbin/sysctl N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/21/status /bin/ps N/A
File opened for reading /proc/688/status /bin/ps N/A
File opened for reading /proc/sys/kernel/keys /sbin/sysctl N/A
File opened for reading /proc/sys/kernel/random/boot_id /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/ipfrag_high_thresh /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/udp_rmem_min /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/all/optimistic_dad /sbin/sysctl N/A
File opened for reading /proc/1/stat /bin/ps N/A
File opened for reading /proc/710/stat /bin/ps N/A
File opened for reading /proc/333/stat /usr/bin/pgrep N/A
File opened for reading /proc/sys/net/ipv6/conf/all/mldv2_unsolicited_report_interval /sbin/sysctl N/A
File opened for reading /proc/17/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/sys/net/ipv4/neigh/lo/gc_stale_time /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/tcp_fwmark_accept /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/default/accept_ra /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/neigh/lo/base_reachable_time_ms /sbin/sysctl N/A
File opened for reading /proc/10/stat /bin/ps N/A
File opened for reading /proc/22/stat /bin/ps N/A
File opened for reading /proc/333/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/sys/net/ipv4/conf/lo/igmpv3_unsolicited_report_interval /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/neigh/default/proxy_qlen /sbin/sysctl N/A
File opened for reading /proc/68/status /bin/ps N/A
File opened for reading /proc/704/cmdline /bin/ps N/A
File opened for reading /proc/69/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/331/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/sys/net/ipv4/conf/all/route_localnet /sbin/sysctl N/A
File opened for reading /proc/sys/user /sbin/sysctl N/A
File opened for reading /proc/15/status /bin/ps N/A
File opened for reading /proc/sys/kernel/dmesg_restrict /sbin/sysctl N/A
File opened for reading /proc/36/stat /bin/ps N/A
File opened for reading /proc/360/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/71/stat /usr/bin/pgrep N/A
File opened for reading /proc/sys/fs/epoll/max_user_watches /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/lo/optimistic_dad /sbin/sysctl N/A
File opened for reading /proc/sys/vm/dirty_bytes /sbin/sysctl N/A
File opened for reading /proc/15/stat /bin/ps N/A
File opened for reading /proc/17/status /bin/ps N/A
File opened for reading /proc/728/cmdline /bin/ps N/A
File opened for reading /proc/sys/net/core/busy_poll /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/conf/enp0s19/route_localnet /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/enp0s19/optimistic_dad /sbin/sysctl N/A
File opened for reading /proc/sys/vm/admin_reserve_kbytes /sbin/sysctl N/A
File opened for reading /proc/sys/kernel/modprobe /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/neigh/enp0s19/unres_qlen /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/default/ignore_routes_with_linkdown /sbin/sysctl N/A
File opened for reading /proc/22/cmdline /bin/ps N/A
File opened for reading /proc/sys/net/ipv4/conf/enp0s19/arp_announce /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/default/router_solicitation_delay /sbin/sysctl N/A
File opened for reading /proc/sys/net/netfilter /sbin/sysctl N/A
File opened for reading /proc/76/stat /bin/ps N/A
File opened for reading /proc/249/status /bin/ps N/A
File opened for reading /proc/1/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/127/stat /bin/ps N/A
File opened for reading /proc/72/stat /usr/bin/pgrep N/A
File opened for reading /proc/sys/net/ipv4/conf/all/drop_unicast_in_l2_multicast /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/conf/default/secure_redirects /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/conf/enp0s19/accept_local /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/enp0s19/accept_ra_rtr_pref /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/neigh/enp0s19/locktime /sbin/sysctl N/A
File opened for reading /proc/sys/vm/lowmem_reserve_ratio /sbin/sysctl N/A
File opened for reading /proc/sys/net/core/busy_read /sbin/sysctl N/A
File opened for reading /proc/10/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/sys/kernel/overflowuid /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/all/accept_ra_mtu /sbin/sysctl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-namespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-deployments-allnamespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-replicaset-allnamespaces.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-storageclass,pv,pvc.err.txt /bin/bash N/A
File opened for modification /tmp/sh-thd.nOqzWp /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/mount.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-version.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-version.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/sysctl-a.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-ln.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-nr.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/uname-a.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/uname-a.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-nr.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-config-getcontexts.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ps-uax.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/iptables-L.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-checkconfig.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-checkconfig.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-version.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-config-currentcontext.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-pods-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-daemonset-allnamespaces.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/dmesg.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/df-h.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/df-h.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ifconfig-a.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-replicaset-allnamespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-storageclass,pv,pvc.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/_etc_os-release /bin/cp N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/id.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/mount.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-version.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-namespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-namespaces.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-ln.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/lsof-n-P-p.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/command-v-kubectl.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/command-v-kubectl.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/hostname-f.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/command-v-kubectl.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-nodes.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-deployments-allnamespaces.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/uname-a.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ps-uax.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/id.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/df-h.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-clusterinfo-dump.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-nodes.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/sysctl-a.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ps-uax.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/dmesg.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/lsof-n-P-p.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/mount.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/iptables-S.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-clusterinfo-dump.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-services-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-services-allnamespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-daemonset-allnamespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/hostname-f.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-config-getcontexts.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-clusterinfo-dump.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-nodes.cmd.txt /bin/bash N/A

Processes

/tmp/k3s-master/contrib/util/diagnostics.sh

[/tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/bin/id

[id -u]

/bin/cat

[cat /proc/sys/kernel/random/uuid]

/usr/bin/tr

[tr [:lower:] [:upper:]]

/bin/mktemp

[mktemp -d /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-XXXXXXXX]

/bin/readlink

[readlink -m /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE]

/bin/mkdir

[mkdir -p /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system]

/bin/cp

[cp --recursive --dereference /etc/os-release /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/_etc_os-release]

/sbin/sysctl

[sysctl -a]

/bin/uname

[uname -a]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/uname-a.err.txt]

/bin/ps

[ps uax]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ps-uax.err.txt]

/bin/dmesg

[dmesg]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/dmesg.err.txt]

/usr/bin/id

[id]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/id.err.txt]

/bin/mount

[mount]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/mount.err.txt]

/bin/df

[df -h]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/df-h.err.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ifconfig-a.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-ln.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-nr.txt]

/usr/bin/pgrep

[pgrep -o k3s]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/lsof-n-P-p.txt]

/sbin/iptables

[iptables -L]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/iptables-L.err.txt]

/sbin/iptables

[iptables -S]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/iptables-S.err.txt]

/bin/hostname

[hostname -f]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/hostname-f.txt]

/bin/mkdir

[mkdir -p /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-version.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-checkconfig.txt]

/bin/journalctl

[journalctl --field _SYSTEMD_UNIT]

/bin/grep

[grep k3s]

/bin/mkdir

[mkdir -p /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/command-v-kubectl.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/command-v-kubectl.err.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-version.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-config-getcontexts.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-config-currentcontext.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-clusterinfo-dump.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-namespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-nodes.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-nodes.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-pods-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-services-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-daemonset-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-deployments-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-replicaset-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-storageclass,pv,pvc.txt]

/usr/bin/tr

[tr [:lower:] [:upper:]]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian9-mipsel-20240418-en-11 udp

Files

/tmp/sh-thd.nOqzWp

MD5 41410e2d8c959cf394fbace1118ed224
SHA1 ff1937969adacc186681dfc376f608ae79c2d861
SHA256 d0526f1587b987a87f3b7f6f06393bffcff2054fa2b097d04869c5829ec2140f
SHA512 4136e6ece72b32d605bd199f041dc77046ec01d06e89fdd90ae9383fdaef0e0171ce143068b643b30dc7eea454ac3cc333e98d87d3975d19b7ce7b7949bb6145

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/_etc_os-release

MD5 6b9cb463744e6c78a180041ae5c82068
SHA1 b66fa3cc6b749fc33c049dc2f4ea3b6d9f12a9a7
SHA256 ff83f0c28edf5d329efd04b1f776bceef961380b1733d47469c4c54eab4b40b2
SHA512 3636e4089e683ec160911c7b855495d68993fda6140636a402881ea9d207ca6afad704f10afaa79dbf3e510b3ff2fc31bcf6bb26def11ac22dddaba74cab95be

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/sysctl-a.cmd.txt

MD5 65a913226117e10569f47210ba5cc9e4
SHA1 c958c77311ef8ea7767c0c6e8ad1645eebd9394a
SHA256 4ea6aada74971199ecb08b13fbe3add985765a673bb8ec2c9ed7f488ab8ca21c
SHA512 914ae3d1e97baffa38a84f0bf45e92d77ebada3ad4779e1669696231450825f7f9f989e48fe1bd17b861f1d8ddd763749673cc6ba8041c194b7689c477227cee

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/sysctl-a.err.txt

MD5 d36cc5bb15821d3b56e5783cda82c81d
SHA1 aa805238a3181895d21513c060e7b491c248b169
SHA256 f351dd41c58a56faad25a60b1e2931ed551d10f9b461420e561eed6bd786ff93
SHA512 7f56cd98df040c7c36380e40ecbe9e2db8bbd64ff4f3ff87df55c63554f7603cb42afde1feff1a0bcd85009dc80807e3d7f185e6da9bde8cc1b742150326cb32

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/uname-a.cmd.txt

MD5 6d03a4bce238ab72e1efd760a9d7d22d
SHA1 39a250e1c093ecfcd2473e71716ba65b37940e21
SHA256 a5c41ad2a873e7904cb35754bf57108df0b72d5939ba9d9b0a8250affda6285d
SHA512 28caf42ce66c25c8cea394de5f845490221cc7824c4689ad56cd85ccea4a1e0631ae70870be1a5b36e9fdea88ee069198ea21f839c20434f0c996e09b8a7bd3a

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ps-uax.cmd.txt

MD5 691b561deef6ef64e778e28766cedbf4
SHA1 deecfe74e77f32702af64f7d98f7976bebed926c
SHA256 9a262237c8fdccc327d5fa407fc6ed67125f5c10d6cfa893fd844fc449b0b0f6
SHA512 e9b4dc23441e6723af8e68b3835046bcdd973e157736d610f3691f85fe00ebe71b75bc4dd6a54516b53e9a2ed0e3a248b12344733fb07262ada5b1856cbefb70

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/dmesg.cmd.txt

MD5 5e586b12552daf93c7af22dccbbf673b
SHA1 87b5100b995abbc509d56fbc2f21a5e36f31e19d
SHA256 ecdd46797ccbbd216430279b15b436d2ed9f0afa18d3115f7cb21d88d7c7f227
SHA512 cad46c0ec64a9fd7860343b2703ad98dc5aa0231b8a08af5af34fbd44f8730f313c2f25dd81273b2e3e3c62af69dc11fed051036b6f2fb4e41c91ecb870fca88

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/id.cmd.txt

MD5 49f96038f20aa062772267b640a18d79
SHA1 d5c07425675ba6682d89278ed8616a88d49af0a2
SHA256 984a644ec3b56d32b0404777e1eb73390c4b0742a6a0e183f07861056b6746de
SHA512 2236c2c538189f24d1e9334832ac9db9df3c141bb98af9cd5c6a3ec5ade393a5a573f682953ee2dbff9aaa96bbecc0726deaeee962cd070ed44d183130c7408a

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/mount.cmd.txt

MD5 d8019401b7e42876fd36020a04c3bf2c
SHA1 49e9151a32ea1ffc9b3c50c0d8711575fde1aebe
SHA256 c29c742d06751d4f0189151a5eb8df519779a56b90701230c359d9de849914ad
SHA512 6c549cdea03de6c868080cc301c38948fcedfcb96e0ade3881321e8d6fe2c59f97b73d2b44fc5016cb3a15194a84357d7176da5e6ed5586b193dd9fc7a0ee084

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/df-h.cmd.txt

MD5 69a238d8cb3c5f979252010b3299e524
SHA1 c989bd551bfa8c755f6cacacb90c5c509432110e
SHA256 3242baedf369c64515b1cb0c47ea519e0e5c71911d863ff0e41d4ae9426fcd97
SHA512 ef99d9670cccbd6edfe26c74a13567360cc7f22ee507d68f5e3eceb6c0891689321397c56ddddf8ea942990f72d8276827277b2c1c8213f0c244ce94d286840a

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ifconfig-a.cmd.txt

MD5 af9af3cccdf311f8c81f08e97e8d0aa0
SHA1 93ed74c2d1ab654206a6ff50c8b0955901fed699
SHA256 235a86b5220bd41c03dc776f96f1dc95806e7a0579ffd4126afda0eda33b7186
SHA512 61293697a81ef554d494e9a0219a50dfa9ec2a1658c38e60c1cdbc2c382128faa24a9d9e1f0d871df50a82e16190262e9a83db1372ca324ca625b48b9380de1a

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ifconfig-a.err.txt

MD5 2205dea4d61a6d56f12580a91bf88ebd
SHA1 ea5c2d483ac5600ab9650a15fd5a6cc1abeaef4b
SHA256 96de101f770c28472d203a7c2f0588f76125e56963adc253315ecf7e5362d57b
SHA512 894c76524767d0ed7b890961a8a85582024f61bfc7382c62b42a89b172fa1b3f4cb907517c836838aa76b3ebb9e86838fa24e3029cffaa92e8779f950fb90238

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-ln.cmd.txt

MD5 34b0eb93562d163c0421d090e1af127a
SHA1 a92fd8952b3f7e38e9473507eb5118379762259b
SHA256 6aa3e31d3a1e7c3ad12f70971de5bd17ccd04c42150acb6dcee0366966e4efde
SHA512 3d600a185c170ef42990bef49d5d0fe7cab5b9b523d06f88b3b93900042a5c59dbe3761daf1c5937846d6cb0c2a854ed3d288a5f14bf86e2a4809222c151b98b

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-ln.err.txt

MD5 a01d8d19ee83ee3b9e3aa93994adeac1
SHA1 e8d2614ca92e7bf98a77bd9a665e4c90666d9ea9
SHA256 67dd27625b828ba9afc4e1660cb7ceacaaa1c0c53d1f012092d7634b477caf83
SHA512 852baf4d57d0e566306afbd95e048b579e037436e58df90fd7fffa231c1ce6f35364f19a8463c8e72e189abbafa0d6e2ce0cd63e5fc14fc6923f23bfa86d50a7

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-nr.cmd.txt

MD5 f91997b53c5bb88b78adbc7c6045acfa
SHA1 76d0d0b39dd17bf89516ca246e273aaad204f306
SHA256 69db1fee62f367e4c5c5662955fe1960e638605415869851b82bdb9cb0097176
SHA512 f7bf633b9542a935188a2527075243a72846ebbe18079103035e141571225ecfb5cc7d2647044b89fe2bd6b849c30c41ffda4608fd23886765f34970d3271c5e

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/lsof-n-P-p.cmd.txt

MD5 3b97c34d2930b286446fe0e3c0a3992f
SHA1 8ade115cded46e67fdbf533d6b28ed0965f5e9e5
SHA256 76e39d40cc0973fa69f2968eb13060976f5d9a11e070f9b74b8614086c35d99f
SHA512 d961289fc6ab8e72344b0be929ad8abb327d897c3fe19c84fa92e9530dec3ec80e1706711e4c8104c1cc44f7c7b81f591e9d26ef0df293983dbf9005c312f285

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/lsof-n-P-p.err.txt

MD5 fef6762266aceba4193ef24290aaca06
SHA1 faac5e497bdee0d77c700c53e4e4d3f435a2d4d0
SHA256 dc096a6dd561bf05605bf08b0ae028e6ac371bb55b1ac10b1099326a69c2936e
SHA512 24ad1b561af4a12995f444914014cd1a9c91506c5ada43518d5be94d54f7bd870f9b8dff8a34f8a89ddbc02643816583a39e33ea7d8655b33ee6ee91337a9e93

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/iptables-L.cmd.txt

MD5 434489814c5c403c06037f82f9e9a264
SHA1 47b6cbb7c23e2c02ce89a10ea2df3cb17c8c98aa
SHA256 46da7b1e98fcbc799e2dbe3d5e347476ae1d85818364a70c822add53a488ea46
SHA512 ca0cd8a62be26f5c4a511795ca5a66705f30d78bdff1405e5ad451c2cbb5b4f102334afa9cf956b80f6e36868608a67c0888d34012e8d7140cb2d6402b8f42ca

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/iptables-S.cmd.txt

MD5 3b4ee7611e467391ba258b42f691fc34
SHA1 8f442990dd87f47f59bb91e5f45563e191e4e3dd
SHA256 42129453f7b3b970155c3acaea97965f29694fc7dabd544cdfbde2ad5463348a
SHA512 cfb660bc6c96f7a98e445bd9e0b7f40ebe2c7490351bac2c8a6d3a00a4e1d97ffc5a199e4d399b90b7ef4baf3b3b1468d017afe14004edb2340d23f6aafd17e8

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/hostname-f.cmd.txt

MD5 01c771b88df59ada175c1653db8bea99
SHA1 e21d64f4f91b700f4ce8d9e65bb2806df96e5d55
SHA256 80cfa79f1c72e35ea11dea69762c2bbc0f11c683cd8ef840996ede660d69c04a
SHA512 15f11c20166742cbce33caf92482e2f0b96378f4a4ba17740ab7066511206ef3012ad132934108bbbc98b02c672d6b4348d80b011bbf862624148bdf2860cc54

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/hostname-f.err.txt

MD5 428abf1a44de5a105a35bbd0e39ef779
SHA1 7af871b6aa7748a37dfee56da2c343fb75dbd5d6
SHA256 4f67526861c6d543f3a592aa1e36abc9b39c5d304dafcfb294efb24b3ef4ebba
SHA512 e420f327502d83def7674fd15d9c634c611e0952aac6a826869ad891dd405ed95c618d40b5af1280eaef2a607cc5356d686ca56dda927a61354c11a005893f91

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-version.cmd.txt

MD5 2f314c074a46fcfbf6f5f13a4ea2a6be
SHA1 650ecc8d90046edc71609c5b0a5491bcb7bf4f51
SHA256 ee0d9f93c2b132ac9bbaa7226439ee9e6127425bdf75e630ac894fb85d439bf2
SHA512 a9d1270bbff5f0756a122c32727be732b412a31fb7d4310eaecc93f00d46239d003eeca9032779d35bfa1992e6104342ac082c561e79217cf3775606d4462637

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-version.err.txt

MD5 2f821ac970317a5954f9e4b78a508e63
SHA1 c82324b92ad1f492221cb9203171d87a74182b38
SHA256 6d5a1ded372e8240ae92ab10faa113f4300bc4ad68ba6c9cac7fa7f969dff93d
SHA512 c10c8a1dce6a09cf1bb0acd99c808939c472f92a3d14ecbc5bbd6f15e2bd53036c627542a2f9a959bd23f3b6036bc5e530bf2e96a7705e468496b90f0b1e009d

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-checkconfig.cmd.txt

MD5 3fc4a3e73307f2a04a4901a2d7f65c48
SHA1 4063beda5c8cf430d48c87fa1a6a68ddbb93c20c
SHA256 26f41d1fb3bfccae59379f6a945a348ee951aa4cb6d63ded1b2a7fe51990a570
SHA512 1fc1804eca455263001c23e92dea1cae8fdec88797ff7cf5fecc0943a5c4473e9785300d4570a52e9afa83485c4cfc7541d3c3acf8abb83f7a9b3d18143a5f83

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/command-v-kubectl.cmd.txt

MD5 ae1741b49f8cb260295757450f4e940c
SHA1 4ddff8d1a4d241d916647c3416993c2b71d4f08f
SHA256 5249dea92706d039a3d9c4e7858f4c89b59cde4e0b9295a84b9043e9d73fca9c
SHA512 8dd4a19c58288396d5d3417c4537197bae3cb3536b608870cb15d9b8fec4ba3bf8f2cc60cad2a8c9023228b2e0df42d59d51890d052ce2b7697d76fb32719e44

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-version.cmd.txt

MD5 96275629f4d50cacc031d9fff056ce0c
SHA1 b47a3521d57e3e86b368994e24075ecee3dd82e7
SHA256 c49de28b5ecf8b3ddef8ac49737f3870a2b35b77e27b43ec6c8551ed62fd5b15
SHA512 e0187e7e3bc98aac93fa71c4dc674c54a8325b0454cf64a1b10ff335084d246c414698ac7a293a463de78d30537e92afc9678c8b3951730d2fe1080dfefd8f62

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-version.err.txt

MD5 2b6011e00005a20f051a13323fe2eff0
SHA1 7bbc836e615dbd816abad1086e8c75242f84f6a8
SHA256 09afb740ea2b3de3ebd36d564f4a9ac8f0214f39efcf027617818054ea845511
SHA512 934b95dc713d5c028d099c7c434cbb50707771a875b868a3698de2e131f0801633a7a35700d3207735bb6ce22df323448ca221cf21b1f2ea29775ce114fb4b07

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-config-getcontexts.cmd.txt

MD5 654e808e4ffd2d97f7e608045cfb16a5
SHA1 e95666ee9b61a08e754d914115808feffb985760
SHA256 424d24f21990aa6c59e6f781f0b25e21f48d31697c53e057aa698e20324b497a
SHA512 69252aa13b6f9231b8337b71bcd88b8b7bedd6cb4ce9bd912d34fa1c1327e07371385398ccbd3dbc71da2f768f6285a3f77a9e05368b2fb0fa22d1f3c7b22a27

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-config-currentcontext.cmd.txt

MD5 3f76b376d8dc2e1a52eeabb0c3830887
SHA1 5f85fa92c2bbe97609a2ba048a8767bf281d0f7a
SHA256 09ff9097f11f5a67fff70dbec7bfa87df7f2187ee5c029a2c90d6c208bfbbee3
SHA512 1f38033692606a45b15c347494db53b5ae9dbeff6b0898ab9d3e1395c659ec077b21b96127db314387fde40e13c92b820d823e3df7e4363ab92db346f0b798fb

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-clusterinfo-dump.cmd.txt

MD5 6fbf190b03be40ae5f8ec36154c72514
SHA1 c4a49be9f3d7276f30078ed1a7d14f2c40bef3cd
SHA256 264c0da3f3425bcbbe165df2fea3ec2e3dfc0727e7352510c5ab9cbefbfafcb0
SHA512 b460c1d6f32a83ac133690712c359bfe911da14058d90454c2f80386133d35134d9d9fe60ff550ba92dd6101040e46c750edc36e5e4fad50b565b08ad6585f77

