Analysis Overview
SHA256
5970adefd66635b0a58c373c4ca8632c379eb21503270ff1329d90ae66e45e31
Threat Level: Shows suspicious behavior
The file k3s-master.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads list of loaded kernel modules
Enumerates running processes
Write file to user bin folder
Reads CPU attributes
Checks CPU configuration
Reads runtime system information
Enumerates kernel/hardware configuration
Enumerates physical storage devices
Writes file to tmp directory
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-15 05:05
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:14
Platform
win10v2004-20240709-en
Max time kernel
148s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\k3s-master.zip
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:14
Platform
win7-20240705-en
Max time kernel
121s
Max time network
124s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\yml_auto_file | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\yml_auto_file\ | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\.yml | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\.yml\ = "yml_auto_file" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\yml_auto_file\shell\Read\command | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\yml_auto_file\shell\Read | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\yml_auto_file\shell | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\yml_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2892 wrote to memory of 1308 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2892 wrote to memory of 1308 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2892 wrote to memory of 1308 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 1308 wrote to memory of 2620 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 1308 wrote to memory of 2620 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 1308 wrote to memory of 2620 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 1308 wrote to memory of 2620 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.drone.yml
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\k3s-master\.drone.yml
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\k3s-master\.drone.yml"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | a5d8913803d9b7b30dbc7af3afad10b3 |
| SHA1 | 2ad12c0b6851b3d2ad6449a33f199e9c3ef03f8c |
| SHA256 | e00d04befba93863930526f60b6a4c2e0e791d469baa58152ce83d62a0a5a24d |
| SHA512 | 5a75a788c6cdf609a20f0c4295258521551cdc0ed33a01cef66ced7eef1109c2a9114e6d4f535f71a12bad76719cf8cc63cb6c480deb149640661d8830ec1305 |
Analysis: behavioral18
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-mipsel-20240418-en
Max time kernel
9s
Max time network
9s
Command Line
Signatures
Enumerates running processes
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /sbin/sysctl | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /bin/ps | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/pgrep | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/21/status | /bin/ps | N/A |
| File opened for reading | /proc/688/status | /bin/ps | N/A |
| File opened for reading | /proc/sys/kernel/keys | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/kernel/random/boot_id | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/ipfrag_high_thresh | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/udp_rmem_min | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/all/optimistic_dad | /sbin/sysctl | N/A |
| File opened for reading | /proc/1/stat | /bin/ps | N/A |
| File opened for reading | /proc/710/stat | /bin/ps | N/A |
| File opened for reading | /proc/333/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/all/mldv2_unsolicited_report_interval | /sbin/sysctl | N/A |
| File opened for reading | /proc/17/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/net/ipv4/neigh/lo/gc_stale_time | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/tcp_fwmark_accept | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/default/accept_ra | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/neigh/lo/base_reachable_time_ms | /sbin/sysctl | N/A |
| File opened for reading | /proc/10/stat | /bin/ps | N/A |
| File opened for reading | /proc/22/stat | /bin/ps | N/A |
| File opened for reading | /proc/333/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/lo/igmpv3_unsolicited_report_interval | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/neigh/default/proxy_qlen | /sbin/sysctl | N/A |
| File opened for reading | /proc/68/status | /bin/ps | N/A |
| File opened for reading | /proc/704/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/69/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/331/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/all/route_localnet | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/user | /sbin/sysctl | N/A |
| File opened for reading | /proc/15/status | /bin/ps | N/A |
| File opened for reading | /proc/sys/kernel/dmesg_restrict | /sbin/sysctl | N/A |
| File opened for reading | /proc/36/stat | /bin/ps | N/A |
| File opened for reading | /proc/360/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/71/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/fs/epoll/max_user_watches | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/lo/optimistic_dad | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/vm/dirty_bytes | /sbin/sysctl | N/A |
| File opened for reading | /proc/15/stat | /bin/ps | N/A |
| File opened for reading | /proc/17/status | /bin/ps | N/A |
| File opened for reading | /proc/728/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/sys/net/core/busy_poll | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/enp0s19/route_localnet | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/enp0s19/optimistic_dad | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/vm/admin_reserve_kbytes | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/kernel/modprobe | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/neigh/enp0s19/unres_qlen | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/default/ignore_routes_with_linkdown | /sbin/sysctl | N/A |
| File opened for reading | /proc/22/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/enp0s19/arp_announce | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/default/router_solicitation_delay | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/netfilter | /sbin/sysctl | N/A |
| File opened for reading | /proc/76/stat | /bin/ps | N/A |
| File opened for reading | /proc/249/status | /bin/ps | N/A |
| File opened for reading | /proc/1/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/127/stat | /bin/ps | N/A |
| File opened for reading | /proc/72/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/all/drop_unicast_in_l2_multicast | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/default/secure_redirects | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/enp0s19/accept_local | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/enp0s19/accept_ra_rtr_pref | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/neigh/enp0s19/locktime | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/vm/lowmem_reserve_ratio | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/core/busy_read | /sbin/sysctl | N/A |
| File opened for reading | /proc/10/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/kernel/overflowuid | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/all/accept_ra_mtu | /sbin/sysctl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-namespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-deployments-allnamespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-replicaset-allnamespaces.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-storageclass,pv,pvc.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/sh-thd.nOqzWp | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/mount.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-version.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-version.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/sysctl-a.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-ln.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-nr.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/uname-a.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/uname-a.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-nr.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-config-getcontexts.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ps-uax.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/iptables-L.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-checkconfig.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-checkconfig.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-version.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-config-currentcontext.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-pods-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-daemonset-allnamespaces.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/dmesg.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/df-h.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/df-h.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ifconfig-a.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-replicaset-allnamespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-storageclass,pv,pvc.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/_etc_os-release | /bin/cp | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/id.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/mount.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-version.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-namespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-namespaces.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-ln.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/lsof-n-P-p.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/command-v-kubectl.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/command-v-kubectl.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/hostname-f.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/command-v-kubectl.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-nodes.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-deployments-allnamespaces.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/uname-a.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ps-uax.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/id.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/df-h.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-clusterinfo-dump.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-nodes.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/sysctl-a.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ps-uax.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/dmesg.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/lsof-n-P-p.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/mount.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/iptables-S.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-clusterinfo-dump.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-services-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-services-allnamespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-daemonset-allnamespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/hostname-f.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-config-getcontexts.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-clusterinfo-dump.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-nodes.cmd.txt | /bin/bash | N/A |