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-namespaces.cmd.txt

MD5 542e77fcb4b18534f77121a54cc98085
SHA1 de02b14b99fc69c48befc21fb98c3ada7bac2e04
SHA256 c485003651d2468a3c16c762765bd746e6f08d47d22960eb2fe9323a2fd663da
SHA512 df578273d33501fe0cbb6bd471e42f02e62b52ec7beeb60889b95a052dc5a8af2068025cdd670110de7679468e83c10dc96d571943ce1e3a77c73d4543ff0333

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-nodes.cmd.txt

MD5 3fc130b3e6ef3ca21bc420868d5b580c
SHA1 3e4537d06a2cdd870d039bf2ab61b1409e74b0b0
SHA256 e53bbc0cbc3e768a07a8efff68520cf45d2f49e83c9f26ed5aa8d6343af84150
SHA512 b80f2d773d0b7572dfffa81f52192a218fd6e5a0aba199625f82843d6661b407faa111017b0ed4e66a4dde63c1662b2231e71c4e84fdc6effbdba7b380c008aa

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-nodes.cmd.txt

MD5 d16eebb25c9302a1cdf34bdcf7c936ed
SHA1 7d5398e18b6c0b768ec40a22cbd56971998a9544
SHA256 e8a1ed5c0ed31fa8e9ae1aff89e1d54e5aa18170f8df1dbf103e7a6861394d29
SHA512 d9ecc8b01af11a95b295a2517bd1d37e3d253c577a2a0434fa965d8f7772494abfa3aafa73cf19bd476cb46682422d4d9253818f72cbff26cc75789d5cb5ef63

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-pods-allnamespaces.cmd.txt

MD5 c863f288967d132b29784e4401b58512
SHA1 02ae31e412ff27b9f16b82c1157ad9c9835ed333
SHA256 2cf64ab9440bbac91a1ea61888b59f6b97dd0e5adeca729ea8a35429888a2623
SHA512 2c5b6ee9e0577f07ef7b3daaf91f1188f58ef2d0d6b971978f4ccec8bae07718879f8cf972a0b7d6aa01e70b28fe2c4ec9427bb7bfe4182fa2693a79a4de696b

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-services-allnamespaces.cmd.txt

MD5 6eca4cf5ebd52f8c2e05e548d720c96b
SHA1 ca48ca8abc3a2cae6a3d4937cca6f78977c39e78
SHA256 fdf148fcabcf78973dca2ac6687d01116bd2e33715b451441cc01123e74b6d84
SHA512 d4ce17bc6c1bf1b8376c16e84450bb91a001c28d51aa4d701670f28ada0577c607492c265d8f05bc614c171477dc91406dc0002071a34e6ba4b9f7bcd282b962

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt

MD5 c8132922440ccf9c50ff06d65205abd7
SHA1 096ed9504bed6655fe7fb7ff1035af007416fc32
SHA256 362103778c695feeec811d59a43290d5ee4e0df2ab1fbc3ff00758faf85eb8a4
SHA512 ee60150b145acbb81694022e3da9de1f105bf483ed4bbdd522f7f9a2b521c4d103412f8e5b53ac2f787804c1ff111ef57a6fda3c199bc4e7c683391c75748b27

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-deployments-allnamespaces.cmd.txt

MD5 3631db57279a5dc45dce19137d1c8026
SHA1 ccdb8306f79869356d536fdf6edd5d99c3f71978
SHA256 bd6e8a341d59c7a49d9de9d1c8265d6f0885b4d14eabdc8fbe219b75b7846d86
SHA512 23bd0a920543de4d8e82d8b9515f591aa6a2729055e5b6ef2ba1a1249260dedf41948cea4e24c5573ece57d23672725f0e45e28c64b7dc83458c0764ce5f755d

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-replicaset-allnamespaces.cmd.txt

MD5 0d6930d59e8d0fc4648b1c170caf1909
SHA1 d887818f29e86139b6cd482577d051c6d4d6d548
SHA256 6a5e42de63285374c442ec79ada7080ab41bae85438f4adfd95913916d14ba57
SHA512 62216eec2f04bdfc0ab69a5c00ec8246ab28f1d6f0164764bf1dd17d2461b5ddce4e632af1af07ff5865fb08e0e09390b18c0bbfa7ead48575e5ad0d81ba7133

/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-storageclass,pv,pvc.cmd.txt

MD5 3c44ff5f7437e2e9ee9bfc27b7239ef8
SHA1 51bf4232870c2a38a6fd0240bf18d0fbd5b11458
SHA256 643633049e2e90205e3c8841019ba822cd651134021b7d8f1b03f2a8be3ca3ea
SHA512 6c9a23be940cd980415f9c0118f8156cdf94b3d20b17b8fb95e4da1b8e4f5f517dc4f2eb4727a6fb97c74e50f965fab4f9a7ca9d8f398ba7111170343b1a0513

Analysis: behavioral21

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-mipsbe-20240611-en

Max time kernel

0s

Command Line

[/tmp/k3s-master/contrib/util/fetch-diags.sh]

Signatures

N/A

Processes

/tmp/k3s-master/contrib/util/fetch-diags.sh

[/tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:14

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

128s

Command Line

[/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/filesystems /bin/mkdir N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/sh-thd.04UiOQ /bin/bash N/A

Processes

/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh

[/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/bin/date

[date +%s]

/usr/bin/openssl

[openssl version]

/usr/bin/openssl

[openssl ecparam -name prime256v1 -genkey -out /dev/null]

/bin/grep

[grep -qF OpenSSL 3]

/usr/bin/openssl

[openssl version]

/bin/mkdir

[mkdir -p /var/lib/rancher/k3s/server/rotate-ca/tls/etcd]

/bin/mkdir

[mkdir -p .ca/certs]

/usr/bin/touch

[touch .ca/index]

/usr/bin/openssl

[openssl rand -hex 8]

/bin/cat

[cat]

/bin/rm

[rm -rf .ca]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.193.91:443 tcp
GB 89.187.167.2:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp

Files

/var/lib/rancher/k3s/server/rotate-ca/tls/.ca/serial

MD5 8d92892818506ebcd7f8bde6d8fe854a
SHA1 88fef2fafab28d1e66f2331079b8d07d6b68299f
SHA256 f05306945a84b0ee44a9e6bc36beea51f27aff19e6dda6251263459ace0f0deb
SHA512 1957ec2e622a8b81480ce350a014f19da0a172aa04e0b41d933dccafda2aa04735c883ce5ff7a6d4bedbbaac129c806542aa19e6ab300a9a95b6003165e5df10

/tmp/sh-thd.04UiOQ

MD5 2844ba16b95991985d5f083c721ed963
SHA1 31689af97980a7a4336c19fccf111649ba010611
SHA256 a24bcf5ef2dbe17f5be8b690a809aeb487965e09f55ce8bef52f2f83beea4ec3
SHA512 a9ee7ebbe1f59c6927044f2f115ff95dce99b370c88477a096abeb34c97b0f7392ac8dce304e93f4601c9f9b77339d412f04f7019dbc54851e39eed70672383d

Analysis: behavioral29

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-mipsbe-20240418-en

Max time kernel

2s

Command Line

[/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/filesystems /bin/mkdir N/A

Processes

/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh

[/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/bin/date

[date +%s]

/usr/bin/openssl

[openssl version]

/usr/bin/openssl

[openssl ecparam -name prime256v1 -genkey -out /dev/null]

/usr/bin/openssl

[openssl version]

/bin/grep

[grep -qF OpenSSL 3]

/bin/mkdir

[mkdir -p /var/lib/rancher/k3s/server/rotate-ca/tls/etcd]

/bin/mkdir

[mkdir -p .ca/certs]

/usr/bin/touch

[touch .ca/index]

/usr/bin/openssl

[openssl rand -hex 8]

/bin/rm

[rm -rf .ca]

Network

N/A

Files

/var/lib/rancher/k3s/server/rotate-ca/tls/.ca/serial

MD5 821d75937982f91e71d74f40d22b2a36
SHA1 192e6aedf6b3cd69a63e30e9fc0ea683f0a1e8c0
SHA256 1e149bbd01c53888934efc22d5d5b30d8ad6f2cf7a639ecdbc5db36c2ac4ec5d
SHA512 bd910b3a4cc97131845bcf708fff18cda2ae3dea50e5abd3db48958f6d6e6a66ae92fc62cdd5de4316e24b3690a2f47fd3208f24097e34ce202d1b13da670432

Analysis: behavioral24

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-armhf-20240611-en

Max time kernel

1s

Command Line

[/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/filesystems /bin/mkdir N/A

Processes

/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh

[/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/bin/date

[date +%s]

/usr/bin/openssl

[openssl version]

/usr/bin/openssl

[openssl ecparam -name prime256v1 -genkey -noout -out /dev/null]

/usr/bin/openssl

[openssl version]

/bin/grep

[grep -qF OpenSSL 3]

/bin/mkdir

[mkdir -p /var/lib/rancher/k3s/server/tls/etcd]

/bin/mkdir

[mkdir -p .ca/certs]

/usr/bin/touch

[touch .ca/index]

/usr/bin/openssl

[openssl rand -hex 8]

/bin/rm

[rm -rf .ca]

Network

N/A

Files

/var/lib/rancher/k3s/server/tls/.ca/serial

MD5 18189997649d84bc72f4949ef280f446
SHA1 aba9d6a7057cf4f3a8312ff03bcb10bee0290dee
SHA256 4a56df95ecc87789700aa8f750b2d48dd9d52ac9dde87fbefa47fa51e6c67a58
SHA512 00f9f32464570840c56ab65433ac25e9aa2ccdd7f36280504e5d165314234c5aae76eee85d8d9cc7132c9e95e8439da3d11b2e8dec1bee5379ee20e9e11d5436

Analysis: behavioral30

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-mipsel-20240611-en

Max time kernel

2s

Command Line

[/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/filesystems /bin/mkdir N/A

Processes

/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh

[/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/bin/date

[date +%s]

/usr/bin/openssl

[openssl version]

/usr/bin/openssl

[openssl ecparam -name prime256v1 -genkey -out /dev/null]

/bin/grep

[grep -qF OpenSSL 3]

/usr/bin/openssl

[openssl version]

/bin/mkdir

[mkdir -p /var/lib/rancher/k3s/server/rotate-ca/tls/etcd]

/bin/mkdir

[mkdir -p .ca/certs]

/usr/bin/touch

[touch .ca/index]

/usr/bin/openssl

[openssl rand -hex 8]

/bin/rm

[rm -rf .ca]

Network

N/A

Files

/var/lib/rancher/k3s/server/rotate-ca/tls/.ca/serial

MD5 fea630916eaf526dabead4ee3f1b8c20
SHA1 438434c835cb5bb447a77f3d79284844fb0172c3
SHA256 9349c597c22478ab21c8d62e461f633239e636993371f0a3de0a4647f11a927c
SHA512 da9058cfadd5989813877e77cd5a579d465df1cd9a0bc2960a4ce8147a878e0d4c8a437183a5e889ea4a637c88616b373d911bf85d2ac4c618b6ce03bc134ed6

Analysis: behavioral7

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:14

Platform

win7-20240708-en

Max time kernel

119s

Max time network

121s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.droneignore

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\droneignore_auto_file\ C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.droneignore\ = "droneignore_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\droneignore_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\droneignore_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\droneignore_auto_file C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.droneignore C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\droneignore_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\droneignore_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.droneignore

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\k3s-master\.droneignore

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\k3s-master\.droneignore"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 51b27ae8d16c8b99840a8e49044c221b
SHA1 72876017d1d74db6519b4f6d5e59a4c245ac2726
SHA256 4bb54c800821dc38f66a18ec8e4688ee014d2c0ed25dfd2f4e03d21633f0da11
SHA512 1ffcee3a9ed586f5935374cb3ebfe6887cc63080895b07b27e64fa94a25c381e38a04cd65bec3f67ad5f216b202669cbf5a93207c64e9b832384a4cc62344477

Analysis: behavioral13

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-mipsbe-20240611-en

Max time kernel

16s

Command Line

[/tmp/k3s-master/contrib/util/check-config.sh]

Signatures

Reads list of loaded kernel modules

evasion
Description Indicator Process Target
File opened for reading /proc/modules /sbin/lsmod N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/free N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/module/cirrus /sbin/lsmod N/A
File opened for reading /sys/module/ext4/holders /sbin/lsmod N/A
File opened for reading /sys/module/uhci_hcd/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/stahp/holders /sbin/lsmod N/A
File opened for reading /sys/module/sysimgblt /sbin/lsmod N/A
File opened for reading /sys/module/ip_tables/holders /sbin/lsmod N/A
File opened for reading /sys/module/ext4/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/crc16/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/crc16 /sbin/lsmod N/A
File opened for reading /sys/module/usbhid/holders /sbin/lsmod N/A
File opened for reading /sys/module/ttm/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ecb /sbin/lsmod N/A
File opened for reading /sys/module/e1000 /sbin/lsmod N/A
File opened for reading /sys/module/sysfillrect/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ip_tables/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/drm/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/fscrypto/holders /sbin/lsmod N/A
File opened for reading /sys/module/sr_mod /sbin/lsmod N/A
File opened for reading /sys/module/i2c_piix4/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/sg/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/drm_kms_helper/holders /sbin/lsmod N/A
File opened for reading /sys/module/jbd2/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/mbcache/holders /sbin/lsmod N/A
File opened for reading /sys/module/i2c_piix4 /sbin/lsmod N/A
File opened for reading /sys/module/evdev/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ehci_hcd/holders /sbin/lsmod N/A
File opened for reading /sys/module/ata_piix /sbin/lsmod N/A
File opened for reading /sys/module/ata_piix/holders /sbin/lsmod N/A
File opened for reading /sys/module/ttm /sbin/lsmod N/A
File opened for reading /sys/module/cirrus/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/crc32c_generic/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/sr_mod/holders /sbin/lsmod N/A
File opened for reading /sys/module/i2c_core/holders /sbin/lsmod N/A
File opened for reading /sys/module/e1000/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/stahp /sbin/lsmod N/A
File opened for reading /sys/module/mbcache/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ata_generic/holders /sbin/lsmod N/A
File opened for reading /sys/module/uhci_hcd/holders /sbin/lsmod N/A
File opened for reading /sys/module/ehci_pci/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ehci_pci/holders /sbin/lsmod N/A
File opened for reading /sys/module/joydev /sbin/lsmod N/A
File opened for reading /sys/module/autofs4/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ext4 /sbin/lsmod N/A
File opened for reading /sys/module/hid_generic/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/drm_kms_helper /sbin/lsmod N/A
File opened for reading /sys/module/usb_common/holders /sbin/lsmod N/A
File opened for reading /sys/module/x_tables/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/x_tables /sbin/lsmod N/A
File opened for reading /sys/module/joydev/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/evdev/holders /sbin/lsmod N/A
File opened for reading /sys/module/sg/holders /sbin/lsmod N/A
File opened for reading /sys/module/drm /sbin/lsmod N/A
File opened for reading /sys/module/syscopyarea/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/syscopyarea /sbin/lsmod N/A
File opened for reading /sys/module/fscrypto/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/fscrypto /sbin/lsmod N/A
File opened for reading /sys/module/cdrom /sbin/lsmod N/A
File opened for reading /sys/module/crc32c_generic/holders /sbin/lsmod N/A
File opened for reading /sys/module/hid/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ehci_hcd/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/drm/holders /sbin/lsmod N/A
File opened for reading /sys/module/mbcache /sbin/lsmod N/A
File opened for reading /sys/module/hid/holders /sbin/lsmod N/A
File opened for reading /sys/module/e1000/holders /sbin/lsmod N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/meminfo /usr/bin/free N/A
File opened for reading /proc/cmdline /sbin/lsmod N/A
File opened for reading /proc/filesystems /usr/bin/stat N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /usr/bin/free N/A
File opened for reading /proc/sys/kernel/osrelease /usr/bin/free N/A
File opened for reading /proc/filesystems /usr/bin/stat N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/cgroup /tmp/k3s-master/contrib/util/check-config.sh N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/sys/kernel/keys/root_maxkeys /bin/cat N/A
File opened for reading /proc/filesystems /usr/bin/id N/A
File opened for reading /proc/cmdline /sbin/modprobe N/A
File opened for reading /proc/sys/kernel/keys/root_maxkeys /bin/cat N/A
File opened for reading /proc/filesystems /bin/sed N/A

Processes

/tmp/k3s-master/contrib/util/check-config.sh

[/tmp/k3s-master/contrib/util/check-config.sh]

/bin/uname

[uname -r]

/usr/bin/dirname

[dirname /tmp/k3s-master/contrib/util/check-config.sh]

/bin/cat

[cat /sys/kernel/security/apparmor/profiles]

/bin/grep

[grep -q zgrep (enforce)]

/bin/uname

[uname -r]

/usr/bin/tr

[tr \n :]

/bin/grep

[grep -v -E ^/tmp/k3s-master/contrib/util$]

/usr/bin/tr

[tr : \n]

/sbin/iptables

[/sbin/iptables --version]

/usr/bin/awk

[awk { print $2 }]

/usr/bin/dirname

[dirname /sbin/iptables]

/bin/grep

[grep -v -q -E ^v[0-9]]

/usr/bin/head

[head -n 1]

/usr/bin/sort

[sort -V]

/usr/bin/awk

[awk { print $2 }]

/bin/grep

[grep -i ^swap:]

/usr/bin/free

[free]

/bin/grep

[grep -q -E ^10\.(42|43)\.]

/bin/grep

[grep -v cni0]

/sbin/ip

[ip route]

/bin/cat

[cat /proc/sys/kernel/keys/root_maxkeys]

/bin/cat

[cat /proc/sys/kernel/keys/root_maxkeys]

/usr/bin/id

[id -u]

/bin/grep

[grep -q configs]

/sbin/lsmod

[lsmod]

/sbin/modprobe

[modprobe configs]

/bin/zcat

[zcat /boot/config-4.9.0-13-4kc-malta]

/bin/gzip

[gzip -cd /boot/config-4.9.0-13-4kc-malta]

/usr/bin/stat

[stat --file-system --format=%t /sys/fs/cgroup]

/usr/bin/stat

[stat --file-system --format=%t /sys/fs/cgroup/unified]

/bin/grep

[grep -Ec (^|:)(cpuset|memory)($|:)]

/usr/bin/tr

[tr -s \n]

/bin/cat

[cat /sys/module/apparmor/parameters/enabled]

/bin/grep

[grep CONFIG_NAMESPACES=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NET_NS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_PID_NS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IPC_NS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_UTS_NS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUPS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_PIDS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_CPUACCT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_DEVICE=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_FREEZER=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_SCHED=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CPUSETS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_MEMCG=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_KEYS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_VETH=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_VETH=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_BRIDGE=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_BRIDGE=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_BRIDGE_NETFILTER=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_BRIDGE_NETFILTER=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_FILTER=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_FILTER=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_TARGET_MASQUERADE=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_TARGET_MASQUERADE=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_TARGET_REJECT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_TARGET_REJECT=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_IPVS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_IPVS=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_COMMENT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_COMMENT=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_NAT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_NAT=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NF_NAT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NF_NAT=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_POSIX_MQUEUE=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_USER_NS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep -q -E ^(centos|rhel)$]

/bin/grep

[grep CONFIG_SECCOMP=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_BLK_CGROUP=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_BLK_DEV_THROTTLING=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_PERF=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_HUGETLB=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_HUGETLB=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NET_CLS_CGROUP=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NET_CLS_CGROUP=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_NET_PRIO=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CFS_BANDWIDTH=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_FAIR_GROUP_SCHED=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_RT_GROUP_SCHED=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_RT_GROUP_SCHED=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_TARGET_REDIRECT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_TARGET_REDIRECT=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_SET=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_SET=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_VS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_VS=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_VS_NFCT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_VS_PROTO_TCP=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_VS_PROTO_UDP=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_VS_RR=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_VS_RR=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_EXT4_FS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_EXT4_FS=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_EXT4_FS_POSIX_ACL=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_EXT4_FS_SECURITY=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_EXT4_FS=[y|m] /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_EXT4_FS_POSIX_ACL=[y|m] /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_EXT4_FS_SECURITY=[y|m] /boot/config-4.9.0-13-4kc-malta]

/bin/sed

[sed s/^/ /]

/bin/grep

[grep CONFIG_VXLAN=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_VXLAN=m /boot/config-4.9.0-13-4kc-malta]

/bin/sed

[sed s/^/ /]

/bin/grep

[grep CONFIG_CRYPTO=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_AEAD=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_AEAD=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_GCM=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_GCM=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_SEQIV=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_SEQIV=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_GHASH=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_GHASH=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_XFRM=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_XFRM_USER=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_XFRM_USER=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_XFRM_ALGO=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_XFRM_ALGO=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_INET_ESP=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_INET_ESP=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_INET_XFRM_MODE_TRANSPORT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_INET_XFRM_MODE_TRANSPORT=m /boot/config-4.9.0-13-4kc-malta]

/bin/sed

[sed s/^/ /]

/bin/grep

[grep CONFIG_OVERLAY_FS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_OVERLAY_FS=m /boot/config-4.9.0-13-4kc-malta]

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:14

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

128s

Command Line

[/tmp/k3s-master/contrib/util/diagnostics.sh]

Signatures

Enumerates running processes

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/1341/stat /bin/ps N/A
File opened for reading /proc/1371/stat /usr/bin/pgrep N/A
File opened for reading /proc/sys/dev/cdrom/autoeject /sbin/sysctl N/A
File opened for reading /proc/sys/net/core/netdev_max_backlog /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/default/accept_ra /sbin/sysctl N/A
File opened for reading /proc/602/status /bin/ps N/A
File opened for reading /proc/908/cmdline /bin/ps N/A
File opened for reading /proc/sys/net/ipv4/conf/lo/disable_xfrm /sbin/sysctl N/A
File opened for reading /proc/sys/net/netfilter/nf_log/7 /sbin/sysctl N/A
File opened for reading /proc/23/status /bin/ps N/A
File opened for reading /proc/161/cmdline /bin/ps N/A
File opened for reading /proc/165/status /bin/ps N/A
File opened for reading /proc/sys/kernel/pty/reserve /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/conf/ens3/arp_announce /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/lo/accept_ra_mtu /sbin/sysctl N/A
File opened for reading /proc/1151/status /bin/ps N/A
File opened for reading /proc/1247/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/4/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/sys/fs/protected_hardlinks /sbin/sysctl N/A
File opened for reading /proc/sys/kernel/perf_event_max_contexts_per_stack /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/neigh/ens3/mcast_solicit /sbin/sysctl N/A
File opened for reading /proc/sys/net/netfilter/nf_log/6 /sbin/sysctl N/A
File opened for reading /proc/204/cmdline /bin/ps N/A
File opened for reading /proc/1341/status /bin/ps N/A
File opened for reading /proc/673/stat /usr/bin/pgrep N/A
File opened for reading /proc/sys/fs/binfmt_misc /sbin/sysctl N/A
File opened for reading /proc/sys/fs/mqueue/msgsize_default /sbin/sysctl N/A
File opened for reading /proc/sys/kernel/max_lock_depth /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/max_dst_opts_number /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/tcp_rfc1337 /sbin/sysctl N/A
File opened for reading /proc/12/stat /bin/ps N/A
File opened for reading /proc/25/status /bin/ps N/A
File opened for reading /proc/640/stat /bin/ps N/A
File opened for reading /proc/159/stat /usr/bin/pgrep N/A
File opened for reading /proc/sys/kernel/randomize_va_space /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/all/router_solicitation_interval /sbin/sysctl N/A
File opened for reading /proc/161/stat /bin/ps N/A
File opened for reading /proc/178/stat /bin/ps N/A
File opened for reading /proc/sys/fs/inotify /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/ens3/dad_transmits /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/max_hbh_opts_number /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/tcp_base_mss /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/all/accept_ra_mtu /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/ip6frag_secret_interval /sbin/sysctl N/A
File opened for reading /proc/10/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/1018/stat /usr/bin/pgrep N/A
File opened for reading /proc/sys/kernel/unprivileged_bpf_disabled /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/conf/lo/accept_redirects /sbin/sysctl N/A
File opened for reading /proc/1113/status /bin/ps N/A
File opened for reading /proc/1305/stat /bin/ps N/A
File opened for reading /proc/1316/cmdline /bin/ps N/A
File opened for reading /proc/sys/net/ipv6/neigh/default/locktime /sbin/sysctl N/A
File opened for reading /proc/946/cmdline /bin/ps N/A
File opened for reading /proc/954/cmdline /bin/ps N/A
File opened for reading /proc/1004/stat /usr/bin/pgrep N/A
File opened for reading /proc/sys/kernel/acpi_video_flags /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/all/disable_ipv6 /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/ens3/temp_prefered_lft /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/idgen_retries /sbin/sysctl N/A
File opened for reading /proc/170/status /bin/ps N/A
File opened for reading /proc/sys/kernel/bootloader_version /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/route/gc_elasticity /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/bindv6only /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/neigh/lo/delay_first_probe_time /sbin/sysctl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-getcontexts.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-currentcontext.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-S.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-version.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/id.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-clusterinfo-dump.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-services-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/sysctl-a.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ps-uax.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/mount.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/df-h.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/lsof-n-P-p.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-L.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-S.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-daemonset-allnamespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/uname-a.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/id.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-deployments-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-L.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-getcontexts.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-getcontexts.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/sh-thd.rWE0Sc /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/dmesg.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-ln.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-replicaset-allnamespaces.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-ln.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-get-nodes.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-get-nodes.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-deployments-allnamespaces.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-deployments-allnamespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-storageclass,pv,pvc.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ps-uax.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/hostname-f.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/command-v-kubectl.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-version.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-currentcontext.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-storageclass,pv,pvc.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-ln.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/lsof-n-P-p.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-L.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-currentcontext.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-clusterinfo-dump.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-storageclass,pv,pvc.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/df-h.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-nr.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-services-allnamespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/mount.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-nodes.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-checkconfig.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/command-v-kubectl.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-get-namespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-pods-allnamespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-replicaset-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ifconfig-a.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-nr.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/mount.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ifconfig-a.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-version.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-nodes.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-pods-allnamespaces.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/uname-a.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ps-uax.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/command-v-kubectl.err.txt /bin/bash N/A

Processes

/tmp/k3s-master/contrib/util/diagnostics.sh

[/tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/bin/id

[id -u]

/usr/bin/uuidgen

[uuidgen]

/usr/bin/tr

[tr [:lower:] [:upper:]]

/bin/mktemp

[mktemp -d /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-XXXXXXXX]

/bin/readlink

[readlink -m /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe]

/bin/mkdir

[mkdir -p /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system]

/bin/cp

[cp --recursive --dereference /etc/os-release /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/_etc_os-release]

/sbin/sysctl

[sysctl -a]

/bin/uname

[uname -a]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/uname-a.err.txt]

/bin/ps

[ps uax]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ps-uax.err.txt]

/bin/dmesg

[dmesg]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/dmesg.err.txt]

/usr/bin/id

[id]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/id.err.txt]

/bin/mount

[mount]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/mount.err.txt]

/bin/df

[df -h]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/df-h.err.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ifconfig-a.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-ln.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-nr.txt]

/usr/bin/pgrep

[pgrep -o k3s]

/usr/bin/lsof

[lsof -n -P -p]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/lsof-n-P-p.txt]

/sbin/iptables

[iptables -L]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-L.err.txt]

/sbin/iptables

[iptables -S]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-S.err.txt]

/bin/hostname

[hostname -f]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/hostname-f.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/hostname-f.err.txt]

/bin/mkdir

[mkdir -p /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-version.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-checkconfig.txt]

/bin/grep

[grep k3s]

/bin/journalctl

[journalctl --field _SYSTEMD_UNIT]

/bin/mkdir

[mkdir -p /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/command-v-kubectl.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/command-v-kubectl.err.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-version.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-getcontexts.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-currentcontext.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-clusterinfo-dump.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-get-namespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-get-nodes.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-nodes.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-pods-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-services-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-daemonset-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-deployments-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-replicaset-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-storageclass,pv,pvc.txt]

/usr/bin/tr

[tr [:lower:] [:upper:]]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
GB 195.181.164.19:443 tcp

Files

/tmp/sh-thd.3bWl4U

MD5 2f9f7a387067d66ef472ade39c1099b7
SHA1 fb760b0e11e5a1011b8dff277a6b091df32a6839
SHA256 4dc7e65cd13415aa95a20264d6715f55e20b46608ec08ffaeeffc86ce5588f3e
SHA512 9f587b903464208295fdd88b7e854a4d57b5090ff394c20c584b57094d3899973dcb727904fdcc25c329f915e32510ae33b3f1e19b5696125cf89ff24d03e38a

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/_etc_os-release

MD5 9cbe7d944bec1c0dcfd977e32ac2b18a
SHA1 cdd5c72107902a0ebc06493db4c9c51d6ede9089
SHA256 eeaa349960c12eef8d881631770fc37d3495bf7ed35b7ac9c0bdc61d20f00bcf
SHA512 b1511873f59f6ea2818c0bff8ef3a557586d60c428589eeac3ecc12a68c0b117b084654a239d216efcfbdab4e855648d1e19aaca14f6c3a3eec256e9be69398c

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/sysctl-a.cmd.txt

MD5 65a913226117e10569f47210ba5cc9e4
SHA1 c958c77311ef8ea7767c0c6e8ad1645eebd9394a
SHA256 4ea6aada74971199ecb08b13fbe3add985765a673bb8ec2c9ed7f488ab8ca21c
SHA512 914ae3d1e97baffa38a84f0bf45e92d77ebada3ad4779e1669696231450825f7f9f989e48fe1bd17b861f1d8ddd763749673cc6ba8041c194b7689c477227cee

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/sysctl-a.err.txt

MD5 998c698678479a14f306d62c9a10909a
SHA1 9a24e1ba03fae905eb3cadd7a51f1d7dde6a8947
SHA256 ef39ddbd3181e307c65670a529243b236597a80b29796b74beb47d884d5d8d3c
SHA512 c76b5fda05eae3ea6d08452cefd927c1b42dacce54dfbb9eac9da4071e515e6c45025b1351941d09a6f5913ce2b20289ad90483fe7f94aa3723117fe3eb817e1

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/uname-a.cmd.txt

MD5 6d03a4bce238ab72e1efd760a9d7d22d
SHA1 39a250e1c093ecfcd2473e71716ba65b37940e21
SHA256 a5c41ad2a873e7904cb35754bf57108df0b72d5939ba9d9b0a8250affda6285d
SHA512 28caf42ce66c25c8cea394de5f845490221cc7824c4689ad56cd85ccea4a1e0631ae70870be1a5b36e9fdea88ee069198ea21f839c20434f0c996e09b8a7bd3a

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ps-uax.cmd.txt

MD5 691b561deef6ef64e778e28766cedbf4
SHA1 deecfe74e77f32702af64f7d98f7976bebed926c
SHA256 9a262237c8fdccc327d5fa407fc6ed67125f5c10d6cfa893fd844fc449b0b0f6
SHA512 e9b4dc23441e6723af8e68b3835046bcdd973e157736d610f3691f85fe00ebe71b75bc4dd6a54516b53e9a2ed0e3a248b12344733fb07262ada5b1856cbefb70

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/dmesg.cmd.txt

MD5 5e586b12552daf93c7af22dccbbf673b
SHA1 87b5100b995abbc509d56fbc2f21a5e36f31e19d
SHA256 ecdd46797ccbbd216430279b15b436d2ed9f0afa18d3115f7cb21d88d7c7f227
SHA512 cad46c0ec64a9fd7860343b2703ad98dc5aa0231b8a08af5af34fbd44f8730f313c2f25dd81273b2e3e3c62af69dc11fed051036b6f2fb4e41c91ecb870fca88

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/id.cmd.txt

MD5 49f96038f20aa062772267b640a18d79
SHA1 d5c07425675ba6682d89278ed8616a88d49af0a2
SHA256 984a644ec3b56d32b0404777e1eb73390c4b0742a6a0e183f07861056b6746de
SHA512 2236c2c538189f24d1e9334832ac9db9df3c141bb98af9cd5c6a3ec5ade393a5a573f682953ee2dbff9aaa96bbecc0726deaeee962cd070ed44d183130c7408a

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/mount.cmd.txt

MD5 d8019401b7e42876fd36020a04c3bf2c
SHA1 49e9151a32ea1ffc9b3c50c0d8711575fde1aebe
SHA256 c29c742d06751d4f0189151a5eb8df519779a56b90701230c359d9de849914ad
SHA512 6c549cdea03de6c868080cc301c38948fcedfcb96e0ade3881321e8d6fe2c59f97b73d2b44fc5016cb3a15194a84357d7176da5e6ed5586b193dd9fc7a0ee084

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/df-h.cmd.txt

MD5 69a238d8cb3c5f979252010b3299e524
SHA1 c989bd551bfa8c755f6cacacb90c5c509432110e
SHA256 3242baedf369c64515b1cb0c47ea519e0e5c71911d863ff0e41d4ae9426fcd97
SHA512 ef99d9670cccbd6edfe26c74a13567360cc7f22ee507d68f5e3eceb6c0891689321397c56ddddf8ea942990f72d8276827277b2c1c8213f0c244ce94d286840a

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ifconfig-a.cmd.txt

MD5 af9af3cccdf311f8c81f08e97e8d0aa0
SHA1 93ed74c2d1ab654206a6ff50c8b0955901fed699
SHA256 235a86b5220bd41c03dc776f96f1dc95806e7a0579ffd4126afda0eda33b7186
SHA512 61293697a81ef554d494e9a0219a50dfa9ec2a1658c38e60c1cdbc2c382128faa24a9d9e1f0d871df50a82e16190262e9a83db1372ca324ca625b48b9380de1a

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ifconfig-a.err.txt

MD5 2205dea4d61a6d56f12580a91bf88ebd
SHA1 ea5c2d483ac5600ab9650a15fd5a6cc1abeaef4b
SHA256 96de101f770c28472d203a7c2f0588f76125e56963adc253315ecf7e5362d57b
SHA512 894c76524767d0ed7b890961a8a85582024f61bfc7382c62b42a89b172fa1b3f4cb907517c836838aa76b3ebb9e86838fa24e3029cffaa92e8779f950fb90238

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-ln.cmd.txt

MD5 34b0eb93562d163c0421d090e1af127a
SHA1 a92fd8952b3f7e38e9473507eb5118379762259b
SHA256 6aa3e31d3a1e7c3ad12f70971de5bd17ccd04c42150acb6dcee0366966e4efde
SHA512 3d600a185c170ef42990bef49d5d0fe7cab5b9b523d06f88b3b93900042a5c59dbe3761daf1c5937846d6cb0c2a854ed3d288a5f14bf86e2a4809222c151b98b

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-ln.err.txt

MD5 a01d8d19ee83ee3b9e3aa93994adeac1
SHA1 e8d2614ca92e7bf98a77bd9a665e4c90666d9ea9
SHA256 67dd27625b828ba9afc4e1660cb7ceacaaa1c0c53d1f012092d7634b477caf83
SHA512 852baf4d57d0e566306afbd95e048b579e037436e58df90fd7fffa231c1ce6f35364f19a8463c8e72e189abbafa0d6e2ce0cd63e5fc14fc6923f23bfa86d50a7

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-nr.cmd.txt

MD5 f91997b53c5bb88b78adbc7c6045acfa
SHA1 76d0d0b39dd17bf89516ca246e273aaad204f306
SHA256 69db1fee62f367e4c5c5662955fe1960e638605415869851b82bdb9cb0097176
SHA512 f7bf633b9542a935188a2527075243a72846ebbe18079103035e141571225ecfb5cc7d2647044b89fe2bd6b849c30c41ffda4608fd23886765f34970d3271c5e

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/lsof-n-P-p.cmd.txt

MD5 3b97c34d2930b286446fe0e3c0a3992f
SHA1 8ade115cded46e67fdbf533d6b28ed0965f5e9e5
SHA256 76e39d40cc0973fa69f2968eb13060976f5d9a11e070f9b74b8614086c35d99f
SHA512 d961289fc6ab8e72344b0be929ad8abb327d897c3fe19c84fa92e9530dec3ec80e1706711e4c8104c1cc44f7c7b81f591e9d26ef0df293983dbf9005c312f285

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/lsof-n-P-p.err.txt

MD5 70e183ee583af9a8139f28ac7ba22500
SHA1 df8c20819ae486a82efbf37eec2963cd1d150f54
SHA256 445b6644112e930e0cdcc6a8f98fa7c60f1e8727ae50964d65dbe05f59cb8348
SHA512 6e5624ae0020f9e4ec5d57744a3495b46ae52417ccd8cd5e36a4e510fddd72c0e06cd07917128854c8b7c888faa05191dc0f14df13dc5ae82a3cb63f11769568

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-L.cmd.txt

MD5 434489814c5c403c06037f82f9e9a264
SHA1 47b6cbb7c23e2c02ce89a10ea2df3cb17c8c98aa
SHA256 46da7b1e98fcbc799e2dbe3d5e347476ae1d85818364a70c822add53a488ea46
SHA512 ca0cd8a62be26f5c4a511795ca5a66705f30d78bdff1405e5ad451c2cbb5b4f102334afa9cf956b80f6e36868608a67c0888d34012e8d7140cb2d6402b8f42ca

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-S.cmd.txt

MD5 3b4ee7611e467391ba258b42f691fc34
SHA1 8f442990dd87f47f59bb91e5f45563e191e4e3dd
SHA256 42129453f7b3b970155c3acaea97965f29694fc7dabd544cdfbde2ad5463348a
SHA512 cfb660bc6c96f7a98e445bd9e0b7f40ebe2c7490351bac2c8a6d3a00a4e1d97ffc5a199e4d399b90b7ef4baf3b3b1468d017afe14004edb2340d23f6aafd17e8

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/hostname-f.cmd.txt

MD5 01c771b88df59ada175c1653db8bea99
SHA1 e21d64f4f91b700f4ce8d9e65bb2806df96e5d55
SHA256 80cfa79f1c72e35ea11dea69762c2bbc0f11c683cd8ef840996ede660d69c04a
SHA512 15f11c20166742cbce33caf92482e2f0b96378f4a4ba17740ab7066511206ef3012ad132934108bbbc98b02c672d6b4348d80b011bbf862624148bdf2860cc54

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-version.cmd.txt

MD5 2f314c074a46fcfbf6f5f13a4ea2a6be
SHA1 650ecc8d90046edc71609c5b0a5491bcb7bf4f51
SHA256 ee0d9f93c2b132ac9bbaa7226439ee9e6127425bdf75e630ac894fb85d439bf2
SHA512 a9d1270bbff5f0756a122c32727be732b412a31fb7d4310eaecc93f00d46239d003eeca9032779d35bfa1992e6104342ac082c561e79217cf3775606d4462637

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-version.err.txt

MD5 2f821ac970317a5954f9e4b78a508e63
SHA1 c82324b92ad1f492221cb9203171d87a74182b38
SHA256 6d5a1ded372e8240ae92ab10faa113f4300bc4ad68ba6c9cac7fa7f969dff93d
SHA512 c10c8a1dce6a09cf1bb0acd99c808939c472f92a3d14ecbc5bbd6f15e2bd53036c627542a2f9a959bd23f3b6036bc5e530bf2e96a7705e468496b90f0b1e009d

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-checkconfig.cmd.txt

MD5 3fc4a3e73307f2a04a4901a2d7f65c48
SHA1 4063beda5c8cf430d48c87fa1a6a68ddbb93c20c
SHA256 26f41d1fb3bfccae59379f6a945a348ee951aa4cb6d63ded1b2a7fe51990a570
SHA512 1fc1804eca455263001c23e92dea1cae8fdec88797ff7cf5fecc0943a5c4473e9785300d4570a52e9afa83485c4cfc7541d3c3acf8abb83f7a9b3d18143a5f83

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/command-v-kubectl.cmd.txt

MD5 ae1741b49f8cb260295757450f4e940c
SHA1 4ddff8d1a4d241d916647c3416993c2b71d4f08f
SHA256 5249dea92706d039a3d9c4e7858f4c89b59cde4e0b9295a84b9043e9d73fca9c
SHA512 8dd4a19c58288396d5d3417c4537197bae3cb3536b608870cb15d9b8fec4ba3bf8f2cc60cad2a8c9023228b2e0df42d59d51890d052ce2b7697d76fb32719e44

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-version.cmd.txt

MD5 96275629f4d50cacc031d9fff056ce0c
SHA1 b47a3521d57e3e86b368994e24075ecee3dd82e7
SHA256 c49de28b5ecf8b3ddef8ac49737f3870a2b35b77e27b43ec6c8551ed62fd5b15
SHA512 e0187e7e3bc98aac93fa71c4dc674c54a8325b0454cf64a1b10ff335084d246c414698ac7a293a463de78d30537e92afc9678c8b3951730d2fe1080dfefd8f62

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-version.err.txt

MD5 2b6011e00005a20f051a13323fe2eff0
SHA1 7bbc836e615dbd816abad1086e8c75242f84f6a8
SHA256 09afb740ea2b3de3ebd36d564f4a9ac8f0214f39efcf027617818054ea845511
SHA512 934b95dc713d5c028d099c7c434cbb50707771a875b868a3698de2e131f0801633a7a35700d3207735bb6ce22df323448ca221cf21b1f2ea29775ce114fb4b07

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-getcontexts.cmd.txt

MD5 654e808e4ffd2d97f7e608045cfb16a5
SHA1 e95666ee9b61a08e754d914115808feffb985760
SHA256 424d24f21990aa6c59e6f781f0b25e21f48d31697c53e057aa698e20324b497a
SHA512 69252aa13b6f9231b8337b71bcd88b8b7bedd6cb4ce9bd912d34fa1c1327e07371385398ccbd3dbc71da2f768f6285a3f77a9e05368b2fb0fa22d1f3c7b22a27

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-currentcontext.cmd.txt

MD5 3f76b376d8dc2e1a52eeabb0c3830887
SHA1 5f85fa92c2bbe97609a2ba048a8767bf281d0f7a
SHA256 09ff9097f11f5a67fff70dbec7bfa87df7f2187ee5c029a2c90d6c208bfbbee3
SHA512 1f38033692606a45b15c347494db53b5ae9dbeff6b0898ab9d3e1395c659ec077b21b96127db314387fde40e13c92b820d823e3df7e4363ab92db346f0b798fb

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-clusterinfo-dump.cmd.txt

MD5 6fbf190b03be40ae5f8ec36154c72514
SHA1 c4a49be9f3d7276f30078ed1a7d14f2c40bef3cd
SHA256 264c0da3f3425bcbbe165df2fea3ec2e3dfc0727e7352510c5ab9cbefbfafcb0
SHA512 b460c1d6f32a83ac133690712c359bfe911da14058d90454c2f80386133d35134d9d9fe60ff550ba92dd6101040e46c750edc36e5e4fad50b565b08ad6585f77

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-get-namespaces.cmd.txt

MD5 542e77fcb4b18534f77121a54cc98085
SHA1 de02b14b99fc69c48befc21fb98c3ada7bac2e04
SHA256 c485003651d2468a3c16c762765bd746e6f08d47d22960eb2fe9323a2fd663da
SHA512 df578273d33501fe0cbb6bd471e42f02e62b52ec7beeb60889b95a052dc5a8af2068025cdd670110de7679468e83c10dc96d571943ce1e3a77c73d4543ff0333

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-get-nodes.cmd.txt

MD5 3fc130b3e6ef3ca21bc420868d5b580c
SHA1 3e4537d06a2cdd870d039bf2ab61b1409e74b0b0
SHA256 e53bbc0cbc3e768a07a8efff68520cf45d2f49e83c9f26ed5aa8d6343af84150
SHA512 b80f2d773d0b7572dfffa81f52192a218fd6e5a0aba199625f82843d6661b407faa111017b0ed4e66a4dde63c1662b2231e71c4e84fdc6effbdba7b380c008aa