Processes
/tmp/k3s-master/contrib/util/diagnostics.sh
[/tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/bin/id
[id -u]
/bin/cat
[cat /proc/sys/kernel/random/uuid]
/usr/bin/tr
[tr [:lower:] [:upper:]]
/bin/mktemp
[mktemp -d /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-XXXXXXXX]
/bin/readlink
[readlink -m /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE]
/bin/mkdir
[mkdir -p /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system]
/bin/cp
[cp --recursive --dereference /etc/os-release /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/_etc_os-release]
/sbin/sysctl
[sysctl -a]
/bin/uname
[uname -a]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/uname-a.err.txt]
/bin/ps
[ps uax]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ps-uax.err.txt]
/bin/dmesg
[dmesg]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/dmesg.err.txt]
/usr/bin/id
[id]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/id.err.txt]
/bin/mount
[mount]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/mount.err.txt]
/bin/df
[df -h]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/df-h.err.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ifconfig-a.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-ln.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-nr.txt]
/usr/bin/pgrep
[pgrep -o k3s]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/lsof-n-P-p.txt]
/sbin/iptables
[iptables -L]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/iptables-L.err.txt]
/sbin/iptables
[iptables -S]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/iptables-S.err.txt]
/bin/hostname
[hostname -f]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/hostname-f.txt]
/bin/mkdir
[mkdir -p /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-version.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-checkconfig.txt]
/bin/journalctl
[journalctl --field _SYSTEMD_UNIT]
/bin/grep
[grep k3s]
/bin/mkdir
[mkdir -p /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/command-v-kubectl.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/command-v-kubectl.err.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-version.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-config-getcontexts.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-config-currentcontext.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-clusterinfo-dump.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-namespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-nodes.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-nodes.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-pods-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-services-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-daemonset-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-deployments-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-replicaset-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-storageclass,pv,pvc.txt]
/usr/bin/tr
[tr [:lower:] [:upper:]]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-11 | udp |
Files
/tmp/sh-thd.nOqzWp
| MD5 | 41410e2d8c959cf394fbace1118ed224 |
| SHA1 | ff1937969adacc186681dfc376f608ae79c2d861 |
| SHA256 | d0526f1587b987a87f3b7f6f06393bffcff2054fa2b097d04869c5829ec2140f |
| SHA512 | 4136e6ece72b32d605bd199f041dc77046ec01d06e89fdd90ae9383fdaef0e0171ce143068b643b30dc7eea454ac3cc333e98d87d3975d19b7ce7b7949bb6145 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/_etc_os-release
| MD5 | 6b9cb463744e6c78a180041ae5c82068 |
| SHA1 | b66fa3cc6b749fc33c049dc2f4ea3b6d9f12a9a7 |
| SHA256 | ff83f0c28edf5d329efd04b1f776bceef961380b1733d47469c4c54eab4b40b2 |
| SHA512 | 3636e4089e683ec160911c7b855495d68993fda6140636a402881ea9d207ca6afad704f10afaa79dbf3e510b3ff2fc31bcf6bb26def11ac22dddaba74cab95be |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/sysctl-a.cmd.txt
| MD5 | 65a913226117e10569f47210ba5cc9e4 |
| SHA1 | c958c77311ef8ea7767c0c6e8ad1645eebd9394a |
| SHA256 | 4ea6aada74971199ecb08b13fbe3add985765a673bb8ec2c9ed7f488ab8ca21c |
| SHA512 | 914ae3d1e97baffa38a84f0bf45e92d77ebada3ad4779e1669696231450825f7f9f989e48fe1bd17b861f1d8ddd763749673cc6ba8041c194b7689c477227cee |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/sysctl-a.err.txt
| MD5 | d36cc5bb15821d3b56e5783cda82c81d |
| SHA1 | aa805238a3181895d21513c060e7b491c248b169 |
| SHA256 | f351dd41c58a56faad25a60b1e2931ed551d10f9b461420e561eed6bd786ff93 |
| SHA512 | 7f56cd98df040c7c36380e40ecbe9e2db8bbd64ff4f3ff87df55c63554f7603cb42afde1feff1a0bcd85009dc80807e3d7f185e6da9bde8cc1b742150326cb32 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/uname-a.cmd.txt
| MD5 | 6d03a4bce238ab72e1efd760a9d7d22d |
| SHA1 | 39a250e1c093ecfcd2473e71716ba65b37940e21 |
| SHA256 | a5c41ad2a873e7904cb35754bf57108df0b72d5939ba9d9b0a8250affda6285d |
| SHA512 | 28caf42ce66c25c8cea394de5f845490221cc7824c4689ad56cd85ccea4a1e0631ae70870be1a5b36e9fdea88ee069198ea21f839c20434f0c996e09b8a7bd3a |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ps-uax.cmd.txt
| MD5 | 691b561deef6ef64e778e28766cedbf4 |
| SHA1 | deecfe74e77f32702af64f7d98f7976bebed926c |
| SHA256 | 9a262237c8fdccc327d5fa407fc6ed67125f5c10d6cfa893fd844fc449b0b0f6 |
| SHA512 | e9b4dc23441e6723af8e68b3835046bcdd973e157736d610f3691f85fe00ebe71b75bc4dd6a54516b53e9a2ed0e3a248b12344733fb07262ada5b1856cbefb70 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/dmesg.cmd.txt
| MD5 | 5e586b12552daf93c7af22dccbbf673b |
| SHA1 | 87b5100b995abbc509d56fbc2f21a5e36f31e19d |
| SHA256 | ecdd46797ccbbd216430279b15b436d2ed9f0afa18d3115f7cb21d88d7c7f227 |
| SHA512 | cad46c0ec64a9fd7860343b2703ad98dc5aa0231b8a08af5af34fbd44f8730f313c2f25dd81273b2e3e3c62af69dc11fed051036b6f2fb4e41c91ecb870fca88 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/id.cmd.txt
| MD5 | 49f96038f20aa062772267b640a18d79 |
| SHA1 | d5c07425675ba6682d89278ed8616a88d49af0a2 |
| SHA256 | 984a644ec3b56d32b0404777e1eb73390c4b0742a6a0e183f07861056b6746de |
| SHA512 | 2236c2c538189f24d1e9334832ac9db9df3c141bb98af9cd5c6a3ec5ade393a5a573f682953ee2dbff9aaa96bbecc0726deaeee962cd070ed44d183130c7408a |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/mount.cmd.txt
| MD5 | d8019401b7e42876fd36020a04c3bf2c |
| SHA1 | 49e9151a32ea1ffc9b3c50c0d8711575fde1aebe |
| SHA256 | c29c742d06751d4f0189151a5eb8df519779a56b90701230c359d9de849914ad |
| SHA512 | 6c549cdea03de6c868080cc301c38948fcedfcb96e0ade3881321e8d6fe2c59f97b73d2b44fc5016cb3a15194a84357d7176da5e6ed5586b193dd9fc7a0ee084 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/df-h.cmd.txt
| MD5 | 69a238d8cb3c5f979252010b3299e524 |
| SHA1 | c989bd551bfa8c755f6cacacb90c5c509432110e |
| SHA256 | 3242baedf369c64515b1cb0c47ea519e0e5c71911d863ff0e41d4ae9426fcd97 |
| SHA512 | ef99d9670cccbd6edfe26c74a13567360cc7f22ee507d68f5e3eceb6c0891689321397c56ddddf8ea942990f72d8276827277b2c1c8213f0c244ce94d286840a |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ifconfig-a.cmd.txt
| MD5 | af9af3cccdf311f8c81f08e97e8d0aa0 |
| SHA1 | 93ed74c2d1ab654206a6ff50c8b0955901fed699 |
| SHA256 | 235a86b5220bd41c03dc776f96f1dc95806e7a0579ffd4126afda0eda33b7186 |
| SHA512 | 61293697a81ef554d494e9a0219a50dfa9ec2a1658c38e60c1cdbc2c382128faa24a9d9e1f0d871df50a82e16190262e9a83db1372ca324ca625b48b9380de1a |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/ifconfig-a.err.txt
| MD5 | 2205dea4d61a6d56f12580a91bf88ebd |
| SHA1 | ea5c2d483ac5600ab9650a15fd5a6cc1abeaef4b |
| SHA256 | 96de101f770c28472d203a7c2f0588f76125e56963adc253315ecf7e5362d57b |
| SHA512 | 894c76524767d0ed7b890961a8a85582024f61bfc7382c62b42a89b172fa1b3f4cb907517c836838aa76b3ebb9e86838fa24e3029cffaa92e8779f950fb90238 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-ln.cmd.txt
| MD5 | 34b0eb93562d163c0421d090e1af127a |
| SHA1 | a92fd8952b3f7e38e9473507eb5118379762259b |
| SHA256 | 6aa3e31d3a1e7c3ad12f70971de5bd17ccd04c42150acb6dcee0366966e4efde |
| SHA512 | 3d600a185c170ef42990bef49d5d0fe7cab5b9b523d06f88b3b93900042a5c59dbe3761daf1c5937846d6cb0c2a854ed3d288a5f14bf86e2a4809222c151b98b |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-ln.err.txt
| MD5 | a01d8d19ee83ee3b9e3aa93994adeac1 |
| SHA1 | e8d2614ca92e7bf98a77bd9a665e4c90666d9ea9 |
| SHA256 | 67dd27625b828ba9afc4e1660cb7ceacaaa1c0c53d1f012092d7634b477caf83 |
| SHA512 | 852baf4d57d0e566306afbd95e048b579e037436e58df90fd7fffa231c1ce6f35364f19a8463c8e72e189abbafa0d6e2ce0cd63e5fc14fc6923f23bfa86d50a7 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/netstat-nr.cmd.txt
| MD5 | f91997b53c5bb88b78adbc7c6045acfa |
| SHA1 | 76d0d0b39dd17bf89516ca246e273aaad204f306 |
| SHA256 | 69db1fee62f367e4c5c5662955fe1960e638605415869851b82bdb9cb0097176 |
| SHA512 | f7bf633b9542a935188a2527075243a72846ebbe18079103035e141571225ecfb5cc7d2647044b89fe2bd6b849c30c41ffda4608fd23886765f34970d3271c5e |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/lsof-n-P-p.cmd.txt
| MD5 | 3b97c34d2930b286446fe0e3c0a3992f |
| SHA1 | 8ade115cded46e67fdbf533d6b28ed0965f5e9e5 |
| SHA256 | 76e39d40cc0973fa69f2968eb13060976f5d9a11e070f9b74b8614086c35d99f |
| SHA512 | d961289fc6ab8e72344b0be929ad8abb327d897c3fe19c84fa92e9530dec3ec80e1706711e4c8104c1cc44f7c7b81f591e9d26ef0df293983dbf9005c312f285 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/lsof-n-P-p.err.txt
| MD5 | fef6762266aceba4193ef24290aaca06 |
| SHA1 | faac5e497bdee0d77c700c53e4e4d3f435a2d4d0 |
| SHA256 | dc096a6dd561bf05605bf08b0ae028e6ac371bb55b1ac10b1099326a69c2936e |
| SHA512 | 24ad1b561af4a12995f444914014cd1a9c91506c5ada43518d5be94d54f7bd870f9b8dff8a34f8a89ddbc02643816583a39e33ea7d8655b33ee6ee91337a9e93 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/iptables-L.cmd.txt
| MD5 | 434489814c5c403c06037f82f9e9a264 |
| SHA1 | 47b6cbb7c23e2c02ce89a10ea2df3cb17c8c98aa |
| SHA256 | 46da7b1e98fcbc799e2dbe3d5e347476ae1d85818364a70c822add53a488ea46 |
| SHA512 | ca0cd8a62be26f5c4a511795ca5a66705f30d78bdff1405e5ad451c2cbb5b4f102334afa9cf956b80f6e36868608a67c0888d34012e8d7140cb2d6402b8f42ca |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/iptables-S.cmd.txt
| MD5 | 3b4ee7611e467391ba258b42f691fc34 |
| SHA1 | 8f442990dd87f47f59bb91e5f45563e191e4e3dd |
| SHA256 | 42129453f7b3b970155c3acaea97965f29694fc7dabd544cdfbde2ad5463348a |
| SHA512 | cfb660bc6c96f7a98e445bd9e0b7f40ebe2c7490351bac2c8a6d3a00a4e1d97ffc5a199e4d399b90b7ef4baf3b3b1468d017afe14004edb2340d23f6aafd17e8 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/hostname-f.cmd.txt
| MD5 | 01c771b88df59ada175c1653db8bea99 |
| SHA1 | e21d64f4f91b700f4ce8d9e65bb2806df96e5d55 |
| SHA256 | 80cfa79f1c72e35ea11dea69762c2bbc0f11c683cd8ef840996ede660d69c04a |
| SHA512 | 15f11c20166742cbce33caf92482e2f0b96378f4a4ba17740ab7066511206ef3012ad132934108bbbc98b02c672d6b4348d80b011bbf862624148bdf2860cc54 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/system/hostname-f.err.txt
| MD5 | 428abf1a44de5a105a35bbd0e39ef779 |
| SHA1 | 7af871b6aa7748a37dfee56da2c343fb75dbd5d6 |
| SHA256 | 4f67526861c6d543f3a592aa1e36abc9b39c5d304dafcfb294efb24b3ef4ebba |
| SHA512 | e420f327502d83def7674fd15d9c634c611e0952aac6a826869ad891dd405ed95c618d40b5af1280eaef2a607cc5356d686ca56dda927a61354c11a005893f91 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-version.cmd.txt
| MD5 | 2f314c074a46fcfbf6f5f13a4ea2a6be |
| SHA1 | 650ecc8d90046edc71609c5b0a5491bcb7bf4f51 |
| SHA256 | ee0d9f93c2b132ac9bbaa7226439ee9e6127425bdf75e630ac894fb85d439bf2 |
| SHA512 | a9d1270bbff5f0756a122c32727be732b412a31fb7d4310eaecc93f00d46239d003eeca9032779d35bfa1992e6104342ac082c561e79217cf3775606d4462637 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-version.err.txt