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-nodes.cmd.txt

MD5 d16eebb25c9302a1cdf34bdcf7c936ed
SHA1 7d5398e18b6c0b768ec40a22cbd56971998a9544
SHA256 e8a1ed5c0ed31fa8e9ae1aff89e1d54e5aa18170f8df1dbf103e7a6861394d29
SHA512 d9ecc8b01af11a95b295a2517bd1d37e3d253c577a2a0434fa965d8f7772494abfa3aafa73cf19bd476cb46682422d4d9253818f72cbff26cc75789d5cb5ef63

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-pods-allnamespaces.cmd.txt

MD5 c863f288967d132b29784e4401b58512
SHA1 02ae31e412ff27b9f16b82c1157ad9c9835ed333
SHA256 2cf64ab9440bbac91a1ea61888b59f6b97dd0e5adeca729ea8a35429888a2623
SHA512 2c5b6ee9e0577f07ef7b3daaf91f1188f58ef2d0d6b971978f4ccec8bae07718879f8cf972a0b7d6aa01e70b28fe2c4ec9427bb7bfe4182fa2693a79a4de696b

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-services-allnamespaces.cmd.txt

MD5 6eca4cf5ebd52f8c2e05e548d720c96b
SHA1 ca48ca8abc3a2cae6a3d4937cca6f78977c39e78
SHA256 fdf148fcabcf78973dca2ac6687d01116bd2e33715b451441cc01123e74b6d84
SHA512 d4ce17bc6c1bf1b8376c16e84450bb91a001c28d51aa4d701670f28ada0577c607492c265d8f05bc614c171477dc91406dc0002071a34e6ba4b9f7bcd282b962

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt

MD5 c8132922440ccf9c50ff06d65205abd7
SHA1 096ed9504bed6655fe7fb7ff1035af007416fc32
SHA256 362103778c695feeec811d59a43290d5ee4e0df2ab1fbc3ff00758faf85eb8a4
SHA512 ee60150b145acbb81694022e3da9de1f105bf483ed4bbdd522f7f9a2b521c4d103412f8e5b53ac2f787804c1ff111ef57a6fda3c199bc4e7c683391c75748b27

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-deployments-allnamespaces.cmd.txt

MD5 3631db57279a5dc45dce19137d1c8026
SHA1 ccdb8306f79869356d536fdf6edd5d99c3f71978
SHA256 bd6e8a341d59c7a49d9de9d1c8265d6f0885b4d14eabdc8fbe219b75b7846d86
SHA512 23bd0a920543de4d8e82d8b9515f591aa6a2729055e5b6ef2ba1a1249260dedf41948cea4e24c5573ece57d23672725f0e45e28c64b7dc83458c0764ce5f755d

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-replicaset-allnamespaces.cmd.txt

MD5 0d6930d59e8d0fc4648b1c170caf1909
SHA1 d887818f29e86139b6cd482577d051c6d4d6d548
SHA256 6a5e42de63285374c442ec79ada7080ab41bae85438f4adfd95913916d14ba57
SHA512 62216eec2f04bdfc0ab69a5c00ec8246ab28f1d6f0164764bf1dd17d2461b5ddce4e632af1af07ff5865fb08e0e09390b18c0bbfa7ead48575e5ad0d81ba7133

/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-storageclass,pv,pvc.cmd.txt

MD5 3c44ff5f7437e2e9ee9bfc27b7239ef8
SHA1 51bf4232870c2a38a6fd0240bf18d0fbd5b11458
SHA256 643633049e2e90205e3c8841019ba822cd651134021b7d8f1b03f2a8be3ca3ea
SHA512 6c9a23be940cd980415f9c0118f8156cdf94b3d20b17b8fb95e4da1b8e4f5f517dc4f2eb4727a6fb97c74e50f965fab4f9a7ca9d8f398ba7111170343b1a0513

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:14

Platform

win10v2004-20240709-en

Max time kernel

95s

Max time network

101s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.dockerignore

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.dockerignore

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:14

Platform

win10v2004-20240709-en

Max time kernel

93s

Max time network

95s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.github\.codecov.yml

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.github\.codecov.yml

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/ls N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/self/fd /usr/bin/xargs N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/sh-thd.c9UIq0 /bin/bash N/A

Processes

/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh

[/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/bin/date

[date +%s]

/usr/bin/openssl

[openssl version]

/usr/bin/openssl

[openssl ecparam -name prime256v1 -genkey -noout -out /dev/null]

/bin/grep

[grep -qF OpenSSL 3]

/usr/bin/openssl

[openssl version]

/bin/mkdir

[mkdir -p /var/lib/rancher/k3s/server/tls/etcd]

/bin/mkdir

[mkdir -p .ca/certs]

/usr/bin/touch

[touch .ca/index]

/usr/bin/openssl

[openssl rand -hex 8]

/bin/cat

[cat]

/usr/bin/openssl

[openssl genrsa -out service.key 2048]

/usr/bin/openssl

[openssl genrsa -out root-ca.key 4096]

/usr/bin/openssl

[openssl req -x509 -new -nodes -sha256 -days 7300 -subj /CN=k3s-root-ca@1721013164 -key root-ca.key -out root-ca.pem -config .ca/config -extensions v3_ca]

/bin/cat

[cat root-ca.pem]

/usr/bin/openssl

[openssl genrsa -out intermediate-ca.key 4096]

/usr/bin/openssl

[openssl ca -batch -notext -days 3700 -in /dev/stdin -out intermediate-ca.pem -keyfile root-ca.key -cert root-ca.pem -config .ca/config -extensions v3_ca]

/usr/bin/openssl

[openssl req -new -nodes -subj /CN=k3s-intermediate-ca@1721013164 -key intermediate-ca.key]

/bin/cat

[cat intermediate-ca.pem root-ca.pem]

/usr/bin/tr

[tr / -]

/usr/bin/openssl

[openssl ecparam -name prime256v1 -genkey -noout -out client-ca.key]

/usr/bin/openssl

[openssl ca -batch -notext -days 3700 -in /dev/stdin -out client-ca.pem -keyfile intermediate-ca.key -cert intermediate-ca.pem -config .ca/config -extensions v3_ca]

/usr/bin/openssl

[openssl req -new -nodes -subj /CN=k3s-client-ca@1721013164 -key client-ca.key]

/bin/cat

[cat client-ca.pem intermediate-ca.pem root-ca.pem]

/usr/bin/tr

[tr / -]

/usr/bin/openssl

[openssl ecparam -name prime256v1 -genkey -noout -out server-ca.key]

/usr/bin/openssl

[openssl ca -batch -notext -days 3700 -in /dev/stdin -out server-ca.pem -keyfile intermediate-ca.key -cert intermediate-ca.pem -config .ca/config -extensions v3_ca]

/usr/bin/openssl

[openssl req -new -nodes -subj /CN=k3s-server-ca@1721013164 -key server-ca.key]

/bin/cat

[cat server-ca.pem intermediate-ca.pem root-ca.pem]

/usr/bin/tr

[tr / -]

/usr/bin/openssl

[openssl ecparam -name prime256v1 -genkey -noout -out request-header-ca.key]

/usr/bin/openssl

[openssl ca -batch -notext -days 3700 -in /dev/stdin -out request-header-ca.pem -keyfile intermediate-ca.key -cert intermediate-ca.pem -config .ca/config -extensions v3_ca]

/usr/bin/openssl

[openssl req -new -nodes -subj /CN=k3s-request-header-ca@1721013164 -key request-header-ca.key]

/bin/cat

[cat request-header-ca.pem intermediate-ca.pem root-ca.pem]

/usr/bin/tr

[tr / -]

/usr/bin/openssl

[openssl ecparam -name prime256v1 -genkey -noout -out etcd/peer-ca.key]

/usr/bin/openssl

[openssl ca -batch -notext -days 3700 -in /dev/stdin -out etcd/peer-ca.pem -keyfile intermediate-ca.key -cert intermediate-ca.pem -config .ca/config -extensions v3_ca]

/usr/bin/openssl

[openssl req -new -nodes -subj /CN=k3s-etcd-peer-ca@1721013164 -key etcd/peer-ca.key]

/bin/cat

[cat etcd/peer-ca.pem intermediate-ca.pem root-ca.pem]

/usr/bin/tr

[tr / -]

/usr/bin/openssl

[openssl ecparam -name prime256v1 -genkey -noout -out etcd/server-ca.key]

/usr/bin/openssl

[openssl ca -batch -notext -days 3700 -in /dev/stdin -out etcd/server-ca.pem -keyfile intermediate-ca.key -cert intermediate-ca.pem -config .ca/config -extensions v3_ca]

/usr/bin/openssl

[openssl req -new -nodes -subj /CN=k3s-etcd-server-ca@1721013164 -key etcd/server-ca.key]

/bin/cat

[cat etcd/server-ca.pem intermediate-ca.pem root-ca.pem]

/usr/bin/xargs

[xargs -n1 echo -e \t]

/bin/ls

[ls /var/lib/rancher/k3s/server/tls/root-ca.crt /var/lib/rancher/k3s/server/tls/root-ca.key /var/lib/rancher/k3s/server/tls/root-ca.pem /var/lib/rancher/k3s/server/tls/intermediate-ca.crt /var/lib/rancher/k3s/server/tls/intermediate-ca.key /var/lib/rancher/k3s/server/tls/intermediate-ca.pem]

/usr/local/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.crt]

/usr/local/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.crt]

/usr/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.crt]

/usr/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.crt]

/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.crt]

/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.crt]

/usr/local/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.key]

/usr/local/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.key]

/usr/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.key]

/usr/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.key]

/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.key]

/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.key]

/usr/local/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.pem]

/usr/local/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.pem]

/usr/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.pem]

/usr/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.pem]

/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.pem]

/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.pem]

/usr/local/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.crt]

/usr/local/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.crt]

/usr/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.crt]

/usr/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.crt]

/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.crt]

/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.crt]

/usr/local/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.key]

/usr/local/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.key]

/usr/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.key]

/usr/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.key]

/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.key]

/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.key]

/usr/local/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.pem]

/usr/local/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.pem]

/usr/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.pem]

/usr/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.pem]

/sbin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.pem]

/bin/echo

[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.pem]

/bin/rm

[rm -rf .ca]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.129.91:443 tcp
GB 89.187.167.2:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp

Files

/var/lib/rancher/k3s/server/tls/.ca/serial

MD5 d3fb259ac527b75aaf0585debc1e4e2b
SHA1 0c7154a7c5843656d5b6382d0d451ff9e3c369c8
SHA256 191f529f11b1a219533e07bf9a551a0f14b7fa45ba480ae9e1e617b1a455f7c5
SHA512 f4c42b5ae93a0079295d0b780cb682660b35c74bb77aa055465fd99c5731af4ec2ac77d5029fbdeb612f95f5618dcce4fb49cd4981428411fe498defb35091df

/tmp/sh-thd.c9UIq0

MD5 2844ba16b95991985d5f083c721ed963
SHA1 31689af97980a7a4336c19fccf111649ba010611
SHA256 a24bcf5ef2dbe17f5be8b690a809aeb487965e09f55ce8bef52f2f83beea4ec3
SHA512 a9ee7ebbe1f59c6927044f2f115ff95dce99b370c88477a096abeb34c97b0f7392ac8dce304e93f4601c9f9b77339d412f04f7019dbc54851e39eed70672383d

/var/lib/rancher/k3s/server/tls/service.key

MD5 ef89c8fa30ce36bab694d282c08408f7
SHA1 4e89fd5eba17a768d52836dbfd4dc7505f369492
SHA256 c863c19213c32768f522a4fa0a3b6520a4ea88c190090966e48af5e727352af2
SHA512 235f427f2a460aa3fa35ca985cf558c9c1f5fe5896fdb73acc2399feb9532717d71b7623cae43d787bb9bfc7a8f89481f1298600b7dd9a95a535ce571074bd05

/var/lib/rancher/k3s/server/tls/service.key

MD5 67f37a182068055b8f1fcb4bb4bffe76
SHA1 bc821677bd238bc8f7bdb67d827df96498a7ad93
SHA256 3f96001d261c01d32b6583a51ea5a9184e4646b73fe0838c0ab5207eab409e31
SHA512 bd074dc30b1ff5a82521bd0e347a6b228b5f39a84fd0c66650d0b08a400405465e538bf12c93afbd675f403d5b6253dc4d5496ce4e02e2de5931611dbe68ac33

/var/lib/rancher/k3s/server/tls/.ca/certs/6C6B62373D2BD940.pem

MD5 67c32d5a044f71e9b66dfc2344012552
SHA1 717ff3122c71a8d0f046730cde599394b062e04b
SHA256 2897cc80e7f0659ad608d944da2f78794bcf4b6c72cbf5d0e71be8b582dc03a0
SHA512 dfd78af63efd10567fb0bd3f656c6cd0852cc353ab49bf4b1881179c36d5ec40d8b03c64fe1541c0fc701427b8a1afdd2845b8289583776868f1dd13b891a3a8

/var/lib/rancher/k3s/server/tls/client-ca.key

MD5 d24f49e913dfab79f5478b0fc4d54940
SHA1 376ddaf568224a7c9f18d5eedd49d43ad59bc77c
SHA256 5be6967ed0ae08bdbfd0c0c8e607d582795232ab1d1d5d4102b6f049fe1ca872
SHA512 c3627e676bb4f2362366d876500ec3e83782cb7e3cb0500f1c225825fdda56f78a25a4de4a769a93a7e76ae02a9014158e5e3e2216b5bf1434e6cee75569c93b

/var/lib/rancher/k3s/server/tls/.ca/certs/6C6B62373D2BD941.pem

MD5 474088f3faf069a260362144e420bd45
SHA1 142a4dcb3fb3c0ba46a0b1a2b8ce476ff84127eb
SHA256 a7d352c0dfc23a8595712a34edf3aaf0774eaced71e4dd6dd327f69381c56969
SHA512 fb377c741e99a270449de66a2233a13fca877b612b0c96362d721894cbff63bcdb0f319b767395dfe555e251ab933b16e180276d6e172999151bab8fb1140c06

/var/lib/rancher/k3s/server/tls/server-ca.key

MD5 a49db3cc5d70bed55c8293896020b51a
SHA1 97bcd258709a4b75ae77f6ffb157133b264467f1
SHA256 95381dd5787c492505fa30b19d6c7add9123553887199fd9dab90c45b997ed28
SHA512 8037722764ba4fd099849b22c3178f40a5eb72fdc454158ac58246cc15dc30b80cb2d5f2d43b4d4a8c4d48dedaabd7dfcead3a71808b041838586cef3ab94455

/var/lib/rancher/k3s/server/tls/.ca/certs/6C6B62373D2BD942.pem

MD5 7ce06675a3429947b92e756f46e4ce15
SHA1 78457e526ba91569867e448a4ef07ed9827db414
SHA256 9c49edad1b6a10a67dcf817bb6c3aacfd93c1c0509968720e131a92c82cc2d2d
SHA512 af057ab40474041d8533e03999880fea075c46b4f212cdc08bf22b7e3ead38a6e36a122f6658d9b585a6380d9b6e1ab561fb169a9caa9a793a72a3df92b300f6

/var/lib/rancher/k3s/server/tls/request-header-ca.key

MD5 b2d6f71352bc4d5ac9d1dcb5916c8e41
SHA1 4ba272e6765e8eab2218c5cda5c6470ad2cebd3f
SHA256 bf733288e7a8c3767e1df8c138ded23356f5379432504015676a19444c10f540
SHA512 64d4fc672e7095a3cab7000aeec687e549b362fa0701d8610ccf31b31f743cb365b3c0e62ebde4d6215665cc4a70cb27f55505d5e2b81ce82e018ca0ae1c1702

/var/lib/rancher/k3s/server/tls/.ca/certs/6C6B62373D2BD943.pem

MD5 b7f0e4983cbadf8dcae02fff3f31ee79
SHA1 f56ca55d40d6375b39933e8989a9d92d5a7ecd1a
SHA256 08619ac676189a92655d3a75dff54c8e29d66845b204837a894c9987312dd56a
SHA512 6141ecf393d04eee15f1ad1322a68bdf2731c4bdd8e0dbe53f00a389d3d5aa350f083691fa1dc11945a31ac446287210b49d1fee295dd1e29d43a49c825dd73f

/var/lib/rancher/k3s/server/tls/etcd/peer-ca.key

MD5 d0d370c87476b706c032f62b078b3943
SHA1 66f54694f58095df68d868fcd09357ce6cc4b931
SHA256 f05fa32e60186f15dd14734a77a170c39f49731c5addbefb16f052349304c18f
SHA512 b6c1abd676890bd64a3dab4fc3e2820a72eb6ba82fd86da4b45a45d8fd0a8302e6974658425e5276a8d8055a803f8ca41fc4aa055b3ae67a9b52a84cb9e61637

/var/lib/rancher/k3s/server/tls/.ca/certs/6C6B62373D2BD944.pem

MD5 7a0ed72909ca82a7ec6d57cd81cfb280
SHA1 3508669d95b2e11f95f302a5bae1d729e73f17d4
SHA256 b4d3b17a160b4836d378be1fa2c317e32746d35e930dc1d41f930195e1cb761b
SHA512 0151514ca985adafd9fd6c16c5bfe183692a8c72d0c0eb3c68f8e667cdb3922742d945f36446e31db169205b6fe169a0e6ffc8caf3094ff2913c416af0e43d3b

/var/lib/rancher/k3s/server/tls/etcd/server-ca.key

MD5 1b09ae59766ac43d907b7e9b31d09bd9
SHA1 9d02741585808db0ce47c2685b40b733f81a6762
SHA256 afdbabe1ae476ce580d0e28ccc9b8efb0aaedebb6c545967cde7561f7021bcc3
SHA512 574701c9b1dd20a14b802d293c6950014ed59456fb21dd7892fc72f0fb4a1ae48361014e1267f0d87f8920ec594b2279190bb86373b29a5be3614afeb1d86176

/var/lib/rancher/k3s/server/tls/.ca/certs/6C6B62373D2BD945.pem

MD5 071ce144f9adcb27e424fcda035693b9
SHA1 dc180af2370e508f8794e7cfbc22f1028727c03d
SHA256 5a69b052150011eb4bc6086a766886975fa1d9c598c824eb2699b35f3ea8cf19
SHA512 6d067261a17ad3d7a81ce170289671776ad1f1e43e8ffcebb1856963fe2c808a4d83e728f0ecd48ba93cbc1a7cb4e0424225f5dee0946d6a9455522c3770f354

Analysis: behavioral8

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:14

Platform

win10v2004-20240709-en

Max time kernel

149s

Max time network

151s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.droneignore

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.droneignore

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-armhf-20240418-en

Max time kernel

6s

Max time network

8s

Command Line

[/tmp/k3s-master/contrib/util/diagnostics.sh]

Signatures

Enumerates running processes

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /sbin/sysctl N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/694/stat /bin/ps N/A
File opened for reading /proc/sys/net/ipv4/tcp_max_reordering /sbin/sysctl N/A
File opened for reading /proc/sys/kernel/usermodehelper/bset /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/neigh/default/proxy_delay /sbin/sysctl N/A
File opened for reading /proc/22/stat /usr/bin/pgrep N/A
File opened for reading /proc/24/stat /usr/bin/pgrep N/A
File opened for reading /proc/sys/kernel/keys/gc_delay /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/neigh/default/base_reachable_time_ms /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/neigh/default/gc_stale_time /sbin/sysctl N/A
File opened for reading /proc/11/cmdline /bin/ps N/A
File opened for reading /proc/5/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/sys/fs/leases-enable /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/tcp_congestion_control /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/eth0/dad_transmits /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/neigh/lo/ucast_solicit /sbin/sysctl N/A
File opened for reading /proc/sys/net/core/default_qdisc /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/conf/eth0/igmpv3_unsolicited_report_interval /sbin/sysctl N/A
File opened for reading /proc/stat /bin/ps N/A
File opened for reading /proc/598/stat /bin/ps N/A
File opened for reading /proc/668/stat /usr/bin/pgrep N/A
File opened for reading /proc/sys/kernel/overflowuid /sbin/sysctl N/A
File opened for reading /proc/sys/kernel/pty/max /sbin/sysctl N/A
File opened for reading /proc/sys/fs/quota/warnings /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/neigh/eth0/proxy_qlen /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/ping_group_range /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/lo/mtu /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/route /sbin/sysctl N/A
File opened for reading /proc/26/cmdline /bin/ps N/A
File opened for reading /proc/23/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/265/stat /usr/bin/pgrep N/A
File opened for reading /proc/sys/kernel/ctrl-alt-del /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/route/gc_thresh /sbin/sysctl N/A
File opened for reading /proc/267/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/sys/kernel/modules_disabled /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/tcp_limit_output_bytes /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/default/drop_unicast_in_l2_multicast /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/default/router_solicitation_delay /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/eth0/accept_ra_rtr_pref /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/lo/max_desync_factor /sbin/sysctl N/A
File opened for reading /proc/sys/net/netfilter/nf_log /sbin/sysctl N/A
File opened for reading /proc/sys/vm/page-cluster /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/neigh/default/anycast_delay /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/ipfrag_max_dist /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/neigh/eth0/mcast_solicit /sbin/sysctl N/A
File opened for reading /proc/261/status /bin/ps N/A
File opened for reading /proc/sys/kernel/nmi_watchdog /sbin/sysctl N/A
File opened for reading /proc/sys/kernel/pid_max /bin/ps N/A
File opened for reading /proc/10/stat /bin/ps N/A
File opened for reading /proc/sys/kernel/msgmnb /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/tcp_rmem /sbin/sysctl N/A
File opened for reading /proc/sys/user/max_uts_namespaces /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/tcp_keepalive_probes /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/tcp_fwmark_accept /sbin/sysctl N/A
File opened for reading /proc/sys/vm/dirtytime_expire_seconds /sbin/sysctl N/A
File opened for reading /proc/sys/vm/legacy_va_layout /sbin/sysctl N/A
File opened for reading /proc/106/stat /usr/bin/pgrep N/A
File opened for reading /proc/sys/kernel/osrelease /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/icmp_ratelimit /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/tcp_available_congestion_control /sbin/sysctl N/A
File opened for reading /proc/580/cmdline /bin/ps N/A
File opened for reading /proc/21/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/sys/kernel/random/poolsize /sbin/sysctl N/A
File opened for reading /proc/sys/kernel/domainname /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/lo/temp_valid_lft /sbin/sysctl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/hostname-f.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-currentcontext.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-ln.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/lsof-n-P-p.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-nr.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-checkconfig.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-storageclass,pv,pvc.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/df-h.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-ln.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-L.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ps-uax.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ifconfig-a.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/hostname-f.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-replicaset-allnamespaces.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-storageclass,pv,pvc.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/sysctl-a.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/uname-a.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-version.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-getcontexts.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-replicaset-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/id.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ifconfig-a.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-version.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-nodes.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-nodes.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-services-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/dmesg.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/df-h.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/dmesg.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-daemonset-allnamespaces.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/command-v-kubectl.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-currentcontext.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-namespaces.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-nodes.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-pods-allnamespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-storageclass,pv,pvc.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/lsof-n-P-p.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-S.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/id.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/lsof-n-P-p.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-S.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-getcontexts.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-currentcontext.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-clusterinfo-dump.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/_etc_os-release /bin/cp N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/uname-a.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-daemonset-allnamespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-S.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/command-v-kubectl.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-version.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-namespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-nodes.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/sysctl-a.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-L.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ifconfig-a.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-nr.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-version.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-clusterinfo-dump.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-nodes.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-pods-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/mount.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/df-h.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/command-v-kubectl.err.txt /bin/bash N/A