| MD5 | 2f821ac970317a5954f9e4b78a508e63 |
| SHA1 | c82324b92ad1f492221cb9203171d87a74182b38 |
| SHA256 | 6d5a1ded372e8240ae92ab10faa113f4300bc4ad68ba6c9cac7fa7f969dff93d |
| SHA512 | c10c8a1dce6a09cf1bb0acd99c808939c472f92a3d14ecbc5bbd6f15e2bd53036c627542a2f9a959bd23f3b6036bc5e530bf2e96a7705e468496b90f0b1e009d |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/k3s/k3s-checkconfig.cmd.txt
| MD5 | 3fc4a3e73307f2a04a4901a2d7f65c48 |
| SHA1 | 4063beda5c8cf430d48c87fa1a6a68ddbb93c20c |
| SHA256 | 26f41d1fb3bfccae59379f6a945a348ee951aa4cb6d63ded1b2a7fe51990a570 |
| SHA512 | 1fc1804eca455263001c23e92dea1cae8fdec88797ff7cf5fecc0943a5c4473e9785300d4570a52e9afa83485c4cfc7541d3c3acf8abb83f7a9b3d18143a5f83 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/command-v-kubectl.cmd.txt
| MD5 | ae1741b49f8cb260295757450f4e940c |
| SHA1 | 4ddff8d1a4d241d916647c3416993c2b71d4f08f |
| SHA256 | 5249dea92706d039a3d9c4e7858f4c89b59cde4e0b9295a84b9043e9d73fca9c |
| SHA512 | 8dd4a19c58288396d5d3417c4537197bae3cb3536b608870cb15d9b8fec4ba3bf8f2cc60cad2a8c9023228b2e0df42d59d51890d052ce2b7697d76fb32719e44 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-version.cmd.txt
| MD5 | 96275629f4d50cacc031d9fff056ce0c |
| SHA1 | b47a3521d57e3e86b368994e24075ecee3dd82e7 |
| SHA256 | c49de28b5ecf8b3ddef8ac49737f3870a2b35b77e27b43ec6c8551ed62fd5b15 |
| SHA512 | e0187e7e3bc98aac93fa71c4dc674c54a8325b0454cf64a1b10ff335084d246c414698ac7a293a463de78d30537e92afc9678c8b3951730d2fe1080dfefd8f62 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-version.err.txt
| MD5 | 2b6011e00005a20f051a13323fe2eff0 |
| SHA1 | 7bbc836e615dbd816abad1086e8c75242f84f6a8 |
| SHA256 | 09afb740ea2b3de3ebd36d564f4a9ac8f0214f39efcf027617818054ea845511 |
| SHA512 | 934b95dc713d5c028d099c7c434cbb50707771a875b868a3698de2e131f0801633a7a35700d3207735bb6ce22df323448ca221cf21b1f2ea29775ce114fb4b07 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-config-getcontexts.cmd.txt
| MD5 | 654e808e4ffd2d97f7e608045cfb16a5 |
| SHA1 | e95666ee9b61a08e754d914115808feffb985760 |
| SHA256 | 424d24f21990aa6c59e6f781f0b25e21f48d31697c53e057aa698e20324b497a |
| SHA512 | 69252aa13b6f9231b8337b71bcd88b8b7bedd6cb4ce9bd912d34fa1c1327e07371385398ccbd3dbc71da2f768f6285a3f77a9e05368b2fb0fa22d1f3c7b22a27 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-config-currentcontext.cmd.txt
| MD5 | 3f76b376d8dc2e1a52eeabb0c3830887 |
| SHA1 | 5f85fa92c2bbe97609a2ba048a8767bf281d0f7a |
| SHA256 | 09ff9097f11f5a67fff70dbec7bfa87df7f2187ee5c029a2c90d6c208bfbbee3 |
| SHA512 | 1f38033692606a45b15c347494db53b5ae9dbeff6b0898ab9d3e1395c659ec077b21b96127db314387fde40e13c92b820d823e3df7e4363ab92db346f0b798fb |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-clusterinfo-dump.cmd.txt
| MD5 | 6fbf190b03be40ae5f8ec36154c72514 |
| SHA1 | c4a49be9f3d7276f30078ed1a7d14f2c40bef3cd |
| SHA256 | 264c0da3f3425bcbbe165df2fea3ec2e3dfc0727e7352510c5ab9cbefbfafcb0 |
| SHA512 | b460c1d6f32a83ac133690712c359bfe911da14058d90454c2f80386133d35134d9d9fe60ff550ba92dd6101040e46c750edc36e5e4fad50b565b08ad6585f77 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-namespaces.cmd.txt
| MD5 | 542e77fcb4b18534f77121a54cc98085 |
| SHA1 | de02b14b99fc69c48befc21fb98c3ada7bac2e04 |
| SHA256 | c485003651d2468a3c16c762765bd746e6f08d47d22960eb2fe9323a2fd663da |
| SHA512 | df578273d33501fe0cbb6bd471e42f02e62b52ec7beeb60889b95a052dc5a8af2068025cdd670110de7679468e83c10dc96d571943ce1e3a77c73d4543ff0333 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-get-nodes.cmd.txt
| MD5 | 3fc130b3e6ef3ca21bc420868d5b580c |
| SHA1 | 3e4537d06a2cdd870d039bf2ab61b1409e74b0b0 |
| SHA256 | e53bbc0cbc3e768a07a8efff68520cf45d2f49e83c9f26ed5aa8d6343af84150 |
| SHA512 | b80f2d773d0b7572dfffa81f52192a218fd6e5a0aba199625f82843d6661b407faa111017b0ed4e66a4dde63c1662b2231e71c4e84fdc6effbdba7b380c008aa |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-nodes.cmd.txt
| MD5 | d16eebb25c9302a1cdf34bdcf7c936ed |
| SHA1 | 7d5398e18b6c0b768ec40a22cbd56971998a9544 |
| SHA256 | e8a1ed5c0ed31fa8e9ae1aff89e1d54e5aa18170f8df1dbf103e7a6861394d29 |
| SHA512 | d9ecc8b01af11a95b295a2517bd1d37e3d253c577a2a0434fa965d8f7772494abfa3aafa73cf19bd476cb46682422d4d9253818f72cbff26cc75789d5cb5ef63 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-pods-allnamespaces.cmd.txt
| MD5 | c863f288967d132b29784e4401b58512 |
| SHA1 | 02ae31e412ff27b9f16b82c1157ad9c9835ed333 |
| SHA256 | 2cf64ab9440bbac91a1ea61888b59f6b97dd0e5adeca729ea8a35429888a2623 |
| SHA512 | 2c5b6ee9e0577f07ef7b3daaf91f1188f58ef2d0d6b971978f4ccec8bae07718879f8cf972a0b7d6aa01e70b28fe2c4ec9427bb7bfe4182fa2693a79a4de696b |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-services-allnamespaces.cmd.txt
| MD5 | 6eca4cf5ebd52f8c2e05e548d720c96b |
| SHA1 | ca48ca8abc3a2cae6a3d4937cca6f78977c39e78 |
| SHA256 | fdf148fcabcf78973dca2ac6687d01116bd2e33715b451441cc01123e74b6d84 |
| SHA512 | d4ce17bc6c1bf1b8376c16e84450bb91a001c28d51aa4d701670f28ada0577c607492c265d8f05bc614c171477dc91406dc0002071a34e6ba4b9f7bcd282b962 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt
| MD5 | c8132922440ccf9c50ff06d65205abd7 |
| SHA1 | 096ed9504bed6655fe7fb7ff1035af007416fc32 |
| SHA256 | 362103778c695feeec811d59a43290d5ee4e0df2ab1fbc3ff00758faf85eb8a4 |
| SHA512 | ee60150b145acbb81694022e3da9de1f105bf483ed4bbdd522f7f9a2b521c4d103412f8e5b53ac2f787804c1ff111ef57a6fda3c199bc4e7c683391c75748b27 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-deployments-allnamespaces.cmd.txt
| MD5 | 3631db57279a5dc45dce19137d1c8026 |
| SHA1 | ccdb8306f79869356d536fdf6edd5d99c3f71978 |
| SHA256 | bd6e8a341d59c7a49d9de9d1c8265d6f0885b4d14eabdc8fbe219b75b7846d86 |
| SHA512 | 23bd0a920543de4d8e82d8b9515f591aa6a2729055e5b6ef2ba1a1249260dedf41948cea4e24c5573ece57d23672725f0e45e28c64b7dc83458c0764ce5f755d |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-replicaset-allnamespaces.cmd.txt
| MD5 | 0d6930d59e8d0fc4648b1c170caf1909 |
| SHA1 | d887818f29e86139b6cd482577d051c6d4d6d548 |
| SHA256 | 6a5e42de63285374c442ec79ada7080ab41bae85438f4adfd95913916d14ba57 |
| SHA512 | 62216eec2f04bdfc0ab69a5c00ec8246ab28f1d6f0164764bf1dd17d2461b5ddce4e632af1af07ff5865fb08e0e09390b18c0bbfa7ead48575e5ad0d81ba7133 |
/tmp/k3s-diagnostics-086472B9-AFF6-4DB5-BD89-0C1F08F26FC1-U7vhoOJE/kube/kubectl-describe-storageclass,pv,pvc.cmd.txt
| MD5 | 3c44ff5f7437e2e9ee9bfc27b7239ef8 |
| SHA1 | 51bf4232870c2a38a6fd0240bf18d0fbd5b11458 |
| SHA256 | 643633049e2e90205e3c8841019ba822cd651134021b7d8f1b03f2a8be3ca3ea |
| SHA512 | 6c9a23be940cd980415f9c0118f8156cdf94b3d20b17b8fb95e4da1b8e4f5f517dc4f2eb4727a6fb97c74e50f965fab4f9a7ca9d8f398ba7111170343b1a0513 |
Analysis: behavioral21
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-mipsbe-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/k3s-master/contrib/util/fetch-diags.sh
[/tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:14
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
128s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/sh-thd.04UiOQ | /bin/bash | N/A |
Processes
/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh
[/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/bin/date
[date +%s]
/usr/bin/openssl
[openssl version]
/usr/bin/openssl
[openssl ecparam -name prime256v1 -genkey -out /dev/null]
/bin/grep
[grep -qF OpenSSL 3]
/usr/bin/openssl
[openssl version]
/bin/mkdir
[mkdir -p /var/lib/rancher/k3s/server/rotate-ca/tls/etcd]
/bin/mkdir
[mkdir -p .ca/certs]
/usr/bin/touch
[touch .ca/index]
/usr/bin/openssl
[openssl rand -hex 8]
/bin/cat
[cat]
/bin/rm
[rm -rf .ca]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.2:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp |
Files
/var/lib/rancher/k3s/server/rotate-ca/tls/.ca/serial
| MD5 | 8d92892818506ebcd7f8bde6d8fe854a |
| SHA1 | 88fef2fafab28d1e66f2331079b8d07d6b68299f |
| SHA256 | f05306945a84b0ee44a9e6bc36beea51f27aff19e6dda6251263459ace0f0deb |
| SHA512 | 1957ec2e622a8b81480ce350a014f19da0a172aa04e0b41d933dccafda2aa04735c883ce5ff7a6d4bedbbaac129c806542aa19e6ab300a9a95b6003165e5df10 |
/tmp/sh-thd.04UiOQ
| MD5 | 2844ba16b95991985d5f083c721ed963 |
| SHA1 | 31689af97980a7a4336c19fccf111649ba010611 |
| SHA256 | a24bcf5ef2dbe17f5be8b690a809aeb487965e09f55ce8bef52f2f83beea4ec3 |
| SHA512 | a9ee7ebbe1f59c6927044f2f115ff95dce99b370c88477a096abeb34c97b0f7392ac8dce304e93f4601c9f9b77339d412f04f7019dbc54851e39eed70672383d |
Analysis: behavioral29
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-mipsbe-20240418-en
Max time kernel
2s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh
[/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/bin/date
[date +%s]
/usr/bin/openssl
[openssl version]
/usr/bin/openssl
[openssl ecparam -name prime256v1 -genkey -out /dev/null]
/usr/bin/openssl
[openssl version]
/bin/grep
[grep -qF OpenSSL 3]
/bin/mkdir
[mkdir -p /var/lib/rancher/k3s/server/rotate-ca/tls/etcd]
/bin/mkdir
[mkdir -p .ca/certs]
/usr/bin/touch
[touch .ca/index]
/usr/bin/openssl
[openssl rand -hex 8]
/bin/rm
[rm -rf .ca]
Network
Files
/var/lib/rancher/k3s/server/rotate-ca/tls/.ca/serial
| MD5 | 821d75937982f91e71d74f40d22b2a36 |
| SHA1 | 192e6aedf6b3cd69a63e30e9fc0ea683f0a1e8c0 |
| SHA256 | 1e149bbd01c53888934efc22d5d5b30d8ad6f2cf7a639ecdbc5db36c2ac4ec5d |
| SHA512 | bd910b3a4cc97131845bcf708fff18cda2ae3dea50e5abd3db48958f6d6e6a66ae92fc62cdd5de4316e24b3690a2f47fd3208f24097e34ce202d1b13da670432 |
Analysis: behavioral24
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-armhf-20240611-en
Max time kernel
1s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh
[/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/bin/date
[date +%s]
/usr/bin/openssl
[openssl version]
/usr/bin/openssl
[openssl ecparam -name prime256v1 -genkey -noout -out /dev/null]
/usr/bin/openssl
[openssl version]
/bin/grep
[grep -qF OpenSSL 3]
/bin/mkdir
[mkdir -p /var/lib/rancher/k3s/server/tls/etcd]
/bin/mkdir
[mkdir -p .ca/certs]
/usr/bin/touch
[touch .ca/index]
/usr/bin/openssl
[openssl rand -hex 8]
/bin/rm
[rm -rf .ca]
Network
Files
/var/lib/rancher/k3s/server/tls/.ca/serial
| MD5 | 18189997649d84bc72f4949ef280f446 |
| SHA1 | aba9d6a7057cf4f3a8312ff03bcb10bee0290dee |
| SHA256 | 4a56df95ecc87789700aa8f750b2d48dd9d52ac9dde87fbefa47fa51e6c67a58 |
| SHA512 | 00f9f32464570840c56ab65433ac25e9aa2ccdd7f36280504e5d165314234c5aae76eee85d8d9cc7132c9e95e8439da3d11b2e8dec1bee5379ee20e9e11d5436 |
Analysis: behavioral30
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-mipsel-20240611-en
Max time kernel
2s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh
[/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/bin/date
[date +%s]
/usr/bin/openssl
[openssl version]
/usr/bin/openssl
[openssl ecparam -name prime256v1 -genkey -out /dev/null]
/bin/grep
[grep -qF OpenSSL 3]
/usr/bin/openssl
[openssl version]
/bin/mkdir
[mkdir -p /var/lib/rancher/k3s/server/rotate-ca/tls/etcd]
/bin/mkdir
[mkdir -p .ca/certs]
/usr/bin/touch
[touch .ca/index]
/usr/bin/openssl
[openssl rand -hex 8]
/bin/rm
[rm -rf .ca]
Network
Files
/var/lib/rancher/k3s/server/rotate-ca/tls/.ca/serial
| MD5 | fea630916eaf526dabead4ee3f1b8c20 |
| SHA1 | 438434c835cb5bb447a77f3d79284844fb0172c3 |
| SHA256 | 9349c597c22478ab21c8d62e461f633239e636993371f0a3de0a4647f11a927c |
| SHA512 | da9058cfadd5989813877e77cd5a579d465df1cd9a0bc2960a4ce8147a878e0d4c8a437183a5e889ea4a637c88616b373d911bf85d2ac4c618b6ce03bc134ed6 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:14
Platform
win7-20240708-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\droneignore_auto_file\ | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.droneignore\ = "droneignore_auto_file" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\droneignore_auto_file\shell\Read | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\droneignore_auto_file\shell | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\droneignore_auto_file | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.droneignore | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\droneignore_auto_file\shell\Read\command | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\droneignore_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2876 wrote to memory of 2788 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2876 wrote to memory of 2788 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2876 wrote to memory of 2788 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2788 wrote to memory of 2692 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2788 wrote to memory of 2692 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2788 wrote to memory of 2692 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2788 wrote to memory of 2692 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.droneignore
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\k3s-master\.droneignore
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\k3s-master\.droneignore"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | 51b27ae8d16c8b99840a8e49044c221b |
| SHA1 | 72876017d1d74db6519b4f6d5e59a4c245ac2726 |
| SHA256 | 4bb54c800821dc38f66a18ec8e4688ee014d2c0ed25dfd2f4e03d21633f0da11 |
| SHA512 | 1ffcee3a9ed586f5935374cb3ebfe6887cc63080895b07b27e64fa94a25c381e38a04cd65bec3f67ad5f216b202669cbf5a93207c64e9b832384a4cc62344477 |
Analysis: behavioral13
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-mipsbe-20240611-en
Max time kernel
16s
Command Line
Signatures
Reads list of loaded kernel modules
| Description | Indicator | Process | Target |
| File opened for reading | /proc/modules | /sbin/lsmod | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/free | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/module/cirrus | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ext4/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/uhci_hcd/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/stahp/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sysimgblt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ip_tables/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ext4/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crc16/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crc16 | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/usbhid/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ttm/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ecb | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/e1000 | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sysfillrect/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ip_tables/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/drm/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/fscrypto/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sr_mod | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/i2c_piix4/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sg/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/drm_kms_helper/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/jbd2/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/mbcache/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/i2c_piix4 | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/evdev/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ehci_hcd/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ata_piix | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ata_piix/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ttm | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/cirrus/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crc32c_generic/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sr_mod/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/i2c_core/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/e1000/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/stahp | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/mbcache/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ata_generic/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/uhci_hcd/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ehci_pci/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ehci_pci/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/joydev | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/autofs4/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ext4 | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/hid_generic/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/drm_kms_helper | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/usb_common/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/x_tables/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/x_tables | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/joydev/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/evdev/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sg/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/drm | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/syscopyarea/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/syscopyarea | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/fscrypto/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/fscrypto | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/cdrom | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crc32c_generic/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/hid/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ehci_hcd/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/drm/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/mbcache | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/hid/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/e1000/holders | /sbin/lsmod | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/maps | /usr/bin/awk | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/free | N/A |
| File opened for reading | /proc/cmdline | /sbin/lsmod | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/stat | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/free | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /usr/bin/free | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/stat | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/cgroup | /tmp/k3s-master/contrib/util/check-config.sh | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/awk | N/A |
| File opened for reading | /proc/sys/kernel/keys/root_maxkeys | /bin/cat | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/id | N/A |
| File opened for reading | /proc/cmdline | /sbin/modprobe | N/A |
| File opened for reading | /proc/sys/kernel/keys/root_maxkeys | /bin/cat | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
Processes
/tmp/k3s-master/contrib/util/check-config.sh
[/tmp/k3s-master/contrib/util/check-config.sh]
/bin/uname
[uname -r]
/usr/bin/dirname
[dirname /tmp/k3s-master/contrib/util/check-config.sh]
/bin/cat
[cat /sys/kernel/security/apparmor/profiles]
/bin/grep
[grep -q zgrep (enforce)]
/bin/uname
[uname -r]
/usr/bin/tr
[tr \n :]
/bin/grep
[grep -v -E ^/tmp/k3s-master/contrib/util$]
/usr/bin/tr
[tr : \n]
/sbin/iptables
[/sbin/iptables --version]
/usr/bin/awk
[awk { print $2 }]
/usr/bin/dirname
[dirname /sbin/iptables]
/bin/grep
[grep -v -q -E ^v[0-9]]
/usr/bin/head
[head -n 1]
/usr/bin/sort
[sort -V]
/usr/bin/awk
[awk { print $2 }]
/bin/grep
[grep -i ^swap:]
/usr/bin/free
[free]
/bin/grep
[grep -q -E ^10\.(42|43)\.]
/bin/grep
[grep -v cni0]
/sbin/ip
[ip route]
/bin/cat
[cat /proc/sys/kernel/keys/root_maxkeys]
/bin/cat
[cat /proc/sys/kernel/keys/root_maxkeys]
/usr/bin/id
[id -u]
/bin/grep
[grep -q configs]
/sbin/lsmod
[lsmod]
/sbin/modprobe
[modprobe configs]
/bin/zcat
[zcat /boot/config-4.9.0-13-4kc-malta]
/bin/gzip
[gzip -cd /boot/config-4.9.0-13-4kc-malta]
/usr/bin/stat
[stat --file-system --format=%t /sys/fs/cgroup]
/usr/bin/stat
[stat --file-system --format=%t /sys/fs/cgroup/unified]
/bin/grep
[grep -Ec (^|:)(cpuset|memory)($|:)]
/usr/bin/tr
[tr -s \n]
/bin/cat
[cat /sys/module/apparmor/parameters/enabled]
/bin/grep
[grep CONFIG_NAMESPACES=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NET_NS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_PID_NS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IPC_NS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_UTS_NS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUPS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_PIDS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_CPUACCT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_DEVICE=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_FREEZER=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_SCHED=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CPUSETS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_MEMCG=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_KEYS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_VETH=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_VETH=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_BRIDGE=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_BRIDGE=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_BRIDGE_NETFILTER=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_BRIDGE_NETFILTER=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_FILTER=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_FILTER=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_TARGET_MASQUERADE=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_TARGET_MASQUERADE=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_TARGET_REJECT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_TARGET_REJECT=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_IPVS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_IPVS=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_COMMENT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_COMMENT=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_NAT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_NAT=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NF_NAT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NF_NAT=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_POSIX_MQUEUE=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_USER_NS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep -q -E ^(centos|rhel)$]
/bin/grep