Processes

/tmp/k3s-master/contrib/util/diagnostics.sh

[/tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/bin/id

[id -u]

/bin/cat

[cat /proc/sys/kernel/random/uuid]

/usr/bin/tr

[tr [:lower:] [:upper:]]

/bin/mktemp

[mktemp -d /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-XXXXXXXX]

/bin/readlink

[readlink -m /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol]

/bin/mkdir

[mkdir -p /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system]

/bin/cp

[cp --recursive --dereference /etc/os-release /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/_etc_os-release]

/sbin/sysctl

[sysctl -a]

/bin/uname

[uname -a]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/uname-a.err.txt]

/bin/ps

[ps uax]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ps-uax.err.txt]

/bin/dmesg

[dmesg]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/dmesg.err.txt]

/usr/bin/id

[id]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/id.err.txt]

/bin/mount

[mount]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/mount.err.txt]

/bin/df

[df -h]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/df-h.err.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ifconfig-a.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-ln.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-nr.txt]

/usr/bin/pgrep

[pgrep -o k3s]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/lsof-n-P-p.txt]

/sbin/iptables

[iptables -L]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-L.err.txt]

/sbin/iptables

[iptables -S]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-S.err.txt]

/bin/hostname

[hostname -f]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/hostname-f.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/hostname-f.err.txt]

/bin/mkdir

[mkdir -p /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-version.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-checkconfig.txt]

/bin/journalctl

[journalctl --field _SYSTEMD_UNIT]

/bin/grep

[grep k3s]

/bin/mkdir

[mkdir -p /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/command-v-kubectl.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/command-v-kubectl.err.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-version.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-getcontexts.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-currentcontext.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-clusterinfo-dump.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-namespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-nodes.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-nodes.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-pods-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-services-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-daemonset-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-deployments-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-replicaset-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-storageclass,pv,pvc.txt]

/usr/bin/tr

[tr [:lower:] [:upper:]]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian9-armhf-20240418-en-6 udp

Files

/tmp/sh-thd.3ikOIH

MD5 c1ca62dec968677a3bfafab4f4e7d59c
SHA1 cc750ebfae6817a24ff2bceaebec38c5e11f883f
SHA256 99347398e3860004a2db097da166c590f27c942e729a406ecea61aa784fa544b
SHA512 ef9337ef3cccbad24ee114604ae4ee45d3d5d64ed0bdf0676a6093746e592714b07a40cc52477b36cdf31eb2e33a1be4062a2311a5eaffa7247f8e64b39fa0dd

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/_etc_os-release

MD5 6b9cb463744e6c78a180041ae5c82068
SHA1 b66fa3cc6b749fc33c049dc2f4ea3b6d9f12a9a7
SHA256 ff83f0c28edf5d329efd04b1f776bceef961380b1733d47469c4c54eab4b40b2
SHA512 3636e4089e683ec160911c7b855495d68993fda6140636a402881ea9d207ca6afad704f10afaa79dbf3e510b3ff2fc31bcf6bb26def11ac22dddaba74cab95be

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/sysctl-a.cmd.txt

MD5 65a913226117e10569f47210ba5cc9e4
SHA1 c958c77311ef8ea7767c0c6e8ad1645eebd9394a
SHA256 4ea6aada74971199ecb08b13fbe3add985765a673bb8ec2c9ed7f488ab8ca21c
SHA512 914ae3d1e97baffa38a84f0bf45e92d77ebada3ad4779e1669696231450825f7f9f989e48fe1bd17b861f1d8ddd763749673cc6ba8041c194b7689c477227cee

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/sysctl-a.err.txt

MD5 f58ca9e51d5c1377a85a3adb49bbd098
SHA1 3e2ce04cdaf927e4e1a8480f1e52ecac70c4261b
SHA256 891da683164708facaff8b66c3b54e81631be0ab1a0fd1beb53f9fad5d11080e
SHA512 4e8f00fbed1b9867606d3af67aded2df67c45226cfc2d1a25a53fe73bc9e88dd9639849f53a9ebfc71b33f16bd0945354cf04ccff8f008425a652576ead0e6dc

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/uname-a.cmd.txt

MD5 6d03a4bce238ab72e1efd760a9d7d22d
SHA1 39a250e1c093ecfcd2473e71716ba65b37940e21
SHA256 a5c41ad2a873e7904cb35754bf57108df0b72d5939ba9d9b0a8250affda6285d
SHA512 28caf42ce66c25c8cea394de5f845490221cc7824c4689ad56cd85ccea4a1e0631ae70870be1a5b36e9fdea88ee069198ea21f839c20434f0c996e09b8a7bd3a

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ps-uax.cmd.txt

MD5 691b561deef6ef64e778e28766cedbf4
SHA1 deecfe74e77f32702af64f7d98f7976bebed926c
SHA256 9a262237c8fdccc327d5fa407fc6ed67125f5c10d6cfa893fd844fc449b0b0f6
SHA512 e9b4dc23441e6723af8e68b3835046bcdd973e157736d610f3691f85fe00ebe71b75bc4dd6a54516b53e9a2ed0e3a248b12344733fb07262ada5b1856cbefb70

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/dmesg.cmd.txt

MD5 5e586b12552daf93c7af22dccbbf673b
SHA1 87b5100b995abbc509d56fbc2f21a5e36f31e19d
SHA256 ecdd46797ccbbd216430279b15b436d2ed9f0afa18d3115f7cb21d88d7c7f227
SHA512 cad46c0ec64a9fd7860343b2703ad98dc5aa0231b8a08af5af34fbd44f8730f313c2f25dd81273b2e3e3c62af69dc11fed051036b6f2fb4e41c91ecb870fca88

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/id.cmd.txt

MD5 49f96038f20aa062772267b640a18d79
SHA1 d5c07425675ba6682d89278ed8616a88d49af0a2
SHA256 984a644ec3b56d32b0404777e1eb73390c4b0742a6a0e183f07861056b6746de
SHA512 2236c2c538189f24d1e9334832ac9db9df3c141bb98af9cd5c6a3ec5ade393a5a573f682953ee2dbff9aaa96bbecc0726deaeee962cd070ed44d183130c7408a

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/mount.cmd.txt

MD5 d8019401b7e42876fd36020a04c3bf2c
SHA1 49e9151a32ea1ffc9b3c50c0d8711575fde1aebe
SHA256 c29c742d06751d4f0189151a5eb8df519779a56b90701230c359d9de849914ad
SHA512 6c549cdea03de6c868080cc301c38948fcedfcb96e0ade3881321e8d6fe2c59f97b73d2b44fc5016cb3a15194a84357d7176da5e6ed5586b193dd9fc7a0ee084

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/df-h.cmd.txt

MD5 69a238d8cb3c5f979252010b3299e524
SHA1 c989bd551bfa8c755f6cacacb90c5c509432110e
SHA256 3242baedf369c64515b1cb0c47ea519e0e5c71911d863ff0e41d4ae9426fcd97
SHA512 ef99d9670cccbd6edfe26c74a13567360cc7f22ee507d68f5e3eceb6c0891689321397c56ddddf8ea942990f72d8276827277b2c1c8213f0c244ce94d286840a

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ifconfig-a.cmd.txt

MD5 af9af3cccdf311f8c81f08e97e8d0aa0
SHA1 93ed74c2d1ab654206a6ff50c8b0955901fed699
SHA256 235a86b5220bd41c03dc776f96f1dc95806e7a0579ffd4126afda0eda33b7186
SHA512 61293697a81ef554d494e9a0219a50dfa9ec2a1658c38e60c1cdbc2c382128faa24a9d9e1f0d871df50a82e16190262e9a83db1372ca324ca625b48b9380de1a

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ifconfig-a.err.txt

MD5 2205dea4d61a6d56f12580a91bf88ebd
SHA1 ea5c2d483ac5600ab9650a15fd5a6cc1abeaef4b
SHA256 96de101f770c28472d203a7c2f0588f76125e56963adc253315ecf7e5362d57b
SHA512 894c76524767d0ed7b890961a8a85582024f61bfc7382c62b42a89b172fa1b3f4cb907517c836838aa76b3ebb9e86838fa24e3029cffaa92e8779f950fb90238

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-ln.cmd.txt

MD5 34b0eb93562d163c0421d090e1af127a
SHA1 a92fd8952b3f7e38e9473507eb5118379762259b
SHA256 6aa3e31d3a1e7c3ad12f70971de5bd17ccd04c42150acb6dcee0366966e4efde
SHA512 3d600a185c170ef42990bef49d5d0fe7cab5b9b523d06f88b3b93900042a5c59dbe3761daf1c5937846d6cb0c2a854ed3d288a5f14bf86e2a4809222c151b98b

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-ln.err.txt

MD5 a01d8d19ee83ee3b9e3aa93994adeac1
SHA1 e8d2614ca92e7bf98a77bd9a665e4c90666d9ea9
SHA256 67dd27625b828ba9afc4e1660cb7ceacaaa1c0c53d1f012092d7634b477caf83
SHA512 852baf4d57d0e566306afbd95e048b579e037436e58df90fd7fffa231c1ce6f35364f19a8463c8e72e189abbafa0d6e2ce0cd63e5fc14fc6923f23bfa86d50a7

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-nr.cmd.txt

MD5 f91997b53c5bb88b78adbc7c6045acfa
SHA1 76d0d0b39dd17bf89516ca246e273aaad204f306
SHA256 69db1fee62f367e4c5c5662955fe1960e638605415869851b82bdb9cb0097176
SHA512 f7bf633b9542a935188a2527075243a72846ebbe18079103035e141571225ecfb5cc7d2647044b89fe2bd6b849c30c41ffda4608fd23886765f34970d3271c5e

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/lsof-n-P-p.cmd.txt

MD5 3b97c34d2930b286446fe0e3c0a3992f
SHA1 8ade115cded46e67fdbf533d6b28ed0965f5e9e5
SHA256 76e39d40cc0973fa69f2968eb13060976f5d9a11e070f9b74b8614086c35d99f
SHA512 d961289fc6ab8e72344b0be929ad8abb327d897c3fe19c84fa92e9530dec3ec80e1706711e4c8104c1cc44f7c7b81f591e9d26ef0df293983dbf9005c312f285

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/lsof-n-P-p.err.txt

MD5 fef6762266aceba4193ef24290aaca06
SHA1 faac5e497bdee0d77c700c53e4e4d3f435a2d4d0
SHA256 dc096a6dd561bf05605bf08b0ae028e6ac371bb55b1ac10b1099326a69c2936e
SHA512 24ad1b561af4a12995f444914014cd1a9c91506c5ada43518d5be94d54f7bd870f9b8dff8a34f8a89ddbc02643816583a39e33ea7d8655b33ee6ee91337a9e93

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-L.cmd.txt

MD5 434489814c5c403c06037f82f9e9a264
SHA1 47b6cbb7c23e2c02ce89a10ea2df3cb17c8c98aa
SHA256 46da7b1e98fcbc799e2dbe3d5e347476ae1d85818364a70c822add53a488ea46
SHA512 ca0cd8a62be26f5c4a511795ca5a66705f30d78bdff1405e5ad451c2cbb5b4f102334afa9cf956b80f6e36868608a67c0888d34012e8d7140cb2d6402b8f42ca

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-S.cmd.txt

MD5 3b4ee7611e467391ba258b42f691fc34
SHA1 8f442990dd87f47f59bb91e5f45563e191e4e3dd
SHA256 42129453f7b3b970155c3acaea97965f29694fc7dabd544cdfbde2ad5463348a
SHA512 cfb660bc6c96f7a98e445bd9e0b7f40ebe2c7490351bac2c8a6d3a00a4e1d97ffc5a199e4d399b90b7ef4baf3b3b1468d017afe14004edb2340d23f6aafd17e8

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/hostname-f.cmd.txt

MD5 01c771b88df59ada175c1653db8bea99
SHA1 e21d64f4f91b700f4ce8d9e65bb2806df96e5d55
SHA256 80cfa79f1c72e35ea11dea69762c2bbc0f11c683cd8ef840996ede660d69c04a
SHA512 15f11c20166742cbce33caf92482e2f0b96378f4a4ba17740ab7066511206ef3012ad132934108bbbc98b02c672d6b4348d80b011bbf862624148bdf2860cc54

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-version.cmd.txt

MD5 2f314c074a46fcfbf6f5f13a4ea2a6be
SHA1 650ecc8d90046edc71609c5b0a5491bcb7bf4f51
SHA256 ee0d9f93c2b132ac9bbaa7226439ee9e6127425bdf75e630ac894fb85d439bf2
SHA512 a9d1270bbff5f0756a122c32727be732b412a31fb7d4310eaecc93f00d46239d003eeca9032779d35bfa1992e6104342ac082c561e79217cf3775606d4462637

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-version.err.txt

MD5 2f821ac970317a5954f9e4b78a508e63
SHA1 c82324b92ad1f492221cb9203171d87a74182b38
SHA256 6d5a1ded372e8240ae92ab10faa113f4300bc4ad68ba6c9cac7fa7f969dff93d
SHA512 c10c8a1dce6a09cf1bb0acd99c808939c472f92a3d14ecbc5bbd6f15e2bd53036c627542a2f9a959bd23f3b6036bc5e530bf2e96a7705e468496b90f0b1e009d

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-checkconfig.cmd.txt

MD5 3fc4a3e73307f2a04a4901a2d7f65c48
SHA1 4063beda5c8cf430d48c87fa1a6a68ddbb93c20c
SHA256 26f41d1fb3bfccae59379f6a945a348ee951aa4cb6d63ded1b2a7fe51990a570
SHA512 1fc1804eca455263001c23e92dea1cae8fdec88797ff7cf5fecc0943a5c4473e9785300d4570a52e9afa83485c4cfc7541d3c3acf8abb83f7a9b3d18143a5f83

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/command-v-kubectl.cmd.txt

MD5 ae1741b49f8cb260295757450f4e940c
SHA1 4ddff8d1a4d241d916647c3416993c2b71d4f08f
SHA256 5249dea92706d039a3d9c4e7858f4c89b59cde4e0b9295a84b9043e9d73fca9c
SHA512 8dd4a19c58288396d5d3417c4537197bae3cb3536b608870cb15d9b8fec4ba3bf8f2cc60cad2a8c9023228b2e0df42d59d51890d052ce2b7697d76fb32719e44

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-version.cmd.txt

MD5 96275629f4d50cacc031d9fff056ce0c
SHA1 b47a3521d57e3e86b368994e24075ecee3dd82e7
SHA256 c49de28b5ecf8b3ddef8ac49737f3870a2b35b77e27b43ec6c8551ed62fd5b15
SHA512 e0187e7e3bc98aac93fa71c4dc674c54a8325b0454cf64a1b10ff335084d246c414698ac7a293a463de78d30537e92afc9678c8b3951730d2fe1080dfefd8f62

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-version.err.txt

MD5 2b6011e00005a20f051a13323fe2eff0
SHA1 7bbc836e615dbd816abad1086e8c75242f84f6a8
SHA256 09afb740ea2b3de3ebd36d564f4a9ac8f0214f39efcf027617818054ea845511
SHA512 934b95dc713d5c028d099c7c434cbb50707771a875b868a3698de2e131f0801633a7a35700d3207735bb6ce22df323448ca221cf21b1f2ea29775ce114fb4b07

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-getcontexts.cmd.txt

MD5 654e808e4ffd2d97f7e608045cfb16a5
SHA1 e95666ee9b61a08e754d914115808feffb985760
SHA256 424d24f21990aa6c59e6f781f0b25e21f48d31697c53e057aa698e20324b497a
SHA512 69252aa13b6f9231b8337b71bcd88b8b7bedd6cb4ce9bd912d34fa1c1327e07371385398ccbd3dbc71da2f768f6285a3f77a9e05368b2fb0fa22d1f3c7b22a27

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-currentcontext.cmd.txt

MD5 3f76b376d8dc2e1a52eeabb0c3830887
SHA1 5f85fa92c2bbe97609a2ba048a8767bf281d0f7a
SHA256 09ff9097f11f5a67fff70dbec7bfa87df7f2187ee5c029a2c90d6c208bfbbee3
SHA512 1f38033692606a45b15c347494db53b5ae9dbeff6b0898ab9d3e1395c659ec077b21b96127db314387fde40e13c92b820d823e3df7e4363ab92db346f0b798fb

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-clusterinfo-dump.cmd.txt

MD5 6fbf190b03be40ae5f8ec36154c72514
SHA1 c4a49be9f3d7276f30078ed1a7d14f2c40bef3cd
SHA256 264c0da3f3425bcbbe165df2fea3ec2e3dfc0727e7352510c5ab9cbefbfafcb0
SHA512 b460c1d6f32a83ac133690712c359bfe911da14058d90454c2f80386133d35134d9d9fe60ff550ba92dd6101040e46c750edc36e5e4fad50b565b08ad6585f77

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-namespaces.cmd.txt

MD5 542e77fcb4b18534f77121a54cc98085
SHA1 de02b14b99fc69c48befc21fb98c3ada7bac2e04
SHA256 c485003651d2468a3c16c762765bd746e6f08d47d22960eb2fe9323a2fd663da
SHA512 df578273d33501fe0cbb6bd471e42f02e62b52ec7beeb60889b95a052dc5a8af2068025cdd670110de7679468e83c10dc96d571943ce1e3a77c73d4543ff0333

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-nodes.cmd.txt

MD5 3fc130b3e6ef3ca21bc420868d5b580c
SHA1 3e4537d06a2cdd870d039bf2ab61b1409e74b0b0
SHA256 e53bbc0cbc3e768a07a8efff68520cf45d2f49e83c9f26ed5aa8d6343af84150
SHA512 b80f2d773d0b7572dfffa81f52192a218fd6e5a0aba199625f82843d6661b407faa111017b0ed4e66a4dde63c1662b2231e71c4e84fdc6effbdba7b380c008aa

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-nodes.cmd.txt

MD5 d16eebb25c9302a1cdf34bdcf7c936ed
SHA1 7d5398e18b6c0b768ec40a22cbd56971998a9544
SHA256 e8a1ed5c0ed31fa8e9ae1aff89e1d54e5aa18170f8df1dbf103e7a6861394d29
SHA512 d9ecc8b01af11a95b295a2517bd1d37e3d253c577a2a0434fa965d8f7772494abfa3aafa73cf19bd476cb46682422d4d9253818f72cbff26cc75789d5cb5ef63

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-pods-allnamespaces.cmd.txt

MD5 c863f288967d132b29784e4401b58512
SHA1 02ae31e412ff27b9f16b82c1157ad9c9835ed333
SHA256 2cf64ab9440bbac91a1ea61888b59f6b97dd0e5adeca729ea8a35429888a2623
SHA512 2c5b6ee9e0577f07ef7b3daaf91f1188f58ef2d0d6b971978f4ccec8bae07718879f8cf972a0b7d6aa01e70b28fe2c4ec9427bb7bfe4182fa2693a79a4de696b

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-services-allnamespaces.cmd.txt

MD5 6eca4cf5ebd52f8c2e05e548d720c96b
SHA1 ca48ca8abc3a2cae6a3d4937cca6f78977c39e78
SHA256 fdf148fcabcf78973dca2ac6687d01116bd2e33715b451441cc01123e74b6d84
SHA512 d4ce17bc6c1bf1b8376c16e84450bb91a001c28d51aa4d701670f28ada0577c607492c265d8f05bc614c171477dc91406dc0002071a34e6ba4b9f7bcd282b962

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt

MD5 c8132922440ccf9c50ff06d65205abd7
SHA1 096ed9504bed6655fe7fb7ff1035af007416fc32
SHA256 362103778c695feeec811d59a43290d5ee4e0df2ab1fbc3ff00758faf85eb8a4
SHA512 ee60150b145acbb81694022e3da9de1f105bf483ed4bbdd522f7f9a2b521c4d103412f8e5b53ac2f787804c1ff111ef57a6fda3c199bc4e7c683391c75748b27

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-deployments-allnamespaces.cmd.txt

MD5 3631db57279a5dc45dce19137d1c8026
SHA1 ccdb8306f79869356d536fdf6edd5d99c3f71978
SHA256 bd6e8a341d59c7a49d9de9d1c8265d6f0885b4d14eabdc8fbe219b75b7846d86
SHA512 23bd0a920543de4d8e82d8b9515f591aa6a2729055e5b6ef2ba1a1249260dedf41948cea4e24c5573ece57d23672725f0e45e28c64b7dc83458c0764ce5f755d

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-replicaset-allnamespaces.cmd.txt

MD5 0d6930d59e8d0fc4648b1c170caf1909
SHA1 d887818f29e86139b6cd482577d051c6d4d6d548
SHA256 6a5e42de63285374c442ec79ada7080ab41bae85438f4adfd95913916d14ba57
SHA512 62216eec2f04bdfc0ab69a5c00ec8246ab28f1d6f0164764bf1dd17d2461b5ddce4e632af1af07ff5865fb08e0e09390b18c0bbfa7ead48575e5ad0d81ba7133

/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-storageclass,pv,pvc.cmd.txt