[grep CONFIG_SECCOMP=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_BLK_CGROUP=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_BLK_DEV_THROTTLING=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_PERF=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_HUGETLB=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_HUGETLB=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NET_CLS_CGROUP=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NET_CLS_CGROUP=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_NET_PRIO=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CFS_BANDWIDTH=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_FAIR_GROUP_SCHED=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_RT_GROUP_SCHED=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_RT_GROUP_SCHED=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_TARGET_REDIRECT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_TARGET_REDIRECT=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_SET=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_SET=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_VS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_VS=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_VS_NFCT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_VS_PROTO_TCP=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_VS_PROTO_UDP=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_VS_RR=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_VS_RR=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_EXT4_FS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_EXT4_FS=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_EXT4_FS_POSIX_ACL=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_EXT4_FS_SECURITY=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_EXT4_FS=[y|m] /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_EXT4_FS_POSIX_ACL=[y|m] /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_EXT4_FS_SECURITY=[y|m] /boot/config-4.9.0-13-4kc-malta]
/bin/sed
[sed s/^/ /]
/bin/grep
[grep CONFIG_VXLAN=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_VXLAN=m /boot/config-4.9.0-13-4kc-malta]
/bin/sed
[sed s/^/ /]
/bin/grep
[grep CONFIG_CRYPTO=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_AEAD=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_AEAD=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_GCM=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_GCM=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_SEQIV=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_SEQIV=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_GHASH=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_GHASH=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_XFRM=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_XFRM_USER=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_XFRM_USER=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_XFRM_ALGO=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_XFRM_ALGO=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_INET_ESP=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_INET_ESP=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_INET_XFRM_MODE_TRANSPORT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_INET_XFRM_MODE_TRANSPORT=m /boot/config-4.9.0-13-4kc-malta]
/bin/sed
[sed s/^/ /]
/bin/grep
[grep CONFIG_OVERLAY_FS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_OVERLAY_FS=m /boot/config-4.9.0-13-4kc-malta]
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:14
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
128s
Command Line
Signatures
Enumerates running processes
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /bin/ps | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/pgrep | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/1341/stat | /bin/ps | N/A |
| File opened for reading | /proc/1371/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/dev/cdrom/autoeject | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/core/netdev_max_backlog | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/default/accept_ra | /sbin/sysctl | N/A |
| File opened for reading | /proc/602/status | /bin/ps | N/A |
| File opened for reading | /proc/908/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/lo/disable_xfrm | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/netfilter/nf_log/7 | /sbin/sysctl | N/A |
| File opened for reading | /proc/23/status | /bin/ps | N/A |
| File opened for reading | /proc/161/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/165/status | /bin/ps | N/A |
| File opened for reading | /proc/sys/kernel/pty/reserve | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/ens3/arp_announce | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/lo/accept_ra_mtu | /sbin/sysctl | N/A |
| File opened for reading | /proc/1151/status | /bin/ps | N/A |
| File opened for reading | /proc/1247/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/4/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/fs/protected_hardlinks | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/kernel/perf_event_max_contexts_per_stack | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/neigh/ens3/mcast_solicit | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/netfilter/nf_log/6 | /sbin/sysctl | N/A |
| File opened for reading | /proc/204/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/1341/status | /bin/ps | N/A |
| File opened for reading | /proc/673/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/fs/binfmt_misc | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/fs/mqueue/msgsize_default | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/kernel/max_lock_depth | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/max_dst_opts_number | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/tcp_rfc1337 | /sbin/sysctl | N/A |
| File opened for reading | /proc/12/stat | /bin/ps | N/A |
| File opened for reading | /proc/25/status | /bin/ps | N/A |
| File opened for reading | /proc/640/stat | /bin/ps | N/A |
| File opened for reading | /proc/159/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/kernel/randomize_va_space | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/all/router_solicitation_interval | /sbin/sysctl | N/A |
| File opened for reading | /proc/161/stat | /bin/ps | N/A |
| File opened for reading | /proc/178/stat | /bin/ps | N/A |
| File opened for reading | /proc/sys/fs/inotify | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/ens3/dad_transmits | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/max_hbh_opts_number | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/tcp_base_mss | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/all/accept_ra_mtu | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/ip6frag_secret_interval | /sbin/sysctl | N/A |
| File opened for reading | /proc/10/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/1018/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/kernel/unprivileged_bpf_disabled | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/lo/accept_redirects | /sbin/sysctl | N/A |
| File opened for reading | /proc/1113/status | /bin/ps | N/A |
| File opened for reading | /proc/1305/stat | /bin/ps | N/A |
| File opened for reading | /proc/1316/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/sys/net/ipv6/neigh/default/locktime | /sbin/sysctl | N/A |
| File opened for reading | /proc/946/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/954/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/1004/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/kernel/acpi_video_flags | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/all/disable_ipv6 | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/ens3/temp_prefered_lft | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/idgen_retries | /sbin/sysctl | N/A |
| File opened for reading | /proc/170/status | /bin/ps | N/A |
| File opened for reading | /proc/sys/kernel/bootloader_version | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/route/gc_elasticity | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/bindv6only | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/neigh/lo/delay_first_probe_time | /sbin/sysctl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-getcontexts.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-currentcontext.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-S.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-version.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/id.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-clusterinfo-dump.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-services-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/sysctl-a.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ps-uax.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/mount.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/df-h.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/lsof-n-P-p.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-L.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-S.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-daemonset-allnamespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/uname-a.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/id.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-deployments-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-L.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-getcontexts.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-getcontexts.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/sh-thd.rWE0Sc | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/dmesg.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-ln.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-replicaset-allnamespaces.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-ln.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-get-nodes.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-get-nodes.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-deployments-allnamespaces.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-deployments-allnamespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-storageclass,pv,pvc.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ps-uax.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/hostname-f.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/command-v-kubectl.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-version.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-currentcontext.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-storageclass,pv,pvc.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-ln.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/lsof-n-P-p.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-L.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-currentcontext.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-clusterinfo-dump.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-storageclass,pv,pvc.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/df-h.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-nr.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-services-allnamespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/mount.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-nodes.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-checkconfig.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/command-v-kubectl.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-get-namespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-pods-allnamespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-replicaset-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ifconfig-a.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-nr.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/mount.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ifconfig-a.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-version.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-nodes.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-pods-allnamespaces.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/uname-a.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ps-uax.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/command-v-kubectl.err.txt | /bin/bash | N/A |
Processes
/tmp/k3s-master/contrib/util/diagnostics.sh
[/tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/bin/id
[id -u]
/usr/bin/uuidgen
[uuidgen]
/usr/bin/tr
[tr [:lower:] [:upper:]]
/bin/mktemp
[mktemp -d /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-XXXXXXXX]
/bin/readlink
[readlink -m /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe]
/bin/mkdir
[mkdir -p /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system]
/bin/cp
[cp --recursive --dereference /etc/os-release /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/_etc_os-release]
/sbin/sysctl
[sysctl -a]
/bin/uname
[uname -a]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/uname-a.err.txt]
/bin/ps
[ps uax]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ps-uax.err.txt]
/bin/dmesg
[dmesg]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/dmesg.err.txt]
/usr/bin/id
[id]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/id.err.txt]
/bin/mount
[mount]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/mount.err.txt]
/bin/df
[df -h]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/df-h.err.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ifconfig-a.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-ln.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-nr.txt]
/usr/bin/pgrep
[pgrep -o k3s]
/usr/bin/lsof
[lsof -n -P -p]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/lsof-n-P-p.txt]
/sbin/iptables
[iptables -L]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-L.err.txt]
/sbin/iptables
[iptables -S]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-S.err.txt]
/bin/hostname
[hostname -f]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/hostname-f.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/hostname-f.err.txt]
/bin/mkdir
[mkdir -p /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-version.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-checkconfig.txt]
/bin/grep
[grep k3s]
/bin/journalctl
[journalctl --field _SYSTEMD_UNIT]
/bin/mkdir
[mkdir -p /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/command-v-kubectl.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/command-v-kubectl.err.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-version.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-getcontexts.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-currentcontext.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-clusterinfo-dump.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-get-namespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-get-nodes.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-nodes.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-pods-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-services-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-daemonset-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-deployments-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-replicaset-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-storageclass,pv,pvc.txt]
/usr/bin/tr
[tr [:lower:] [:upper:]]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| GB | 195.181.164.19:443 | tcp |
Files
/tmp/sh-thd.3bWl4U
| MD5 | 2f9f7a387067d66ef472ade39c1099b7 |
| SHA1 | fb760b0e11e5a1011b8dff277a6b091df32a6839 |
| SHA256 | 4dc7e65cd13415aa95a20264d6715f55e20b46608ec08ffaeeffc86ce5588f3e |
| SHA512 | 9f587b903464208295fdd88b7e854a4d57b5090ff394c20c584b57094d3899973dcb727904fdcc25c329f915e32510ae33b3f1e19b5696125cf89ff24d03e38a |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/_etc_os-release
| MD5 | 9cbe7d944bec1c0dcfd977e32ac2b18a |
| SHA1 | cdd5c72107902a0ebc06493db4c9c51d6ede9089 |
| SHA256 | eeaa349960c12eef8d881631770fc37d3495bf7ed35b7ac9c0bdc61d20f00bcf |
| SHA512 | b1511873f59f6ea2818c0bff8ef3a557586d60c428589eeac3ecc12a68c0b117b084654a239d216efcfbdab4e855648d1e19aaca14f6c3a3eec256e9be69398c |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/sysctl-a.cmd.txt
| MD5 | 65a913226117e10569f47210ba5cc9e4 |
| SHA1 | c958c77311ef8ea7767c0c6e8ad1645eebd9394a |
| SHA256 | 4ea6aada74971199ecb08b13fbe3add985765a673bb8ec2c9ed7f488ab8ca21c |
| SHA512 | 914ae3d1e97baffa38a84f0bf45e92d77ebada3ad4779e1669696231450825f7f9f989e48fe1bd17b861f1d8ddd763749673cc6ba8041c194b7689c477227cee |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/sysctl-a.err.txt
| MD5 | 998c698678479a14f306d62c9a10909a |
| SHA1 | 9a24e1ba03fae905eb3cadd7a51f1d7dde6a8947 |
| SHA256 | ef39ddbd3181e307c65670a529243b236597a80b29796b74beb47d884d5d8d3c |
| SHA512 | c76b5fda05eae3ea6d08452cefd927c1b42dacce54dfbb9eac9da4071e515e6c45025b1351941d09a6f5913ce2b20289ad90483fe7f94aa3723117fe3eb817e1 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/uname-a.cmd.txt
| MD5 | 6d03a4bce238ab72e1efd760a9d7d22d |
| SHA1 | 39a250e1c093ecfcd2473e71716ba65b37940e21 |
| SHA256 | a5c41ad2a873e7904cb35754bf57108df0b72d5939ba9d9b0a8250affda6285d |
| SHA512 | 28caf42ce66c25c8cea394de5f845490221cc7824c4689ad56cd85ccea4a1e0631ae70870be1a5b36e9fdea88ee069198ea21f839c20434f0c996e09b8a7bd3a |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ps-uax.cmd.txt
| MD5 | 691b561deef6ef64e778e28766cedbf4 |
| SHA1 | deecfe74e77f32702af64f7d98f7976bebed926c |
| SHA256 | 9a262237c8fdccc327d5fa407fc6ed67125f5c10d6cfa893fd844fc449b0b0f6 |
| SHA512 | e9b4dc23441e6723af8e68b3835046bcdd973e157736d610f3691f85fe00ebe71b75bc4dd6a54516b53e9a2ed0e3a248b12344733fb07262ada5b1856cbefb70 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/dmesg.cmd.txt
| MD5 | 5e586b12552daf93c7af22dccbbf673b |
| SHA1 | 87b5100b995abbc509d56fbc2f21a5e36f31e19d |
| SHA256 | ecdd46797ccbbd216430279b15b436d2ed9f0afa18d3115f7cb21d88d7c7f227 |
| SHA512 | cad46c0ec64a9fd7860343b2703ad98dc5aa0231b8a08af5af34fbd44f8730f313c2f25dd81273b2e3e3c62af69dc11fed051036b6f2fb4e41c91ecb870fca88 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/id.cmd.txt
| MD5 | 49f96038f20aa062772267b640a18d79 |
| SHA1 | d5c07425675ba6682d89278ed8616a88d49af0a2 |
| SHA256 | 984a644ec3b56d32b0404777e1eb73390c4b0742a6a0e183f07861056b6746de |
| SHA512 | 2236c2c538189f24d1e9334832ac9db9df3c141bb98af9cd5c6a3ec5ade393a5a573f682953ee2dbff9aaa96bbecc0726deaeee962cd070ed44d183130c7408a |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/mount.cmd.txt
| MD5 | d8019401b7e42876fd36020a04c3bf2c |
| SHA1 | 49e9151a32ea1ffc9b3c50c0d8711575fde1aebe |
| SHA256 | c29c742d06751d4f0189151a5eb8df519779a56b90701230c359d9de849914ad |
| SHA512 | 6c549cdea03de6c868080cc301c38948fcedfcb96e0ade3881321e8d6fe2c59f97b73d2b44fc5016cb3a15194a84357d7176da5e6ed5586b193dd9fc7a0ee084 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/df-h.cmd.txt
| MD5 | 69a238d8cb3c5f979252010b3299e524 |
| SHA1 | c989bd551bfa8c755f6cacacb90c5c509432110e |
| SHA256 | 3242baedf369c64515b1cb0c47ea519e0e5c71911d863ff0e41d4ae9426fcd97 |
| SHA512 | ef99d9670cccbd6edfe26c74a13567360cc7f22ee507d68f5e3eceb6c0891689321397c56ddddf8ea942990f72d8276827277b2c1c8213f0c244ce94d286840a |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ifconfig-a.cmd.txt
| MD5 | af9af3cccdf311f8c81f08e97e8d0aa0 |
| SHA1 | 93ed74c2d1ab654206a6ff50c8b0955901fed699 |
| SHA256 | 235a86b5220bd41c03dc776f96f1dc95806e7a0579ffd4126afda0eda33b7186 |
| SHA512 | 61293697a81ef554d494e9a0219a50dfa9ec2a1658c38e60c1cdbc2c382128faa24a9d9e1f0d871df50a82e16190262e9a83db1372ca324ca625b48b9380de1a |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/ifconfig-a.err.txt
| MD5 | 2205dea4d61a6d56f12580a91bf88ebd |
| SHA1 | ea5c2d483ac5600ab9650a15fd5a6cc1abeaef4b |
| SHA256 | 96de101f770c28472d203a7c2f0588f76125e56963adc253315ecf7e5362d57b |
| SHA512 | 894c76524767d0ed7b890961a8a85582024f61bfc7382c62b42a89b172fa1b3f4cb907517c836838aa76b3ebb9e86838fa24e3029cffaa92e8779f950fb90238 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-ln.cmd.txt
| MD5 | 34b0eb93562d163c0421d090e1af127a |
| SHA1 | a92fd8952b3f7e38e9473507eb5118379762259b |
| SHA256 | 6aa3e31d3a1e7c3ad12f70971de5bd17ccd04c42150acb6dcee0366966e4efde |
| SHA512 | 3d600a185c170ef42990bef49d5d0fe7cab5b9b523d06f88b3b93900042a5c59dbe3761daf1c5937846d6cb0c2a854ed3d288a5f14bf86e2a4809222c151b98b |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-ln.err.txt
| MD5 | a01d8d19ee83ee3b9e3aa93994adeac1 |
| SHA1 | e8d2614ca92e7bf98a77bd9a665e4c90666d9ea9 |
| SHA256 | 67dd27625b828ba9afc4e1660cb7ceacaaa1c0c53d1f012092d7634b477caf83 |
| SHA512 | 852baf4d57d0e566306afbd95e048b579e037436e58df90fd7fffa231c1ce6f35364f19a8463c8e72e189abbafa0d6e2ce0cd63e5fc14fc6923f23bfa86d50a7 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/netstat-nr.cmd.txt
| MD5 | f91997b53c5bb88b78adbc7c6045acfa |
| SHA1 | 76d0d0b39dd17bf89516ca246e273aaad204f306 |
| SHA256 | 69db1fee62f367e4c5c5662955fe1960e638605415869851b82bdb9cb0097176 |
| SHA512 | f7bf633b9542a935188a2527075243a72846ebbe18079103035e141571225ecfb5cc7d2647044b89fe2bd6b849c30c41ffda4608fd23886765f34970d3271c5e |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/lsof-n-P-p.cmd.txt
| MD5 | 3b97c34d2930b286446fe0e3c0a3992f |
| SHA1 | 8ade115cded46e67fdbf533d6b28ed0965f5e9e5 |
| SHA256 | 76e39d40cc0973fa69f2968eb13060976f5d9a11e070f9b74b8614086c35d99f |
| SHA512 | d961289fc6ab8e72344b0be929ad8abb327d897c3fe19c84fa92e9530dec3ec80e1706711e4c8104c1cc44f7c7b81f591e9d26ef0df293983dbf9005c312f285 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/lsof-n-P-p.err.txt
| MD5 | 70e183ee583af9a8139f28ac7ba22500 |
| SHA1 | df8c20819ae486a82efbf37eec2963cd1d150f54 |
| SHA256 | 445b6644112e930e0cdcc6a8f98fa7c60f1e8727ae50964d65dbe05f59cb8348 |
| SHA512 | 6e5624ae0020f9e4ec5d57744a3495b46ae52417ccd8cd5e36a4e510fddd72c0e06cd07917128854c8b7c888faa05191dc0f14df13dc5ae82a3cb63f11769568 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-L.cmd.txt
| MD5 | 434489814c5c403c06037f82f9e9a264 |
| SHA1 | 47b6cbb7c23e2c02ce89a10ea2df3cb17c8c98aa |
| SHA256 | 46da7b1e98fcbc799e2dbe3d5e347476ae1d85818364a70c822add53a488ea46 |
| SHA512 | ca0cd8a62be26f5c4a511795ca5a66705f30d78bdff1405e5ad451c2cbb5b4f102334afa9cf956b80f6e36868608a67c0888d34012e8d7140cb2d6402b8f42ca |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/iptables-S.cmd.txt
| MD5 | 3b4ee7611e467391ba258b42f691fc34 |
| SHA1 | 8f442990dd87f47f59bb91e5f45563e191e4e3dd |
| SHA256 | 42129453f7b3b970155c3acaea97965f29694fc7dabd544cdfbde2ad5463348a |
| SHA512 | cfb660bc6c96f7a98e445bd9e0b7f40ebe2c7490351bac2c8a6d3a00a4e1d97ffc5a199e4d399b90b7ef4baf3b3b1468d017afe14004edb2340d23f6aafd17e8 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/system/hostname-f.cmd.txt
| MD5 | 01c771b88df59ada175c1653db8bea99 |
| SHA1 | e21d64f4f91b700f4ce8d9e65bb2806df96e5d55 |
| SHA256 | 80cfa79f1c72e35ea11dea69762c2bbc0f11c683cd8ef840996ede660d69c04a |
| SHA512 | 15f11c20166742cbce33caf92482e2f0b96378f4a4ba17740ab7066511206ef3012ad132934108bbbc98b02c672d6b4348d80b011bbf862624148bdf2860cc54 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-version.cmd.txt
| MD5 | 2f314c074a46fcfbf6f5f13a4ea2a6be |
| SHA1 | 650ecc8d90046edc71609c5b0a5491bcb7bf4f51 |
| SHA256 | ee0d9f93c2b132ac9bbaa7226439ee9e6127425bdf75e630ac894fb85d439bf2 |
| SHA512 | a9d1270bbff5f0756a122c32727be732b412a31fb7d4310eaecc93f00d46239d003eeca9032779d35bfa1992e6104342ac082c561e79217cf3775606d4462637 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-version.err.txt
| MD5 | 2f821ac970317a5954f9e4b78a508e63 |
| SHA1 | c82324b92ad1f492221cb9203171d87a74182b38 |
| SHA256 | 6d5a1ded372e8240ae92ab10faa113f4300bc4ad68ba6c9cac7fa7f969dff93d |
| SHA512 | c10c8a1dce6a09cf1bb0acd99c808939c472f92a3d14ecbc5bbd6f15e2bd53036c627542a2f9a959bd23f3b6036bc5e530bf2e96a7705e468496b90f0b1e009d |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/k3s/k3s-checkconfig.cmd.txt
| MD5 | 3fc4a3e73307f2a04a4901a2d7f65c48 |
| SHA1 | 4063beda5c8cf430d48c87fa1a6a68ddbb93c20c |