MD5 3c44ff5f7437e2e9ee9bfc27b7239ef8
SHA1 51bf4232870c2a38a6fd0240bf18d0fbd5b11458
SHA256 643633049e2e90205e3c8841019ba822cd651134021b7d8f1b03f2a8be3ca3ea
SHA512 6c9a23be940cd980415f9c0118f8156cdf94b3d20b17b8fb95e4da1b8e4f5f517dc4f2eb4727a6fb97c74e50f965fab4f9a7ca9d8f398ba7111170343b1a0513

Analysis: behavioral17

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-mipsbe-20240418-en

Max time kernel

9s

Max time network

10s

Command Line

[/tmp/k3s-master/contrib/util/diagnostics.sh]

Signatures

Enumerates running processes

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /sbin/sysctl N/A
File opened for reading /sys/devices/system/cpu/online /bin/ps N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/pgrep N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/8/stat /bin/ps N/A
File opened for reading /proc/385/stat /bin/ps N/A
File opened for reading /proc/sys/kernel/domainname /sbin/sysctl N/A
File opened for reading /proc/stat /bin/ps N/A
File opened for reading /proc/sys/net/ipv4/tcp_fastopen_key /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/default/use_optimistic /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/lo/accept_redirects /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/flowlabel_state_ranges /sbin/sysctl N/A
File opened for reading /proc/8/cmdline /bin/ps N/A
File opened for reading /proc/sys/kernel/overflowgid /sbin/sysctl N/A
File opened for reading /proc/sys/kernel/pty /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/conf/all/log_martians /sbin/sysctl N/A
File opened for reading /proc/707/cmdline /bin/ps N/A
File opened for reading /proc/8/stat /usr/bin/pgrep N/A
File opened for reading /proc/79/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/sys/net/ipv4/route/gc_elasticity /sbin/sysctl N/A
File opened for reading /proc/756/status /bin/ps N/A
File opened for reading /proc/sys/net/ipv6/conf/default/max_desync_factor /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/default/router_solicitation_max_interval /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/lo/router_solicitations /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/neigh/lo /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/ip_forward /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/all/accept_ra_rtr_pref /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/neigh/enp0s19/proxy_qlen /sbin/sysctl N/A
File opened for reading /proc/sys/vm/laptop_mode /sbin/sysctl N/A
File opened for reading /proc/sys/net/core/busy_poll /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/enp0s19/temp_valid_lft /sbin/sysctl N/A
File opened for reading /proc/69/stat /usr/bin/pgrep N/A
File opened for reading /proc/72/status /bin/ps N/A
File opened for reading /proc/sys/kernel/perf_event_max_stack /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/conf/all/ignore_routes_with_linkdown /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/neigh/enp0s19/unres_qlen_bytes /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/enp0s19/disable_ipv6 /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/ip6frag_time /sbin/sysctl N/A
File opened for reading /proc/81/status /bin/ps N/A
File opened for reading /proc/sys/kernel/max_lock_depth /sbin/sysctl N/A
File opened for reading /proc/sys/kernel/traceoff_on_warning /sbin/sysctl N/A
File opened for reading /proc/sys/fs/mqueue/msg_max /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/tcp_workaround_signed_windows /sbin/sysctl N/A
File opened for reading /proc/filesystems /bin/ps N/A
File opened for reading /proc/sys/net/ipv4/neigh/default/mcast_resolicit /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/neigh/lo/proxy_delay /sbin/sysctl N/A
File opened for reading /proc/73/cmdline /bin/ps N/A
File opened for reading /proc/6/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/sys/fs/file-max /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/conf/enp0s19/send_redirects /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/ipfrag_high_thresh /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/route/error_cost /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/lo/forwarding /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/mld_max_msf /sbin/sysctl N/A
File opened for reading /proc/3/stat /bin/ps N/A
File opened for reading /proc/sys/fs/inotify/max_user_instances /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/conf/lo/proxy_arp /sbin/sysctl N/A
File opened for reading /proc/16/status /bin/ps N/A
File opened for reading /proc/sys/net/core/optmem_max /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/lo/accept_ra /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv4/icmp_msgs_burst /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/conf/lo/accept_ra_from_local /sbin/sysctl N/A
File opened for reading /proc/sys/net/ipv6/neigh/enp0s19/gc_stale_time /sbin/sysctl N/A
File opened for reading /proc/11/stat /bin/ps N/A
File opened for reading /proc/12/stat /bin/ps N/A
File opened for reading /proc/17/cmdline /usr/bin/pgrep N/A
File opened for reading /proc/77/stat /usr/bin/pgrep N/A
File opened for reading /proc/sys/dev/cdrom /sbin/sysctl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-services-allnamespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-storageclass,pv,pvc.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/sysctl-a.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/lsof-n-P-p.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/hostname-f.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-version.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-namespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/dmesg.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ifconfig-a.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/lsof-n-P-p.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-version.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-S.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-S.err.txt /bin/bash N/A
File opened for modification /tmp/sh-thd.CCd4tX /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/sysctl-a.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/uname-a.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-nr.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-S.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-checkconfig.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-getcontexts.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-L.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-currentcontext.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-currentcontext.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/uname-a.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ps-uax.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/dmesg.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/df-h.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-L.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-nodes.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-replicaset-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-storageclass,pv,pvc.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-deployments-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/dmesg.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-ln.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/command-v-kubectl.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-nodes.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-pods-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-namespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-replicaset-allnamespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/mount.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-checkconfig.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-version.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-clusterinfo-dump.txt /bin/bash N/A
File opened for modification /tmp/sh-thd.LtRIye /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ifconfig-a.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-nr.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-version.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/command-v-kubectl.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-daemonset-allnamespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-currentcontext.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-services-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/uname-a.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/df-h.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/df-h.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-ln.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-getcontexts.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ifconfig-a.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-nr.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/hostname-f.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-getcontexts.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-pods-allnamespaces.err.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-version.cmd.txt /bin/bash N/A
File opened for modification /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-namespaces.txt /bin/bash N/A

Processes

/tmp/k3s-master/contrib/util/diagnostics.sh

[/tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/diagnostics.sh]

/usr/bin/id

[id -u]

/bin/cat

[cat /proc/sys/kernel/random/uuid]

/usr/bin/tr

[tr [:lower:] [:upper:]]

/bin/mktemp

[mktemp -d /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-XXXXXXXX]

/bin/readlink

[readlink -m /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx]

/bin/mkdir

[mkdir -p /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system]

/bin/cp

[cp --recursive --dereference /etc/os-release /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/_etc_os-release]

/sbin/sysctl

[sysctl -a]

/bin/uname

[uname -a]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/uname-a.err.txt]

/bin/ps

[ps uax]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ps-uax.err.txt]

/bin/dmesg

[dmesg]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/dmesg.err.txt]

/usr/bin/id

[id]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/id.err.txt]

/bin/mount

[mount]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/mount.err.txt]

/bin/df

[df -h]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/df-h.err.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ifconfig-a.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-ln.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-nr.txt]

/usr/bin/pgrep

[pgrep -o k3s]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/lsof-n-P-p.txt]

/sbin/iptables

[iptables -L]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-L.err.txt]

/sbin/iptables

[iptables -S]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-S.err.txt]

/bin/hostname

[hostname -f]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/hostname-f.txt]

/bin/mkdir

[mkdir -p /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-version.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-checkconfig.txt]

/bin/journalctl

[journalctl --field _SYSTEMD_UNIT]

/bin/grep

[grep k3s]

/bin/mkdir

[mkdir -p /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/command-v-kubectl.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/command-v-kubectl.err.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-version.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-getcontexts.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-currentcontext.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-clusterinfo-dump.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-namespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-nodes.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-nodes.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-pods-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-services-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-daemonset-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-deployments-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-replicaset-allnamespaces.txt]

/bin/rm

[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-storageclass,pv,pvc.txt]

/usr/bin/tr

[tr [:lower:] [:upper:]]

Network

Country Destination Domain Proto
US 1.1.1.1:53 debian9-mipsbe-20240418-en-3 udp

Files

/tmp/sh-thd.CCd4tX

MD5 e31126093946d67a308926ccc064b171
SHA1 5638b72172d99db995387b1eaa80bce1b72b8014
SHA256 2313707b4667e3e70898b6bb32883cce30d980dd4648899fc133a004ee020f4d
SHA512 2863ebb1461ee5670450e545e7b44960f594ea0f4bd41d94c276a9c126b4bfb93a3fba512ae7a370f3d327fb77460ef1f946baf45727514744b6944dae89491b

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/_etc_os-release

MD5 6b9cb463744e6c78a180041ae5c82068
SHA1 b66fa3cc6b749fc33c049dc2f4ea3b6d9f12a9a7
SHA256 ff83f0c28edf5d329efd04b1f776bceef961380b1733d47469c4c54eab4b40b2
SHA512 3636e4089e683ec160911c7b855495d68993fda6140636a402881ea9d207ca6afad704f10afaa79dbf3e510b3ff2fc31bcf6bb26def11ac22dddaba74cab95be

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/sysctl-a.cmd.txt

MD5 65a913226117e10569f47210ba5cc9e4
SHA1 c958c77311ef8ea7767c0c6e8ad1645eebd9394a
SHA256 4ea6aada74971199ecb08b13fbe3add985765a673bb8ec2c9ed7f488ab8ca21c
SHA512 914ae3d1e97baffa38a84f0bf45e92d77ebada3ad4779e1669696231450825f7f9f989e48fe1bd17b861f1d8ddd763749673cc6ba8041c194b7689c477227cee

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/sysctl-a.err.txt

MD5 d36cc5bb15821d3b56e5783cda82c81d
SHA1 aa805238a3181895d21513c060e7b491c248b169
SHA256 f351dd41c58a56faad25a60b1e2931ed551d10f9b461420e561eed6bd786ff93
SHA512 7f56cd98df040c7c36380e40ecbe9e2db8bbd64ff4f3ff87df55c63554f7603cb42afde1feff1a0bcd85009dc80807e3d7f185e6da9bde8cc1b742150326cb32

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/uname-a.cmd.txt

MD5 6d03a4bce238ab72e1efd760a9d7d22d
SHA1 39a250e1c093ecfcd2473e71716ba65b37940e21
SHA256 a5c41ad2a873e7904cb35754bf57108df0b72d5939ba9d9b0a8250affda6285d
SHA512 28caf42ce66c25c8cea394de5f845490221cc7824c4689ad56cd85ccea4a1e0631ae70870be1a5b36e9fdea88ee069198ea21f839c20434f0c996e09b8a7bd3a

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ps-uax.cmd.txt

MD5 691b561deef6ef64e778e28766cedbf4
SHA1 deecfe74e77f32702af64f7d98f7976bebed926c
SHA256 9a262237c8fdccc327d5fa407fc6ed67125f5c10d6cfa893fd844fc449b0b0f6
SHA512 e9b4dc23441e6723af8e68b3835046bcdd973e157736d610f3691f85fe00ebe71b75bc4dd6a54516b53e9a2ed0e3a248b12344733fb07262ada5b1856cbefb70

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/dmesg.cmd.txt

MD5 5e586b12552daf93c7af22dccbbf673b
SHA1 87b5100b995abbc509d56fbc2f21a5e36f31e19d
SHA256 ecdd46797ccbbd216430279b15b436d2ed9f0afa18d3115f7cb21d88d7c7f227
SHA512 cad46c0ec64a9fd7860343b2703ad98dc5aa0231b8a08af5af34fbd44f8730f313c2f25dd81273b2e3e3c62af69dc11fed051036b6f2fb4e41c91ecb870fca88

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/id.cmd.txt

MD5 49f96038f20aa062772267b640a18d79
SHA1 d5c07425675ba6682d89278ed8616a88d49af0a2
SHA256 984a644ec3b56d32b0404777e1eb73390c4b0742a6a0e183f07861056b6746de
SHA512 2236c2c538189f24d1e9334832ac9db9df3c141bb98af9cd5c6a3ec5ade393a5a573f682953ee2dbff9aaa96bbecc0726deaeee962cd070ed44d183130c7408a

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/mount.cmd.txt

MD5 d8019401b7e42876fd36020a04c3bf2c
SHA1 49e9151a32ea1ffc9b3c50c0d8711575fde1aebe
SHA256 c29c742d06751d4f0189151a5eb8df519779a56b90701230c359d9de849914ad
SHA512 6c549cdea03de6c868080cc301c38948fcedfcb96e0ade3881321e8d6fe2c59f97b73d2b44fc5016cb3a15194a84357d7176da5e6ed5586b193dd9fc7a0ee084

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/df-h.cmd.txt

MD5 69a238d8cb3c5f979252010b3299e524
SHA1 c989bd551bfa8c755f6cacacb90c5c509432110e
SHA256 3242baedf369c64515b1cb0c47ea519e0e5c71911d863ff0e41d4ae9426fcd97
SHA512 ef99d9670cccbd6edfe26c74a13567360cc7f22ee507d68f5e3eceb6c0891689321397c56ddddf8ea942990f72d8276827277b2c1c8213f0c244ce94d286840a

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ifconfig-a.cmd.txt

MD5 af9af3cccdf311f8c81f08e97e8d0aa0
SHA1 93ed74c2d1ab654206a6ff50c8b0955901fed699
SHA256 235a86b5220bd41c03dc776f96f1dc95806e7a0579ffd4126afda0eda33b7186
SHA512 61293697a81ef554d494e9a0219a50dfa9ec2a1658c38e60c1cdbc2c382128faa24a9d9e1f0d871df50a82e16190262e9a83db1372ca324ca625b48b9380de1a

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ifconfig-a.err.txt

MD5 2205dea4d61a6d56f12580a91bf88ebd
SHA1 ea5c2d483ac5600ab9650a15fd5a6cc1abeaef4b
SHA256 96de101f770c28472d203a7c2f0588f76125e56963adc253315ecf7e5362d57b
SHA512 894c76524767d0ed7b890961a8a85582024f61bfc7382c62b42a89b172fa1b3f4cb907517c836838aa76b3ebb9e86838fa24e3029cffaa92e8779f950fb90238

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-ln.cmd.txt

MD5 34b0eb93562d163c0421d090e1af127a
SHA1 a92fd8952b3f7e38e9473507eb5118379762259b
SHA256 6aa3e31d3a1e7c3ad12f70971de5bd17ccd04c42150acb6dcee0366966e4efde
SHA512 3d600a185c170ef42990bef49d5d0fe7cab5b9b523d06f88b3b93900042a5c59dbe3761daf1c5937846d6cb0c2a854ed3d288a5f14bf86e2a4809222c151b98b

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-ln.err.txt

MD5 a01d8d19ee83ee3b9e3aa93994adeac1
SHA1 e8d2614ca92e7bf98a77bd9a665e4c90666d9ea9
SHA256 67dd27625b828ba9afc4e1660cb7ceacaaa1c0c53d1f012092d7634b477caf83
SHA512 852baf4d57d0e566306afbd95e048b579e037436e58df90fd7fffa231c1ce6f35364f19a8463c8e72e189abbafa0d6e2ce0cd63e5fc14fc6923f23bfa86d50a7

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-nr.cmd.txt

MD5 f91997b53c5bb88b78adbc7c6045acfa
SHA1 76d0d0b39dd17bf89516ca246e273aaad204f306
SHA256 69db1fee62f367e4c5c5662955fe1960e638605415869851b82bdb9cb0097176
SHA512 f7bf633b9542a935188a2527075243a72846ebbe18079103035e141571225ecfb5cc7d2647044b89fe2bd6b849c30c41ffda4608fd23886765f34970d3271c5e

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/lsof-n-P-p.cmd.txt

MD5 3b97c34d2930b286446fe0e3c0a3992f
SHA1 8ade115cded46e67fdbf533d6b28ed0965f5e9e5
SHA256 76e39d40cc0973fa69f2968eb13060976f5d9a11e070f9b74b8614086c35d99f
SHA512 d961289fc6ab8e72344b0be929ad8abb327d897c3fe19c84fa92e9530dec3ec80e1706711e4c8104c1cc44f7c7b81f591e9d26ef0df293983dbf9005c312f285

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/lsof-n-P-p.err.txt

MD5 fef6762266aceba4193ef24290aaca06
SHA1 faac5e497bdee0d77c700c53e4e4d3f435a2d4d0
SHA256 dc096a6dd561bf05605bf08b0ae028e6ac371bb55b1ac10b1099326a69c2936e
SHA512 24ad1b561af4a12995f444914014cd1a9c91506c5ada43518d5be94d54f7bd870f9b8dff8a34f8a89ddbc02643816583a39e33ea7d8655b33ee6ee91337a9e93

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-L.cmd.txt

MD5 434489814c5c403c06037f82f9e9a264
SHA1 47b6cbb7c23e2c02ce89a10ea2df3cb17c8c98aa
SHA256 46da7b1e98fcbc799e2dbe3d5e347476ae1d85818364a70c822add53a488ea46
SHA512 ca0cd8a62be26f5c4a511795ca5a66705f30d78bdff1405e5ad451c2cbb5b4f102334afa9cf956b80f6e36868608a67c0888d34012e8d7140cb2d6402b8f42ca

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-S.cmd.txt

MD5 3b4ee7611e467391ba258b42f691fc34
SHA1 8f442990dd87f47f59bb91e5f45563e191e4e3dd
SHA256 42129453f7b3b970155c3acaea97965f29694fc7dabd544cdfbde2ad5463348a
SHA512 cfb660bc6c96f7a98e445bd9e0b7f40ebe2c7490351bac2c8a6d3a00a4e1d97ffc5a199e4d399b90b7ef4baf3b3b1468d017afe14004edb2340d23f6aafd17e8

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/hostname-f.cmd.txt

MD5 01c771b88df59ada175c1653db8bea99
SHA1 e21d64f4f91b700f4ce8d9e65bb2806df96e5d55
SHA256 80cfa79f1c72e35ea11dea69762c2bbc0f11c683cd8ef840996ede660d69c04a
SHA512 15f11c20166742cbce33caf92482e2f0b96378f4a4ba17740ab7066511206ef3012ad132934108bbbc98b02c672d6b4348d80b011bbf862624148bdf2860cc54

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/hostname-f.err.txt

MD5 428abf1a44de5a105a35bbd0e39ef779
SHA1 7af871b6aa7748a37dfee56da2c343fb75dbd5d6
SHA256 4f67526861c6d543f3a592aa1e36abc9b39c5d304dafcfb294efb24b3ef4ebba
SHA512 e420f327502d83def7674fd15d9c634c611e0952aac6a826869ad891dd405ed95c618d40b5af1280eaef2a607cc5356d686ca56dda927a61354c11a005893f91

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-version.cmd.txt

MD5 2f314c074a46fcfbf6f5f13a4ea2a6be
SHA1 650ecc8d90046edc71609c5b0a5491bcb7bf4f51
SHA256 ee0d9f93c2b132ac9bbaa7226439ee9e6127425bdf75e630ac894fb85d439bf2
SHA512 a9d1270bbff5f0756a122c32727be732b412a31fb7d4310eaecc93f00d46239d003eeca9032779d35bfa1992e6104342ac082c561e79217cf3775606d4462637

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-version.err.txt

MD5 2f821ac970317a5954f9e4b78a508e63
SHA1 c82324b92ad1f492221cb9203171d87a74182b38
SHA256 6d5a1ded372e8240ae92ab10faa113f4300bc4ad68ba6c9cac7fa7f969dff93d
SHA512 c10c8a1dce6a09cf1bb0acd99c808939c472f92a3d14ecbc5bbd6f15e2bd53036c627542a2f9a959bd23f3b6036bc5e530bf2e96a7705e468496b90f0b1e009d

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-checkconfig.cmd.txt

MD5 3fc4a3e73307f2a04a4901a2d7f65c48
SHA1 4063beda5c8cf430d48c87fa1a6a68ddbb93c20c
SHA256 26f41d1fb3bfccae59379f6a945a348ee951aa4cb6d63ded1b2a7fe51990a570
SHA512 1fc1804eca455263001c23e92dea1cae8fdec88797ff7cf5fecc0943a5c4473e9785300d4570a52e9afa83485c4cfc7541d3c3acf8abb83f7a9b3d18143a5f83

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/command-v-kubectl.cmd.txt

MD5 ae1741b49f8cb260295757450f4e940c
SHA1 4ddff8d1a4d241d916647c3416993c2b71d4f08f
SHA256 5249dea92706d039a3d9c4e7858f4c89b59cde4e0b9295a84b9043e9d73fca9c
SHA512 8dd4a19c58288396d5d3417c4537197bae3cb3536b608870cb15d9b8fec4ba3bf8f2cc60cad2a8c9023228b2e0df42d59d51890d052ce2b7697d76fb32719e44

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-version.cmd.txt

MD5 96275629f4d50cacc031d9fff056ce0c
SHA1 b47a3521d57e3e86b368994e24075ecee3dd82e7
SHA256 c49de28b5ecf8b3ddef8ac49737f3870a2b35b77e27b43ec6c8551ed62fd5b15
SHA512 e0187e7e3bc98aac93fa71c4dc674c54a8325b0454cf64a1b10ff335084d246c414698ac7a293a463de78d30537e92afc9678c8b3951730d2fe1080dfefd8f62

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-version.err.txt

MD5 2b6011e00005a20f051a13323fe2eff0
SHA1 7bbc836e615dbd816abad1086e8c75242f84f6a8
SHA256 09afb740ea2b3de3ebd36d564f4a9ac8f0214f39efcf027617818054ea845511
SHA512 934b95dc713d5c028d099c7c434cbb50707771a875b868a3698de2e131f0801633a7a35700d3207735bb6ce22df323448ca221cf21b1f2ea29775ce114fb4b07

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-getcontexts.cmd.txt

MD5 654e808e4ffd2d97f7e608045cfb16a5
SHA1 e95666ee9b61a08e754d914115808feffb985760
SHA256 424d24f21990aa6c59e6f781f0b25e21f48d31697c53e057aa698e20324b497a
SHA512 69252aa13b6f9231b8337b71bcd88b8b7bedd6cb4ce9bd912d34fa1c1327e07371385398ccbd3dbc71da2f768f6285a3f77a9e05368b2fb0fa22d1f3c7b22a27