| SHA256 | 26f41d1fb3bfccae59379f6a945a348ee951aa4cb6d63ded1b2a7fe51990a570 |
| SHA512 | 1fc1804eca455263001c23e92dea1cae8fdec88797ff7cf5fecc0943a5c4473e9785300d4570a52e9afa83485c4cfc7541d3c3acf8abb83f7a9b3d18143a5f83 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/command-v-kubectl.cmd.txt
| MD5 | ae1741b49f8cb260295757450f4e940c |
| SHA1 | 4ddff8d1a4d241d916647c3416993c2b71d4f08f |
| SHA256 | 5249dea92706d039a3d9c4e7858f4c89b59cde4e0b9295a84b9043e9d73fca9c |
| SHA512 | 8dd4a19c58288396d5d3417c4537197bae3cb3536b608870cb15d9b8fec4ba3bf8f2cc60cad2a8c9023228b2e0df42d59d51890d052ce2b7697d76fb32719e44 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-version.cmd.txt
| MD5 | 96275629f4d50cacc031d9fff056ce0c |
| SHA1 | b47a3521d57e3e86b368994e24075ecee3dd82e7 |
| SHA256 | c49de28b5ecf8b3ddef8ac49737f3870a2b35b77e27b43ec6c8551ed62fd5b15 |
| SHA512 | e0187e7e3bc98aac93fa71c4dc674c54a8325b0454cf64a1b10ff335084d246c414698ac7a293a463de78d30537e92afc9678c8b3951730d2fe1080dfefd8f62 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-version.err.txt
| MD5 | 2b6011e00005a20f051a13323fe2eff0 |
| SHA1 | 7bbc836e615dbd816abad1086e8c75242f84f6a8 |
| SHA256 | 09afb740ea2b3de3ebd36d564f4a9ac8f0214f39efcf027617818054ea845511 |
| SHA512 | 934b95dc713d5c028d099c7c434cbb50707771a875b868a3698de2e131f0801633a7a35700d3207735bb6ce22df323448ca221cf21b1f2ea29775ce114fb4b07 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-getcontexts.cmd.txt
| MD5 | 654e808e4ffd2d97f7e608045cfb16a5 |
| SHA1 | e95666ee9b61a08e754d914115808feffb985760 |
| SHA256 | 424d24f21990aa6c59e6f781f0b25e21f48d31697c53e057aa698e20324b497a |
| SHA512 | 69252aa13b6f9231b8337b71bcd88b8b7bedd6cb4ce9bd912d34fa1c1327e07371385398ccbd3dbc71da2f768f6285a3f77a9e05368b2fb0fa22d1f3c7b22a27 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-config-currentcontext.cmd.txt
| MD5 | 3f76b376d8dc2e1a52eeabb0c3830887 |
| SHA1 | 5f85fa92c2bbe97609a2ba048a8767bf281d0f7a |
| SHA256 | 09ff9097f11f5a67fff70dbec7bfa87df7f2187ee5c029a2c90d6c208bfbbee3 |
| SHA512 | 1f38033692606a45b15c347494db53b5ae9dbeff6b0898ab9d3e1395c659ec077b21b96127db314387fde40e13c92b820d823e3df7e4363ab92db346f0b798fb |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-clusterinfo-dump.cmd.txt
| MD5 | 6fbf190b03be40ae5f8ec36154c72514 |
| SHA1 | c4a49be9f3d7276f30078ed1a7d14f2c40bef3cd |
| SHA256 | 264c0da3f3425bcbbe165df2fea3ec2e3dfc0727e7352510c5ab9cbefbfafcb0 |
| SHA512 | b460c1d6f32a83ac133690712c359bfe911da14058d90454c2f80386133d35134d9d9fe60ff550ba92dd6101040e46c750edc36e5e4fad50b565b08ad6585f77 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-get-namespaces.cmd.txt
| MD5 | 542e77fcb4b18534f77121a54cc98085 |
| SHA1 | de02b14b99fc69c48befc21fb98c3ada7bac2e04 |
| SHA256 | c485003651d2468a3c16c762765bd746e6f08d47d22960eb2fe9323a2fd663da |
| SHA512 | df578273d33501fe0cbb6bd471e42f02e62b52ec7beeb60889b95a052dc5a8af2068025cdd670110de7679468e83c10dc96d571943ce1e3a77c73d4543ff0333 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-get-nodes.cmd.txt
| MD5 | 3fc130b3e6ef3ca21bc420868d5b580c |
| SHA1 | 3e4537d06a2cdd870d039bf2ab61b1409e74b0b0 |
| SHA256 | e53bbc0cbc3e768a07a8efff68520cf45d2f49e83c9f26ed5aa8d6343af84150 |
| SHA512 | b80f2d773d0b7572dfffa81f52192a218fd6e5a0aba199625f82843d6661b407faa111017b0ed4e66a4dde63c1662b2231e71c4e84fdc6effbdba7b380c008aa |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-nodes.cmd.txt
| MD5 | d16eebb25c9302a1cdf34bdcf7c936ed |
| SHA1 | 7d5398e18b6c0b768ec40a22cbd56971998a9544 |
| SHA256 | e8a1ed5c0ed31fa8e9ae1aff89e1d54e5aa18170f8df1dbf103e7a6861394d29 |
| SHA512 | d9ecc8b01af11a95b295a2517bd1d37e3d253c577a2a0434fa965d8f7772494abfa3aafa73cf19bd476cb46682422d4d9253818f72cbff26cc75789d5cb5ef63 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-pods-allnamespaces.cmd.txt
| MD5 | c863f288967d132b29784e4401b58512 |
| SHA1 | 02ae31e412ff27b9f16b82c1157ad9c9835ed333 |
| SHA256 | 2cf64ab9440bbac91a1ea61888b59f6b97dd0e5adeca729ea8a35429888a2623 |
| SHA512 | 2c5b6ee9e0577f07ef7b3daaf91f1188f58ef2d0d6b971978f4ccec8bae07718879f8cf972a0b7d6aa01e70b28fe2c4ec9427bb7bfe4182fa2693a79a4de696b |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-services-allnamespaces.cmd.txt
| MD5 | 6eca4cf5ebd52f8c2e05e548d720c96b |
| SHA1 | ca48ca8abc3a2cae6a3d4937cca6f78977c39e78 |
| SHA256 | fdf148fcabcf78973dca2ac6687d01116bd2e33715b451441cc01123e74b6d84 |
| SHA512 | d4ce17bc6c1bf1b8376c16e84450bb91a001c28d51aa4d701670f28ada0577c607492c265d8f05bc614c171477dc91406dc0002071a34e6ba4b9f7bcd282b962 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt
| MD5 | c8132922440ccf9c50ff06d65205abd7 |
| SHA1 | 096ed9504bed6655fe7fb7ff1035af007416fc32 |
| SHA256 | 362103778c695feeec811d59a43290d5ee4e0df2ab1fbc3ff00758faf85eb8a4 |
| SHA512 | ee60150b145acbb81694022e3da9de1f105bf483ed4bbdd522f7f9a2b521c4d103412f8e5b53ac2f787804c1ff111ef57a6fda3c199bc4e7c683391c75748b27 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-deployments-allnamespaces.cmd.txt
| MD5 | 3631db57279a5dc45dce19137d1c8026 |
| SHA1 | ccdb8306f79869356d536fdf6edd5d99c3f71978 |
| SHA256 | bd6e8a341d59c7a49d9de9d1c8265d6f0885b4d14eabdc8fbe219b75b7846d86 |
| SHA512 | 23bd0a920543de4d8e82d8b9515f591aa6a2729055e5b6ef2ba1a1249260dedf41948cea4e24c5573ece57d23672725f0e45e28c64b7dc83458c0764ce5f755d |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-replicaset-allnamespaces.cmd.txt
| MD5 | 0d6930d59e8d0fc4648b1c170caf1909 |
| SHA1 | d887818f29e86139b6cd482577d051c6d4d6d548 |
| SHA256 | 6a5e42de63285374c442ec79ada7080ab41bae85438f4adfd95913916d14ba57 |
| SHA512 | 62216eec2f04bdfc0ab69a5c00ec8246ab28f1d6f0164764bf1dd17d2461b5ddce4e632af1af07ff5865fb08e0e09390b18c0bbfa7ead48575e5ad0d81ba7133 |
/tmp/k3s-diagnostics-2A267F50-80C4-49D6-AB15-609E9DE1DD2A-7xJBBbhe/kube/kubectl-describe-storageclass,pv,pvc.cmd.txt
| MD5 | 3c44ff5f7437e2e9ee9bfc27b7239ef8 |
| SHA1 | 51bf4232870c2a38a6fd0240bf18d0fbd5b11458 |
| SHA256 | 643633049e2e90205e3c8841019ba822cd651134021b7d8f1b03f2a8be3ca3ea |
| SHA512 | 6c9a23be940cd980415f9c0118f8156cdf94b3d20b17b8fb95e4da1b8e4f5f517dc4f2eb4727a6fb97c74e50f965fab4f9a7ca9d8f398ba7111170343b1a0513 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:14
Platform
win10v2004-20240709-en
Max time kernel
95s
Max time network
101s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.dockerignore
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:14
Platform
win10v2004-20240709-en
Max time kernel
93s
Max time network
95s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.github\.codecov.yml
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/ls | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/xargs | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/sh-thd.c9UIq0 | /bin/bash | N/A |
Processes
/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh
[/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/bin/date
[date +%s]
/usr/bin/openssl
[openssl version]
/usr/bin/openssl
[openssl ecparam -name prime256v1 -genkey -noout -out /dev/null]
/bin/grep
[grep -qF OpenSSL 3]
/usr/bin/openssl
[openssl version]
/bin/mkdir
[mkdir -p /var/lib/rancher/k3s/server/tls/etcd]
/bin/mkdir
[mkdir -p .ca/certs]
/usr/bin/touch
[touch .ca/index]
/usr/bin/openssl
[openssl rand -hex 8]
/bin/cat
[cat]
/usr/bin/openssl
[openssl genrsa -out service.key 2048]
/usr/bin/openssl
[openssl genrsa -out root-ca.key 4096]
/usr/bin/openssl
[openssl req -x509 -new -nodes -sha256 -days 7300 -subj /CN=k3s-root-ca@1721013164 -key root-ca.key -out root-ca.pem -config .ca/config -extensions v3_ca]
/bin/cat
[cat root-ca.pem]
/usr/bin/openssl
[openssl genrsa -out intermediate-ca.key 4096]
/usr/bin/openssl
[openssl ca -batch -notext -days 3700 -in /dev/stdin -out intermediate-ca.pem -keyfile root-ca.key -cert root-ca.pem -config .ca/config -extensions v3_ca]
/usr/bin/openssl
[openssl req -new -nodes -subj /CN=k3s-intermediate-ca@1721013164 -key intermediate-ca.key]
/bin/cat
[cat intermediate-ca.pem root-ca.pem]
/usr/bin/tr
[tr / -]
/usr/bin/openssl
[openssl ecparam -name prime256v1 -genkey -noout -out client-ca.key]
/usr/bin/openssl
[openssl ca -batch -notext -days 3700 -in /dev/stdin -out client-ca.pem -keyfile intermediate-ca.key -cert intermediate-ca.pem -config .ca/config -extensions v3_ca]
/usr/bin/openssl
[openssl req -new -nodes -subj /CN=k3s-client-ca@1721013164 -key client-ca.key]
/bin/cat
[cat client-ca.pem intermediate-ca.pem root-ca.pem]
/usr/bin/tr
[tr / -]
/usr/bin/openssl
[openssl ecparam -name prime256v1 -genkey -noout -out server-ca.key]
/usr/bin/openssl
[openssl ca -batch -notext -days 3700 -in /dev/stdin -out server-ca.pem -keyfile intermediate-ca.key -cert intermediate-ca.pem -config .ca/config -extensions v3_ca]
/usr/bin/openssl
[openssl req -new -nodes -subj /CN=k3s-server-ca@1721013164 -key server-ca.key]
/bin/cat
[cat server-ca.pem intermediate-ca.pem root-ca.pem]
/usr/bin/tr
[tr / -]
/usr/bin/openssl
[openssl ecparam -name prime256v1 -genkey -noout -out request-header-ca.key]
/usr/bin/openssl
[openssl ca -batch -notext -days 3700 -in /dev/stdin -out request-header-ca.pem -keyfile intermediate-ca.key -cert intermediate-ca.pem -config .ca/config -extensions v3_ca]
/usr/bin/openssl
[openssl req -new -nodes -subj /CN=k3s-request-header-ca@1721013164 -key request-header-ca.key]
/bin/cat
[cat request-header-ca.pem intermediate-ca.pem root-ca.pem]
/usr/bin/tr
[tr / -]
/usr/bin/openssl
[openssl ecparam -name prime256v1 -genkey -noout -out etcd/peer-ca.key]
/usr/bin/openssl
[openssl ca -batch -notext -days 3700 -in /dev/stdin -out etcd/peer-ca.pem -keyfile intermediate-ca.key -cert intermediate-ca.pem -config .ca/config -extensions v3_ca]
/usr/bin/openssl
[openssl req -new -nodes -subj /CN=k3s-etcd-peer-ca@1721013164 -key etcd/peer-ca.key]
/bin/cat
[cat etcd/peer-ca.pem intermediate-ca.pem root-ca.pem]
/usr/bin/tr
[tr / -]
/usr/bin/openssl
[openssl ecparam -name prime256v1 -genkey -noout -out etcd/server-ca.key]
/usr/bin/openssl
[openssl ca -batch -notext -days 3700 -in /dev/stdin -out etcd/server-ca.pem -keyfile intermediate-ca.key -cert intermediate-ca.pem -config .ca/config -extensions v3_ca]
/usr/bin/openssl
[openssl req -new -nodes -subj /CN=k3s-etcd-server-ca@1721013164 -key etcd/server-ca.key]
/bin/cat
[cat etcd/server-ca.pem intermediate-ca.pem root-ca.pem]
/usr/bin/xargs
[xargs -n1 echo -e \t]
/bin/ls
[ls /var/lib/rancher/k3s/server/tls/root-ca.crt /var/lib/rancher/k3s/server/tls/root-ca.key /var/lib/rancher/k3s/server/tls/root-ca.pem /var/lib/rancher/k3s/server/tls/intermediate-ca.crt /var/lib/rancher/k3s/server/tls/intermediate-ca.key /var/lib/rancher/k3s/server/tls/intermediate-ca.pem]
/usr/local/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.crt]
/usr/local/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.crt]
/usr/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.crt]
/usr/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.crt]
/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.crt]
/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.crt]
/usr/local/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.key]
/usr/local/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.key]
/usr/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.key]
/usr/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.key]
/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.key]
/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.key]
/usr/local/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.pem]
/usr/local/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.pem]
/usr/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.pem]
/usr/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.pem]