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-currentcontext.cmd.txt

MD5 3f76b376d8dc2e1a52eeabb0c3830887
SHA1 5f85fa92c2bbe97609a2ba048a8767bf281d0f7a
SHA256 09ff9097f11f5a67fff70dbec7bfa87df7f2187ee5c029a2c90d6c208bfbbee3
SHA512 1f38033692606a45b15c347494db53b5ae9dbeff6b0898ab9d3e1395c659ec077b21b96127db314387fde40e13c92b820d823e3df7e4363ab92db346f0b798fb

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-clusterinfo-dump.cmd.txt

MD5 6fbf190b03be40ae5f8ec36154c72514
SHA1 c4a49be9f3d7276f30078ed1a7d14f2c40bef3cd
SHA256 264c0da3f3425bcbbe165df2fea3ec2e3dfc0727e7352510c5ab9cbefbfafcb0
SHA512 b460c1d6f32a83ac133690712c359bfe911da14058d90454c2f80386133d35134d9d9fe60ff550ba92dd6101040e46c750edc36e5e4fad50b565b08ad6585f77

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-namespaces.cmd.txt

MD5 542e77fcb4b18534f77121a54cc98085
SHA1 de02b14b99fc69c48befc21fb98c3ada7bac2e04
SHA256 c485003651d2468a3c16c762765bd746e6f08d47d22960eb2fe9323a2fd663da
SHA512 df578273d33501fe0cbb6bd471e42f02e62b52ec7beeb60889b95a052dc5a8af2068025cdd670110de7679468e83c10dc96d571943ce1e3a77c73d4543ff0333

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-nodes.cmd.txt

MD5 3fc130b3e6ef3ca21bc420868d5b580c
SHA1 3e4537d06a2cdd870d039bf2ab61b1409e74b0b0
SHA256 e53bbc0cbc3e768a07a8efff68520cf45d2f49e83c9f26ed5aa8d6343af84150
SHA512 b80f2d773d0b7572dfffa81f52192a218fd6e5a0aba199625f82843d6661b407faa111017b0ed4e66a4dde63c1662b2231e71c4e84fdc6effbdba7b380c008aa

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-nodes.cmd.txt

MD5 d16eebb25c9302a1cdf34bdcf7c936ed
SHA1 7d5398e18b6c0b768ec40a22cbd56971998a9544
SHA256 e8a1ed5c0ed31fa8e9ae1aff89e1d54e5aa18170f8df1dbf103e7a6861394d29
SHA512 d9ecc8b01af11a95b295a2517bd1d37e3d253c577a2a0434fa965d8f7772494abfa3aafa73cf19bd476cb46682422d4d9253818f72cbff26cc75789d5cb5ef63

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-pods-allnamespaces.cmd.txt

MD5 c863f288967d132b29784e4401b58512
SHA1 02ae31e412ff27b9f16b82c1157ad9c9835ed333
SHA256 2cf64ab9440bbac91a1ea61888b59f6b97dd0e5adeca729ea8a35429888a2623
SHA512 2c5b6ee9e0577f07ef7b3daaf91f1188f58ef2d0d6b971978f4ccec8bae07718879f8cf972a0b7d6aa01e70b28fe2c4ec9427bb7bfe4182fa2693a79a4de696b

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-services-allnamespaces.cmd.txt

MD5 6eca4cf5ebd52f8c2e05e548d720c96b
SHA1 ca48ca8abc3a2cae6a3d4937cca6f78977c39e78
SHA256 fdf148fcabcf78973dca2ac6687d01116bd2e33715b451441cc01123e74b6d84
SHA512 d4ce17bc6c1bf1b8376c16e84450bb91a001c28d51aa4d701670f28ada0577c607492c265d8f05bc614c171477dc91406dc0002071a34e6ba4b9f7bcd282b962

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt

MD5 c8132922440ccf9c50ff06d65205abd7
SHA1 096ed9504bed6655fe7fb7ff1035af007416fc32
SHA256 362103778c695feeec811d59a43290d5ee4e0df2ab1fbc3ff00758faf85eb8a4
SHA512 ee60150b145acbb81694022e3da9de1f105bf483ed4bbdd522f7f9a2b521c4d103412f8e5b53ac2f787804c1ff111ef57a6fda3c199bc4e7c683391c75748b27

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-deployments-allnamespaces.cmd.txt

MD5 3631db57279a5dc45dce19137d1c8026
SHA1 ccdb8306f79869356d536fdf6edd5d99c3f71978
SHA256 bd6e8a341d59c7a49d9de9d1c8265d6f0885b4d14eabdc8fbe219b75b7846d86
SHA512 23bd0a920543de4d8e82d8b9515f591aa6a2729055e5b6ef2ba1a1249260dedf41948cea4e24c5573ece57d23672725f0e45e28c64b7dc83458c0764ce5f755d

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-replicaset-allnamespaces.cmd.txt

MD5 0d6930d59e8d0fc4648b1c170caf1909
SHA1 d887818f29e86139b6cd482577d051c6d4d6d548
SHA256 6a5e42de63285374c442ec79ada7080ab41bae85438f4adfd95913916d14ba57
SHA512 62216eec2f04bdfc0ab69a5c00ec8246ab28f1d6f0164764bf1dd17d2461b5ddce4e632af1af07ff5865fb08e0e09390b18c0bbfa7ead48575e5ad0d81ba7133

/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-storageclass,pv,pvc.cmd.txt

MD5 3c44ff5f7437e2e9ee9bfc27b7239ef8
SHA1 51bf4232870c2a38a6fd0240bf18d0fbd5b11458
SHA256 643633049e2e90205e3c8841019ba822cd651134021b7d8f1b03f2a8be3ca3ea
SHA512 6c9a23be940cd980415f9c0118f8156cdf94b3d20b17b8fb95e4da1b8e4f5f517dc4f2eb4727a6fb97c74e50f965fab4f9a7ca9d8f398ba7111170343b1a0513

Analysis: behavioral19

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:14

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

132s

Command Line

[/tmp/k3s-master/contrib/util/fetch-diags.sh]

Signatures

N/A

Processes

/tmp/k3s-master/contrib/util/fetch-diags.sh

[/tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.193.91:443 tcp
GB 89.187.167.4:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-mipsel-20240226-en

Max time kernel

6s

Command Line

[/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/filesystems /bin/mkdir N/A

Processes

/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh

[/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/bin/date

[date +%s]

/usr/bin/openssl

[openssl version]

/usr/bin/openssl

[openssl ecparam -name prime256v1 -genkey -noout -out /dev/null]

/usr/bin/openssl

[openssl version]

/bin/grep

[grep -qF OpenSSL 3]

/bin/mkdir

[mkdir -p /var/lib/rancher/k3s/server/tls/etcd]

/bin/mkdir

[mkdir -p .ca/certs]

/usr/bin/touch

[touch .ca/index]

/usr/bin/openssl

[openssl rand -hex 8]

/bin/rm

[rm -rf .ca]

Network

N/A

Files

/var/lib/rancher/k3s/server/tls/.ca/serial

MD5 073641b5d1609fea02a834d5d9a73523
SHA1 91573c89134892c2c5e3e33b29ea5a673aa549fe
SHA256 4265d89d6254e83569adb15227dd479731b04500d394f3921420dd1010919638
SHA512 f3212877bb058943456fa4855c490c59e31f631258aad3f64870ed62915afbaba599745599c96f9f85db8c0f8516d43e6fac4bb981b557dae1f0b43d43fe68cd

Analysis: behavioral28

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-armhf-20240611-en

Max time kernel

1s

Command Line

[/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/filesystems /bin/mkdir N/A

Processes

/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh

[/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]

/bin/date

[date +%s]

/usr/bin/openssl

[openssl version]

/usr/bin/openssl

[openssl ecparam -name prime256v1 -genkey -out /dev/null]

/usr/bin/openssl

[openssl version]

/bin/grep

[grep -qF OpenSSL 3]

/bin/mkdir

[mkdir -p /var/lib/rancher/k3s/server/rotate-ca/tls/etcd]

/bin/mkdir

[mkdir -p .ca/certs]

/usr/bin/touch

[touch .ca/index]

/usr/bin/openssl

[openssl rand -hex 8]

/bin/rm

[rm -rf .ca]

Network

N/A

Files

/var/lib/rancher/k3s/server/rotate-ca/tls/.ca/serial

MD5 5d84a40f885c8d39de8c44059d07e6d8
SHA1 edef6ec966bd0c4f569297c8b50c1a15913bd871
SHA256 a866002c07621fd5a8e902a5e46467d6173e7b2fd79a3d4db3b6a3174666eea7
SHA512 10b1447a8ca1d35b4865668e2bba3abee871af53fdb70297f96e200b1894b295a8ec53b0b953ef4f1c16b5da81334ee1a0ba705e0474d8670dce07d1530cb38c

Analysis: behavioral14

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-mipsel-20240418-en

Max time kernel

17s

Command Line

[/tmp/k3s-master/contrib/util/check-config.sh]

Signatures

Reads list of loaded kernel modules

evasion
Description Indicator Process Target
File opened for reading /proc/modules /sbin/lsmod N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/free N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/kernel/security/apparmor/profiles /bin/cat N/A
File opened for reading /sys/module/sg/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ip_tables/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/crc32c_generic/holders /sbin/lsmod N/A
File opened for reading /sys/module/usbcore/holders /sbin/lsmod N/A
File opened for reading /sys/module/stahp/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ttm/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/sr_mod/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/usbcore/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/drm_kms_helper/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/sysfillrect/holders /sbin/lsmod N/A
File opened for reading /sys/module/mbcache /sbin/lsmod N/A
File opened for reading /sys/module/hid_generic/holders /sbin/lsmod N/A
File opened for reading /sys/module/hid/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ata_generic/holders /sbin/lsmod N/A
File opened for reading /sys/module/sg/holders /sbin/lsmod N/A
File opened for reading /sys/module/sr_mod/holders /sbin/lsmod N/A
File opened for reading /sys/module/e1000/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/stahp/holders /sbin/lsmod N/A
File opened for reading /sys/module/mbcache/holders /sbin/lsmod N/A
File opened for reading /sys/module/syscopyarea/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/cirrus/holders /sbin/lsmod N/A
File opened for reading /sys/module/drm_kms_helper/holders /sbin/lsmod N/A
File opened for reading /sys/module/uhci_hcd/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/sysimgblt/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/fb_sys_fops/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ecb /sbin/lsmod N/A
File opened for reading /sys/module/ecb/holders /sbin/lsmod N/A
File opened for reading /sys/module/hid/holders /sbin/lsmod N/A
File opened for reading /sys/module/usb_common/holders /sbin/lsmod N/A
File opened for reading /sys/module/ip_tables/holders /sbin/lsmod N/A
File opened for reading /sys/module/ext4/holders /sbin/lsmod N/A
File opened for reading /sys/module/cdrom /sbin/lsmod N/A
File opened for reading /sys/module/drm /sbin/lsmod N/A
File opened for reading /sys/module/jbd2/holders /sbin/lsmod N/A
File opened for reading /sys/module/fscrypto/holders /sbin/lsmod N/A
File opened for reading /sys/module/usbhid /sbin/lsmod N/A
File opened for reading /sys/module/hid /sbin/lsmod N/A
File opened for reading /sys/module/syscopyarea/holders /sbin/lsmod N/A
File opened for reading /sys/module/jbd2 /sbin/lsmod N/A
File opened for reading /sys/module/hid_generic /sbin/lsmod N/A
File opened for reading /sys/module/i2c_core/holders /sbin/lsmod N/A
File opened for reading /sys/module/ttm/holders /sbin/lsmod N/A
File opened for reading /sys/module/cdrom/holders /sbin/lsmod N/A
File opened for reading /sys/module/uhci_hcd/holders /sbin/lsmod N/A
File opened for reading /sys/module/ehci_pci/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ehci_hcd/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ata_piix/holders /sbin/lsmod N/A
File opened for reading /sys/module/usb_common /sbin/lsmod N/A
File opened for reading /sys/module/sysfillrect/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/sr_mod /sbin/lsmod N/A
File opened for reading /sys/module/ehci_pci /sbin/lsmod N/A
File opened for reading /sys/module/syscopyarea /sbin/lsmod N/A
File opened for reading /sys/module/sysimgblt/holders /sbin/lsmod N/A
File opened for reading /sys/module/fscrypto /sbin/lsmod N/A
File opened for reading /sys/module/ecb/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ehci_hcd /sbin/lsmod N/A
File opened for reading /sys/module/ata_piix /sbin/lsmod N/A
File opened for reading /sys/module/joydev/holders /sbin/lsmod N/A
File opened for reading /sys/module/drm/holders /sbin/lsmod N/A
File opened for reading /sys/module/fb_sys_fops/holders /sbin/lsmod N/A
File opened for reading /sys/module/crc16/holders /sbin/lsmod N/A
File opened for reading /sys/module/jbd2/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/joydev /sbin/lsmod N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/sys/kernel/keys/root_maxkeys /bin/cat N/A
File opened for reading /proc/filesystems /usr/bin/stat N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/sys/kernel/osrelease /usr/bin/free N/A
File opened for reading /proc/meminfo /usr/bin/free N/A
File opened for reading /proc/filesystems /usr/bin/stat N/A
File opened for reading /proc/filesystems /usr/bin/free N/A
File opened for reading /proc/filesystems /usr/bin/id N/A
File opened for reading /proc/cmdline /sbin/lsmod N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/sys/kernel/keys/root_maxkeys /bin/cat N/A
File opened for reading /proc/self/cgroup /tmp/k3s-master/contrib/util/check-config.sh N/A
File opened for reading /proc/cmdline /sbin/modprobe N/A
File opened for reading /proc/filesystems /bin/sed N/A

Processes

/tmp/k3s-master/contrib/util/check-config.sh

[/tmp/k3s-master/contrib/util/check-config.sh]

/bin/uname

[uname -r]

/usr/bin/dirname

[dirname /tmp/k3s-master/contrib/util/check-config.sh]

/bin/cat

[cat /sys/kernel/security/apparmor/profiles]

/bin/grep

[grep -q zgrep (enforce)]

/bin/uname

[uname -r]

/usr/bin/tr

[tr \n :]

/usr/bin/tr

[tr : \n]

/bin/grep

[grep -v -E ^/tmp/k3s-master/contrib/util$]

/sbin/iptables

[/sbin/iptables --version]

/usr/bin/awk

[awk { print $2 }]

/usr/bin/dirname

[dirname /sbin/iptables]

/bin/grep

[grep -v -q -E ^v[0-9]]

/usr/bin/head

[head -n 1]

/usr/bin/sort

[sort -V]

/usr/bin/free

[free]

/bin/grep

[grep -i ^swap:]

/usr/bin/awk

[awk { print $2 }]

/bin/grep

[grep -q -E ^10\.(42|43)\.]

/bin/grep

[grep -v cni0]

/sbin/ip

[ip route]

/bin/cat

[cat /proc/sys/kernel/keys/root_maxkeys]

/bin/cat

[cat /proc/sys/kernel/keys/root_maxkeys]

/usr/bin/id

[id -u]

/bin/grep

[grep -q configs]

/sbin/lsmod

[lsmod]

/sbin/modprobe

[modprobe configs]

/bin/zcat

[zcat /boot/config-4.9.0-13-4kc-malta]

/bin/gzip

[gzip -cd /boot/config-4.9.0-13-4kc-malta]

/usr/bin/stat

[stat --file-system --format=%t /sys/fs/cgroup]

/usr/bin/stat

[stat --file-system --format=%t /sys/fs/cgroup/unified]

/bin/grep

[grep -Ec (^|:)(cpuset|memory)($|:)]

/usr/bin/tr

[tr -s \n]

/bin/cat

[cat /sys/module/apparmor/parameters/enabled]

/bin/grep

[grep CONFIG_NAMESPACES=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NET_NS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_PID_NS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IPC_NS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_UTS_NS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUPS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_PIDS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_CPUACCT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_DEVICE=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_FREEZER=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_SCHED=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CPUSETS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_MEMCG=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_KEYS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_VETH=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_VETH=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_BRIDGE=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_BRIDGE=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_BRIDGE_NETFILTER=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_BRIDGE_NETFILTER=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_FILTER=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_FILTER=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_TARGET_MASQUERADE=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_TARGET_MASQUERADE=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_TARGET_REJECT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_TARGET_REJECT=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_IPVS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_IPVS=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_COMMENT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_COMMENT=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_NAT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_NAT=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NF_NAT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NF_NAT=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_POSIX_MQUEUE=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_USER_NS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep -q -E ^(centos|rhel)$]

/bin/grep

[grep CONFIG_SECCOMP=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_BLK_CGROUP=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_BLK_DEV_THROTTLING=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_PERF=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_HUGETLB=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_HUGETLB=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NET_CLS_CGROUP=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_NET_CLS_CGROUP=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CGROUP_NET_PRIO=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CFS_BANDWIDTH=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_FAIR_GROUP_SCHED=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_RT_GROUP_SCHED=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_RT_GROUP_SCHED=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_TARGET_REDIRECT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_NF_TARGET_REDIRECT=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_SET=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_SET=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_VS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_VS=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_VS_NFCT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_VS_PROTO_TCP=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_VS_PROTO_UDP=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_VS_RR=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_IP_VS_RR=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_EXT4_FS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_EXT4_FS=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_EXT4_FS_POSIX_ACL=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_EXT4_FS_SECURITY=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_EXT4_FS=[y|m] /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_EXT4_FS_POSIX_ACL=[y|m] /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_EXT4_FS_SECURITY=[y|m] /boot/config-4.9.0-13-4kc-malta]

/bin/sed

[sed s/^/ /]

/bin/grep

[grep CONFIG_VXLAN=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_VXLAN=m /boot/config-4.9.0-13-4kc-malta]

/bin/sed

[sed s/^/ /]

/bin/grep

[grep CONFIG_CRYPTO=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_AEAD=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_AEAD=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_GCM=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_GCM=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_SEQIV=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_SEQIV=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_GHASH=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_CRYPTO_GHASH=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_XFRM=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_XFRM_USER=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_XFRM_USER=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_XFRM_ALGO=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_XFRM_ALGO=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_INET_ESP=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_INET_ESP=m /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_INET_XFRM_MODE_TRANSPORT=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_INET_XFRM_MODE_TRANSPORT=m /boot/config-4.9.0-13-4kc-malta]

/bin/sed

[sed s/^/ /]

/bin/grep

[grep CONFIG_OVERLAY_FS=y /boot/config-4.9.0-13-4kc-malta]

/bin/grep

[grep CONFIG_OVERLAY_FS=m /boot/config-4.9.0-13-4kc-malta]

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:14

Platform

win10v2004-20240709-en

Max time kernel

91s

Max time network

93s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.drone.yml

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.drone.yml

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

win7-20240705-en

Max time kernel

102s

Max time network

18s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.github\.codecov.yml

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\yml_auto_file C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\yml_auto_file\ C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\yml_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\yml_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.yml C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.yml\ = "yml_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\yml_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\yml_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.github\.codecov.yml

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\k3s-master\.github\.codecov.yml

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\k3s-master\.github\.codecov.yml"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 7a258a8aa852145c109f74f1b9fb856c
SHA1 c3cc9a0d44a92fdcee889a75dfb898eb421afc28
SHA256 a738e958f477da541401592e3a1f5c10fd91eeb0a4a862dce08423016050a293
SHA512 30cae7e88ac3adf0a75a859aa2e626930ac573edec47386a857ee392167a7220620a48df8738b0fd65c462ff1f7a005825505b571359e31c446a8b52377db4df

Analysis: behavioral12

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-armhf-20240611-en

Max time kernel

10s

Command Line

[/tmp/k3s-master/contrib/util/check-config.sh]

Signatures

Reads list of loaded kernel modules

evasion
Description Indicator Process Target
File opened for reading /proc/modules /sbin/lsmod N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/free N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/module/virtio_net/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/virtio_mmio/coresize /sbin/lsmod N/A
File opened for reading /sys/module/ip_tables/holders /sbin/lsmod N/A
File opened for reading /sys/module/autofs4/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ext4 /sbin/lsmod N/A
File opened for reading /sys/module/jbd2 /sbin/lsmod N/A
File opened for reading /sys/module/crc32c_generic /sbin/lsmod N/A
File opened for reading /sys/module/ext4/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/mbcache/holders /sbin/lsmod N/A
File opened for reading /sys/module/virtio_ring/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/stahp /sbin/lsmod N/A
File opened for reading /sys/module/crc16/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/virtio_mmio /sbin/lsmod N/A
File opened for reading /sys/module/virtio_blk/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/virtio_net /sbin/lsmod N/A
File opened for reading /sys/module/virtio_mmio/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/virtio/coresize /sbin/lsmod N/A
File opened for reading /sys/module/virtio_blk/holders /sbin/lsmod N/A
File opened for reading /sys/module/stahp/holders /sbin/lsmod N/A
File opened for reading /sys/module/ext4/coresize /sbin/lsmod N/A
File opened for reading /sys/module/jbd2/coresize /sbin/lsmod N/A
File opened for reading /sys/module/crc32c_generic/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/virtio/holders /sbin/lsmod N/A
File opened for reading /sys/module/jbd2/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/fscrypto/holders /sbin/lsmod N/A
File opened for reading /sys/module/mbcache /sbin/lsmod N/A
File opened for reading /sys/module/mbcache/coresize /sbin/lsmod N/A
File opened for reading /sys/module/evdev /sbin/lsmod N/A
File opened for reading /sys/module/evdev/coresize /sbin/lsmod N/A
File opened for reading /sys/module/x_tables /sbin/lsmod N/A
File opened for reading /sys/module/autofs4/coresize /sbin/lsmod N/A
File opened for reading /sys/module/fscrypto/coresize /sbin/lsmod N/A
File opened for reading /sys/module/ip_tables/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/x_tables/coresize /sbin/lsmod N/A
File opened for reading /sys/module/ext4/holders /sbin/lsmod N/A
File opened for reading /sys/module/crc16/coresize /sbin/lsmod N/A
File opened for reading /sys/module/fscrypto /sbin/lsmod N/A
File opened for reading /sys/module/x_tables/holders /sbin/lsmod N/A
File opened for reading /sys/module/ecb/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/evdev/holders /sbin/lsmod N/A
File opened for reading /sys/module/autofs4/holders /sbin/lsmod N/A
File opened for reading /sys/module/crc32c_generic/holders /sbin/lsmod N/A
File opened for reading /sys/module/virtio_blk/coresize /sbin/lsmod N/A
File opened for reading /sys/module/apparmor/parameters/enabled /bin/cat N/A
File opened for reading /sys/module/jbd2/holders /sbin/lsmod N/A
File opened for reading /sys/module/ecb/holders /sbin/lsmod N/A
File opened for reading /sys/module/mbcache/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/stahp/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ip_tables /sbin/lsmod N/A
File opened for reading /sys/module/autofs4 /sbin/lsmod N/A
File opened for reading /sys/module/crc16 /sbin/lsmod N/A
File opened for reading /sys/module/crc16/holders /sbin/lsmod N/A
File opened for reading /sys/module/stahp/coresize /sbin/lsmod N/A
File opened for reading /sys/module/ecb/coresize /sbin/lsmod N/A
File opened for reading /sys/module/virtio_net/coresize /sbin/lsmod N/A
File opened for reading /sys/kernel/security/apparmor/profiles /bin/cat N/A
File opened for reading /sys/module/ip_tables/coresize /sbin/lsmod N/A
File opened for reading /sys/module/ecb /sbin/lsmod N/A
File opened for reading /sys/module/virtio_mmio/holders /sbin/lsmod N/A
File opened for reading /sys/module/virtio_ring/holders /sbin/lsmod N/A
File opened for reading /sys/module/x_tables/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/crc32c_generic/coresize /sbin/lsmod N/A
File opened for reading /sys/module/virtio_ring/coresize /sbin/lsmod N/A
File opened for reading /sys/module/virtio/refcnt /sbin/lsmod N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/sys/kernel/keys/root_maxkeys /bin/cat N/A
File opened for reading /proc/cmdline /sbin/lsmod N/A
File opened for reading /proc/cmdline /sbin/modprobe N/A
File opened for reading /proc/filesystems /usr/bin/free N/A
File opened for reading /proc/meminfo /usr/bin/free N/A
File opened for reading /proc/sys/kernel/keys/root_maxkeys /bin/cat N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/filesystems /usr/bin/stat N/A
File opened for reading /proc/self/cgroup /tmp/k3s-master/contrib/util/check-config.sh N/A
File opened for reading /proc/filesystems /usr/bin/stat N/A
File opened for reading /proc/sys/kernel/osrelease /usr/bin/free N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/filesystems /usr/bin/id N/A

Processes

/tmp/k3s-master/contrib/util/check-config.sh

[/tmp/k3s-master/contrib/util/check-config.sh]

/bin/uname

[uname -r]

/usr/bin/dirname

[dirname /tmp/k3s-master/contrib/util/check-config.sh]

/bin/cat

[cat /sys/kernel/security/apparmor/profiles]

/bin/grep

[grep -q zgrep (enforce)]

/bin/uname

[uname -r]

/usr/bin/tr

[tr \n :]

/usr/bin/tr

[tr : \n]

/bin/grep

[grep -v -E ^/tmp/k3s-master/contrib/util$]

/sbin/iptables

[/sbin/iptables --version]

/usr/bin/awk

[awk { print $2 }]

/usr/bin/dirname

[dirname /sbin/iptables]

/bin/grep

[grep -v -q -E ^v[0-9]]

/usr/bin/sort

[sort -V]

/usr/bin/head

[head -n 1]

/usr/bin/free

[free]

/bin/grep

[grep -i ^swap:]

/usr/bin/awk

[awk { print $2 }]

/sbin/ip

[ip route]

/bin/grep

[grep -q -E ^10\.(42|43)\.]

/bin/grep

[grep -v cni0]

/bin/cat

[cat /proc/sys/kernel/keys/root_maxkeys]

/bin/cat

[cat /proc/sys/kernel/keys/root_maxkeys]

/usr/bin/id

[id -u]

/sbin/lsmod

[lsmod]

/bin/grep

[grep -q configs]

/sbin/modprobe

[modprobe configs]

/bin/zcat

[zcat /boot/config-4.9.0-13-armmp-lpae]

/bin/gzip

[gzip -cd /boot/config-4.9.0-13-armmp-lpae]

/usr/bin/stat

[stat --file-system --format=%t /sys/fs/cgroup]

/usr/bin/stat

[stat --file-system --format=%t /sys/fs/cgroup/unified]

/bin/grep

[grep -Ec (^|:)(cpuset|memory)($|:)]

/usr/bin/tr

[tr -s \n]

/bin/cat

[cat /sys/module/apparmor/parameters/enabled]

/bin/grep

[grep CONFIG_NAMESPACES=y /boot/config-4.9.0-13-armmp-lpae]

/bin/grep

[grep CONFIG_NET_NS=y /boot/config-4.9.0-13-armmp-lpae]

/bin/grep

[grep CONFIG_PID_NS=y /boot/config-4.9.0-13-armmp-lpae]

/bin/grep

[grep CONFIG_IPC_NS=y /boot/config-4.9.0-13-armmp-lpae]

/bin/grep

[grep CONFIG_UTS_NS=y /boot/config-4.9.0-13-armmp-lpae]

/bin/grep

[grep CONFIG_CGROUPS=y /boot/config-4.9.0-13-armmp-lpae]

/bin/grep

[grep CONFIG_CGROUP_PIDS=y /boot/config-4.9.0-13-armmp-lpae]

/bin/grep

[grep CONFIG_CGROUP_CPUACCT=y /boot/config-4.9.0-13-armmp-lpae]

/bin/grep

[grep CONFIG_CGROUP_DEVICE=y /boot/config-4.9.0-13-armmp-lpae]

/bin/grep

[grep CONFIG_CGROUP_FREEZER=y /boot/config-4.9.0-13-armmp-lpae]

/bin/grep

[grep CONFIG_CGROUP_SCHED=y /boot/config-4.9.0-13-armmp-lpae]

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:14

Platform

debian9-armhf-20240611-en

Max time kernel

0s

Command Line

[/tmp/k3s-master/contrib/util/fetch-diags.sh]

Signatures

N/A

Processes

/tmp/k3s-master/contrib/util/fetch-diags.sh

[/tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:14

Platform

win7-20240708-en

Max time kernel

122s

Max time network

126s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\k3s-master.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\k3s-master.zip

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

128s

Command Line

[/tmp/k3s-master/contrib/util/check-config.sh]

Signatures

Reads list of loaded kernel modules

evasion
Description Indicator Process Target
File opened for reading /proc/modules /sbin/lsmod N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online /usr/bin/free N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/module/drm_kms_helper/coresize /sbin/lsmod N/A
File opened for reading /sys/module/drm_kms_helper/holders /sbin/lsmod N/A
File opened for reading /sys/module/aes_x86_64/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/autofs4 /sbin/lsmod N/A
File opened for reading /sys/module/nf_tables/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/lp/coresize /sbin/lsmod N/A
File opened for reading /sys/module/ip_tables /sbin/lsmod N/A
File opened for reading /sys/module/nf_tables_inet/holders /sbin/lsmod N/A
File opened for reading /sys/module/fb_sys_fops/holders /sbin/lsmod N/A
File opened for reading /sys/module/drm /sbin/lsmod N/A
File opened for reading /sys/module/aesni_intel/coresize /sbin/lsmod N/A
File opened for reading /sys/module/8139too/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/sysfillrect/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/hid_generic/coresize /sbin/lsmod N/A
File opened for reading /sys/module/stahp/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/glue_helper/holders /sbin/lsmod N/A
File opened for reading /sys/module/cryptd/holders /sbin/lsmod N/A
File opened for reading /sys/module/x_tables /sbin/lsmod N/A
File opened for reading /sys/module/sysimgblt/coresize /sbin/lsmod N/A
File opened for reading /sys/module/ghash_clmulni_intel/holders /sbin/lsmod N/A
File opened for reading /sys/module/libahci/coresize /sbin/lsmod N/A
File opened for reading /sys/module/fb_sys_fops/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/pcbc/holders /sbin/lsmod N/A
File opened for reading /sys/module/binfmt_misc/holders /sbin/lsmod N/A
File opened for reading /sys/module/sch_fq_codel/coresize /sbin/lsmod N/A
File opened for reading /sys/module/aes_x86_64/holders /sbin/lsmod N/A
File opened for reading /sys/module/glue_helper /sbin/lsmod N/A
File opened for reading /sys/module/floppy/coresize /sbin/lsmod N/A
File opened for reading /sys/module/joydev/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/nf_tables/holders /sbin/lsmod N/A
File opened for reading /sys/module/nf_tables_ipv4/coresize /sbin/lsmod N/A
File opened for reading /sys/module/sysimgblt /sbin/lsmod N/A
File opened for reading /sys/kernel/security/apparmor/profiles /bin/cat N/A
File opened for reading /sys/module/sysimgblt/holders /sbin/lsmod N/A
File opened for reading /sys/module/i2c_piix4/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/qemu_fw_cfg/holders /sbin/lsmod N/A
File opened for reading /sys/module/8139cp/holders /sbin/lsmod N/A
File opened for reading /sys/module/virtio_blk/coresize /sbin/lsmod N/A
File opened for reading /sys/module/usbhid/coresize /sbin/lsmod N/A
File opened for reading /sys/module/8139cp/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/i2c_piix4/coresize /sbin/lsmod N/A
File opened for reading /sys/module/parport_pc/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ttm/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/ttm /sbin/lsmod N/A
File opened for reading /sys/module/sch_fq_codel /sbin/lsmod N/A
File opened for reading /sys/module/nf_tables_ipv6/coresize /sbin/lsmod N/A
File opened for reading /sys/module/input_leds/coresize /sbin/lsmod N/A
File opened for reading /sys/module/virtio_gpu/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/psmouse/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/libahci/holders /sbin/lsmod N/A
File opened for reading /sys/module/crypto_simd/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/i2c_piix4/holders /sbin/lsmod N/A
File opened for reading /sys/module/crct10dif_pclmul /sbin/lsmod N/A
File opened for reading /sys/module/ahci/holders /sbin/lsmod N/A
File opened for reading /sys/module/sysfillrect /sbin/lsmod N/A
File opened for reading /sys/module/mac_hid /sbin/lsmod N/A
File opened for reading /sys/module/libahci/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/parport_pc /sbin/lsmod N/A
File opened for reading /sys/module/nf_tables_ipv4/holders /sbin/lsmod N/A
File opened for reading /sys/module/aesni_intel/refcnt /sbin/lsmod N/A
File opened for reading /sys/module/8139too/coresize /sbin/lsmod N/A
File opened for reading /sys/module/drm/holders /sbin/lsmod N/A
File opened for reading /sys/module/crypto_simd /sbin/lsmod N/A
File opened for reading /sys/module/binfmt_misc /sbin/lsmod N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/meminfo /usr/bin/free N/A
File opened for reading /proc/cmdline /sbin/modprobe N/A
File opened for reading /proc/self/cgroup /tmp/k3s-master/contrib/util/check-config.sh N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/awk N/A
File opened for reading /proc/sys/kernel/osrelease /usr/bin/free N/A
File opened for reading /proc/sys/kernel/keys/root_maxkeys /bin/cat N/A
File opened for reading /proc/filesystems /usr/bin/id N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/sys/kernel/keys/root_maxkeys /bin/cat N/A
File opened for reading /proc/cmdline /sbin/lsmod N/A
File opened for reading /proc/filesystems /usr/bin/stat N/A
File opened for reading /proc/filesystems /usr/bin/stat N/A
File opened for reading /proc/filesystems /bin/sed N/A

Processes

/tmp/k3s-master/contrib/util/check-config.sh

[/tmp/k3s-master/contrib/util/check-config.sh]

/bin/uname

[uname -r]

/usr/bin/dirname

[dirname /tmp/k3s-master/contrib/util/check-config.sh]

/bin/grep

[grep -q zgrep (enforce)]

/bin/cat

[cat /sys/kernel/security/apparmor/profiles]

/bin/uname

[uname -r]

/usr/bin/tr

[tr \n :]

/bin/grep

[grep -v -E ^/tmp/k3s-master/contrib/util$]

/usr/bin/tr

[tr : \n]

/sbin/iptables

[/sbin/iptables --version]

/usr/bin/awk

[awk { print $2 }]

/usr/bin/dirname

[dirname /sbin/iptables]

/bin/grep

[grep -v -q -E ^v[0-9]]

/usr/bin/head

[head -n 1]

/usr/bin/sort

[sort -V]

/usr/bin/awk

[awk { print $2 }]

/bin/grep

[grep -i ^swap:]

/usr/bin/free

[free]

/bin/grep

[grep -q -E ^10\.(42|43)\.]

/bin/grep

[grep -v cni0]

/sbin/ip

[ip route]

/bin/cat

[cat /proc/sys/kernel/keys/root_maxkeys]

/bin/cat

[cat /proc/sys/kernel/keys/root_maxkeys]

/usr/bin/id

[id -u]

/bin/grep

[grep -q configs]

/sbin/lsmod

[lsmod]

/sbin/modprobe

[modprobe configs]

/bin/zcat

[zcat /boot/config-4.15.0-213-generic]

/bin/gzip

[gzip -cd /boot/config-4.15.0-213-generic]

/usr/bin/stat

[stat --file-system --format=%t /sys/fs/cgroup]

/usr/bin/stat

[stat --file-system --format=%t /sys/fs/cgroup/unified]

/bin/grep

[grep -Ec (^|:)(cpuset|memory)($|:)]

/usr/bin/tr

[tr -s \n]

/bin/cat

[cat /sys/module/apparmor/parameters/enabled]

/bin/grep

[grep CONFIG_NAMESPACES=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NET_NS=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_PID_NS=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IPC_NS=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_UTS_NS=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CGROUPS=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CGROUP_PIDS=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CGROUP_CPUACCT=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CGROUP_DEVICE=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CGROUP_FREEZER=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CGROUP_SCHED=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CPUSETS=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_MEMCG=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_KEYS=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_VETH=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_VETH=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_BRIDGE=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_BRIDGE=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_BRIDGE_NETFILTER=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_BRIDGE_NETFILTER=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_NF_FILTER=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_NF_FILTER=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_NF_TARGET_MASQUERADE=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_NF_TARGET_MASQUERADE=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_NF_TARGET_REJECT=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_NF_TARGET_REJECT=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_IPVS=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_IPVS=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_COMMENT=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_COMMENT=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_NF_NAT=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_NF_NAT=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NF_NAT=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NF_NAT=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_POSIX_MQUEUE=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_USER_NS=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep -q -E ^(centos|rhel)$]

/bin/grep

[grep CONFIG_SECCOMP=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_BLK_CGROUP=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_BLK_DEV_THROTTLING=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CGROUP_PERF=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CGROUP_HUGETLB=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NET_CLS_CGROUP=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_NET_CLS_CGROUP=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CGROUP_NET_PRIO=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CFS_BANDWIDTH=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_FAIR_GROUP_SCHED=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_RT_GROUP_SCHED=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_RT_GROUP_SCHED=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_NF_TARGET_REDIRECT=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_NF_TARGET_REDIRECT=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_SET=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_SET=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_VS=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_VS=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_VS_NFCT=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_VS_PROTO_TCP=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_VS_PROTO_UDP=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_VS_RR=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_IP_VS_RR=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_EXT4_FS=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_EXT4_FS_POSIX_ACL=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_EXT4_FS_SECURITY=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_EXT4_FS=[y|m] /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_EXT4_FS_POSIX_ACL=[y|m] /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_EXT4_FS_SECURITY=[y|m] /boot/config-4.15.0-213-generic]

/bin/sed

[sed s/^/ /]

/bin/grep

[grep CONFIG_VXLAN=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_VXLAN=m /boot/config-4.15.0-213-generic]

/bin/sed

[sed s/^/ /]

/bin/grep

[grep CONFIG_CRYPTO=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CRYPTO_AEAD=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CRYPTO_GCM=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CRYPTO_SEQIV=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_CRYPTO_GHASH=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_XFRM=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_XFRM_USER=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_XFRM_USER=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_XFRM_ALGO=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_XFRM_ALGO=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_INET_ESP=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_INET_ESP=m /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_INET_XFRM_MODE_TRANSPORT=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_INET_XFRM_MODE_TRANSPORT=m /boot/config-4.15.0-213-generic]

/bin/sed

[sed s/^/ /]

/bin/grep

[grep CONFIG_OVERLAY_FS=y /boot/config-4.15.0-213-generic]

/bin/grep

[grep CONFIG_OVERLAY_FS=m /boot/config-4.15.0-213-generic]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.65.91:443 tcp
GB 195.181.164.15:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-mipsel-20240418-en

Max time kernel

0s

Command Line

[/tmp/k3s-master/contrib/util/fetch-diags.sh]

Signatures

N/A

Processes

/tmp/k3s-master/contrib/util/fetch-diags.sh

[/tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-mipsbe-20240611-en

Max time kernel

3s

Command Line

[/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

Signatures

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/mkdir N/A
File opened for reading /proc/filesystems /bin/mkdir N/A

Processes

/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh

[/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/local/sbin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/local/bin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/sbin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/usr/bin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/sbin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/bin/bash

[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]

/bin/date

[date +%s]

/usr/bin/openssl

[openssl version]

/usr/bin/openssl

[openssl ecparam -name prime256v1 -genkey -noout -out /dev/null]

/bin/grep

[grep -qF OpenSSL 3]

/usr/bin/openssl

[openssl version]

/bin/mkdir

[mkdir -p /var/lib/rancher/k3s/server/tls/etcd]

/bin/mkdir

[mkdir -p .ca/certs]

/usr/bin/touch

[touch .ca/index]

/usr/bin/openssl

[openssl rand -hex 8]

/bin/rm

[rm -rf .ca]

Network

N/A

Files

/var/lib/rancher/k3s/server/tls/.ca/serial

MD5 539bb1bacac08f2c88e5d497395885a5
SHA1 269404ec3d094ddba241276631f427aa473b0e7f
SHA256 4f0ced45a75faaf308aaeddf6ab5a03307553219f2c1436c1e7f35791d71b568
SHA512 da920daf44f4ccfbd9231840cb2c707e9defc2c4f2330aba2e24ca553b0ec1f4c21d442e767efb81d2aaee089ee11500a4aad54442cfebda9ebdb3cb7f589e2e

Analysis: behavioral31

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

149s

Max time network

133s

Command Line

[/tmp/k3s-master/install.sh]

Signatures

Write file to user bin folder

Description Indicator Process Target
File opened for modification /usr/local/bin/k3s-ro-test /usr/bin/touch N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /usr/bin/id N/A

Processes

/tmp/k3s-master/install.sh

[/tmp/k3s-master/install.sh]

/bin/sed

[sed -e s/\([][!#$%&()*;<=>?\_`{|}]\)/\\\1/g;]

/bin/sed

[sed -e s/[][!#$%&()*;<=>?\_`{|}/[:space:]]/^/g;]

/usr/bin/id

[id -u]

/bin/sh

[sh -c touch /usr/local/bin/k3s-ro-test && rm -rf /usr/local/bin/k3s-ro-test]

/usr/bin/touch

[touch /usr/local/bin/k3s-ro-test]

/bin/rm

[rm -rf /usr/local/bin/k3s-ro-test]

/usr/bin/sha256sum

[sha256sum /usr/local/bin/k3s /etc/systemd/system/k3s.service /etc/systemd/system/k3s.service.env]

/bin/uname

[uname -m]

/bin/mktemp

[mktemp -d -t k3s-install.XXXXXXXXXX]

/bin/sed

[sed -e s|.*/||]

/usr/bin/curl

[curl -w %{url_effective} -L -s -S https://update.k3s.io/v1-release/channels/stable -o /dev/null]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 update.k3s.io udp
US 1.1.1.1:53 update.k3s.io udp
US 151.101.193.91:443 tcp
GB 89.187.167.6:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

debian9-armhf-20240418-en

Max time kernel

149s

Max time network

5s

Command Line

[/tmp/k3s-master/install.sh]

Signatures

Write file to user bin folder

Description Indicator Process Target
File opened for modification /usr/local/bin/k3s-ro-test /usr/bin/touch N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /usr/bin/id N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

Processes

/tmp/k3s-master/install.sh

[/tmp/k3s-master/install.sh]

/bin/sed

[sed -e s/\([][!#$%&()*;<=>?\_`{|}]\)/\\\1/g;]

/bin/sed

[sed -e s/[][!#$%&()*;<=>?\_`{|}/[:space:]]/^/g;]

/usr/bin/id

[id -u]

/bin/sh

[sh -c touch /usr/local/bin/k3s-ro-test && rm -rf /usr/local/bin/k3s-ro-test]

/usr/bin/touch

[touch /usr/local/bin/k3s-ro-test]

/bin/rm

[rm -rf /usr/local/bin/k3s-ro-test]

/usr/bin/sha256sum

[sha256sum /usr/local/bin/k3s /etc/systemd/system/k3s.service /etc/systemd/system/k3s.service.env]

/bin/uname

[uname -m]

/bin/mktemp

[mktemp -d -t k3s-install.XXXXXXXXXX]

/usr/bin/curl

[curl -w %{url_effective} -L -s -S https://update.k3s.io/v1-release/channels/stable -o /dev/null]

/bin/sed

[sed -e s|.*/||]

Network

Country Destination Domain Proto
US 1.1.1.1:53 update.k3s.io udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-15 05:05

Reported

2024-07-15 05:15

Platform

win7-20240708-en

Max time kernel

117s

Max time network

123s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.dockerignore

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\dockerignore_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\dockerignore_auto_file\ C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\dockerignore_auto_file C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\.dockerignore C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\.dockerignore\ = "dockerignore_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\dockerignore_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\dockerignore_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\dockerignore_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.dockerignore

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\k3s-master\.dockerignore

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\k3s-master\.dockerignore"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 7ef2267463a11b6ca01b7efb5d1a67eb
SHA1 e233b0da49d49f6082bd2a73eea051323b977ccc
SHA256 db6f10c39933c3b8185b93ff381c72b647e5443c6c7b207d2823512e72ce0a70
SHA512 9074e036205225e7dc3a55eeecbf40fda234b584f86bf5972e8e2f46bcdd491239f9be074d59dbce854e9e479cabaed94ba4a2fec4e4f0f199455f20c25455ca