/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.pem]
/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/intermediate-ca.pem]
/usr/local/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.crt]
/usr/local/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.crt]
/usr/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.crt]
/usr/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.crt]
/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.crt]
/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.crt]
/usr/local/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.key]
/usr/local/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.key]
/usr/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.key]
/usr/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.key]
/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.key]
/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.key]
/usr/local/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.pem]
/usr/local/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.pem]
/usr/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.pem]
/usr/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.pem]
/sbin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.pem]
/bin/echo
[echo -e \t /var/lib/rancher/k3s/server/tls/root-ca.pem]
/bin/rm
[rm -rf .ca]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.129.91:443 | tcp | |
| GB | 89.187.167.2:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp |
Files
/var/lib/rancher/k3s/server/tls/.ca/serial
| MD5 | d3fb259ac527b75aaf0585debc1e4e2b |
| SHA1 | 0c7154a7c5843656d5b6382d0d451ff9e3c369c8 |
| SHA256 | 191f529f11b1a219533e07bf9a551a0f14b7fa45ba480ae9e1e617b1a455f7c5 |
| SHA512 | f4c42b5ae93a0079295d0b780cb682660b35c74bb77aa055465fd99c5731af4ec2ac77d5029fbdeb612f95f5618dcce4fb49cd4981428411fe498defb35091df |
/tmp/sh-thd.c9UIq0
| MD5 | 2844ba16b95991985d5f083c721ed963 |
| SHA1 | 31689af97980a7a4336c19fccf111649ba010611 |
| SHA256 | a24bcf5ef2dbe17f5be8b690a809aeb487965e09f55ce8bef52f2f83beea4ec3 |
| SHA512 | a9ee7ebbe1f59c6927044f2f115ff95dce99b370c88477a096abeb34c97b0f7392ac8dce304e93f4601c9f9b77339d412f04f7019dbc54851e39eed70672383d |
/var/lib/rancher/k3s/server/tls/service.key
| MD5 | ef89c8fa30ce36bab694d282c08408f7 |
| SHA1 | 4e89fd5eba17a768d52836dbfd4dc7505f369492 |
| SHA256 | c863c19213c32768f522a4fa0a3b6520a4ea88c190090966e48af5e727352af2 |
| SHA512 | 235f427f2a460aa3fa35ca985cf558c9c1f5fe5896fdb73acc2399feb9532717d71b7623cae43d787bb9bfc7a8f89481f1298600b7dd9a95a535ce571074bd05 |
/var/lib/rancher/k3s/server/tls/service.key
| MD5 | 67f37a182068055b8f1fcb4bb4bffe76 |
| SHA1 | bc821677bd238bc8f7bdb67d827df96498a7ad93 |
| SHA256 | 3f96001d261c01d32b6583a51ea5a9184e4646b73fe0838c0ab5207eab409e31 |
| SHA512 | bd074dc30b1ff5a82521bd0e347a6b228b5f39a84fd0c66650d0b08a400405465e538bf12c93afbd675f403d5b6253dc4d5496ce4e02e2de5931611dbe68ac33 |
/var/lib/rancher/k3s/server/tls/.ca/certs/6C6B62373D2BD940.pem
| MD5 | 67c32d5a044f71e9b66dfc2344012552 |
| SHA1 | 717ff3122c71a8d0f046730cde599394b062e04b |
| SHA256 | 2897cc80e7f0659ad608d944da2f78794bcf4b6c72cbf5d0e71be8b582dc03a0 |
| SHA512 | dfd78af63efd10567fb0bd3f656c6cd0852cc353ab49bf4b1881179c36d5ec40d8b03c64fe1541c0fc701427b8a1afdd2845b8289583776868f1dd13b891a3a8 |
/var/lib/rancher/k3s/server/tls/client-ca.key
| MD5 | d24f49e913dfab79f5478b0fc4d54940 |
| SHA1 | 376ddaf568224a7c9f18d5eedd49d43ad59bc77c |
| SHA256 | 5be6967ed0ae08bdbfd0c0c8e607d582795232ab1d1d5d4102b6f049fe1ca872 |
| SHA512 | c3627e676bb4f2362366d876500ec3e83782cb7e3cb0500f1c225825fdda56f78a25a4de4a769a93a7e76ae02a9014158e5e3e2216b5bf1434e6cee75569c93b |
/var/lib/rancher/k3s/server/tls/.ca/certs/6C6B62373D2BD941.pem
| MD5 | 474088f3faf069a260362144e420bd45 |
| SHA1 | 142a4dcb3fb3c0ba46a0b1a2b8ce476ff84127eb |
| SHA256 | a7d352c0dfc23a8595712a34edf3aaf0774eaced71e4dd6dd327f69381c56969 |
| SHA512 | fb377c741e99a270449de66a2233a13fca877b612b0c96362d721894cbff63bcdb0f319b767395dfe555e251ab933b16e180276d6e172999151bab8fb1140c06 |
/var/lib/rancher/k3s/server/tls/server-ca.key
| MD5 | a49db3cc5d70bed55c8293896020b51a |
| SHA1 | 97bcd258709a4b75ae77f6ffb157133b264467f1 |
| SHA256 | 95381dd5787c492505fa30b19d6c7add9123553887199fd9dab90c45b997ed28 |
| SHA512 | 8037722764ba4fd099849b22c3178f40a5eb72fdc454158ac58246cc15dc30b80cb2d5f2d43b4d4a8c4d48dedaabd7dfcead3a71808b041838586cef3ab94455 |
/var/lib/rancher/k3s/server/tls/.ca/certs/6C6B62373D2BD942.pem
| MD5 | 7ce06675a3429947b92e756f46e4ce15 |
| SHA1 | 78457e526ba91569867e448a4ef07ed9827db414 |
| SHA256 | 9c49edad1b6a10a67dcf817bb6c3aacfd93c1c0509968720e131a92c82cc2d2d |
| SHA512 | af057ab40474041d8533e03999880fea075c46b4f212cdc08bf22b7e3ead38a6e36a122f6658d9b585a6380d9b6e1ab561fb169a9caa9a793a72a3df92b300f6 |
/var/lib/rancher/k3s/server/tls/request-header-ca.key
| MD5 | b2d6f71352bc4d5ac9d1dcb5916c8e41 |
| SHA1 | 4ba272e6765e8eab2218c5cda5c6470ad2cebd3f |
| SHA256 | bf733288e7a8c3767e1df8c138ded23356f5379432504015676a19444c10f540 |
| SHA512 | 64d4fc672e7095a3cab7000aeec687e549b362fa0701d8610ccf31b31f743cb365b3c0e62ebde4d6215665cc4a70cb27f55505d5e2b81ce82e018ca0ae1c1702 |
/var/lib/rancher/k3s/server/tls/.ca/certs/6C6B62373D2BD943.pem
| MD5 | b7f0e4983cbadf8dcae02fff3f31ee79 |
| SHA1 | f56ca55d40d6375b39933e8989a9d92d5a7ecd1a |
| SHA256 | 08619ac676189a92655d3a75dff54c8e29d66845b204837a894c9987312dd56a |
| SHA512 | 6141ecf393d04eee15f1ad1322a68bdf2731c4bdd8e0dbe53f00a389d3d5aa350f083691fa1dc11945a31ac446287210b49d1fee295dd1e29d43a49c825dd73f |
/var/lib/rancher/k3s/server/tls/etcd/peer-ca.key
| MD5 | d0d370c87476b706c032f62b078b3943 |
| SHA1 | 66f54694f58095df68d868fcd09357ce6cc4b931 |
| SHA256 | f05fa32e60186f15dd14734a77a170c39f49731c5addbefb16f052349304c18f |
| SHA512 | b6c1abd676890bd64a3dab4fc3e2820a72eb6ba82fd86da4b45a45d8fd0a8302e6974658425e5276a8d8055a803f8ca41fc4aa055b3ae67a9b52a84cb9e61637 |
/var/lib/rancher/k3s/server/tls/.ca/certs/6C6B62373D2BD944.pem
| MD5 | 7a0ed72909ca82a7ec6d57cd81cfb280 |
| SHA1 | 3508669d95b2e11f95f302a5bae1d729e73f17d4 |
| SHA256 | b4d3b17a160b4836d378be1fa2c317e32746d35e930dc1d41f930195e1cb761b |
| SHA512 | 0151514ca985adafd9fd6c16c5bfe183692a8c72d0c0eb3c68f8e667cdb3922742d945f36446e31db169205b6fe169a0e6ffc8caf3094ff2913c416af0e43d3b |
/var/lib/rancher/k3s/server/tls/etcd/server-ca.key
| MD5 | 1b09ae59766ac43d907b7e9b31d09bd9 |
| SHA1 | 9d02741585808db0ce47c2685b40b733f81a6762 |
| SHA256 | afdbabe1ae476ce580d0e28ccc9b8efb0aaedebb6c545967cde7561f7021bcc3 |
| SHA512 | 574701c9b1dd20a14b802d293c6950014ed59456fb21dd7892fc72f0fb4a1ae48361014e1267f0d87f8920ec594b2279190bb86373b29a5be3614afeb1d86176 |
/var/lib/rancher/k3s/server/tls/.ca/certs/6C6B62373D2BD945.pem
| MD5 | 071ce144f9adcb27e424fcda035693b9 |
| SHA1 | dc180af2370e508f8794e7cfbc22f1028727c03d |
| SHA256 | 5a69b052150011eb4bc6086a766886975fa1d9c598c824eb2699b35f3ea8cf19 |
| SHA512 | 6d067261a17ad3d7a81ce170289671776ad1f1e43e8ffcebb1856963fe2c808a4d83e728f0ecd48ba93cbc1a7cb4e0424225f5dee0946d6a9455522c3770f354 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:14
Platform
win10v2004-20240709-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.droneignore
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-armhf-20240418-en
Max time kernel
6s
Max time network
8s
Command Line
Signatures
Enumerates running processes
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /sbin/sysctl | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /bin/ps | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/pgrep | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/694/stat | /bin/ps | N/A |
| File opened for reading | /proc/sys/net/ipv4/tcp_max_reordering | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/kernel/usermodehelper/bset | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/neigh/default/proxy_delay | /sbin/sysctl | N/A |
| File opened for reading | /proc/22/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/24/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/kernel/keys/gc_delay | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/neigh/default/base_reachable_time_ms | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/neigh/default/gc_stale_time | /sbin/sysctl | N/A |
| File opened for reading | /proc/11/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/5/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/fs/leases-enable | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/tcp_congestion_control | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/eth0/dad_transmits | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/neigh/lo/ucast_solicit | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/core/default_qdisc | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/eth0/igmpv3_unsolicited_report_interval | /sbin/sysctl | N/A |
| File opened for reading | /proc/stat | /bin/ps | N/A |
| File opened for reading | /proc/598/stat | /bin/ps | N/A |
| File opened for reading | /proc/668/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/kernel/overflowuid | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/kernel/pty/max | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/fs/quota/warnings | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/neigh/eth0/proxy_qlen | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/ping_group_range | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/lo/mtu | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/route | /sbin/sysctl | N/A |
| File opened for reading | /proc/26/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/23/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/265/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/kernel/ctrl-alt-del | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/route/gc_thresh | /sbin/sysctl | N/A |
| File opened for reading | /proc/267/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/kernel/modules_disabled | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/tcp_limit_output_bytes | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/default/drop_unicast_in_l2_multicast | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/default/router_solicitation_delay | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/eth0/accept_ra_rtr_pref | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/lo/max_desync_factor | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/netfilter/nf_log | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/vm/page-cluster | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/neigh/default/anycast_delay | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/ipfrag_max_dist | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/neigh/eth0/mcast_solicit | /sbin/sysctl | N/A |
| File opened for reading | /proc/261/status | /bin/ps | N/A |
| File opened for reading | /proc/sys/kernel/nmi_watchdog | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/kernel/pid_max | /bin/ps | N/A |
| File opened for reading | /proc/10/stat | /bin/ps | N/A |
| File opened for reading | /proc/sys/kernel/msgmnb | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/tcp_rmem | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/user/max_uts_namespaces | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/tcp_keepalive_probes | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/tcp_fwmark_accept | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/vm/dirtytime_expire_seconds | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/vm/legacy_va_layout | /sbin/sysctl | N/A |
| File opened for reading | /proc/106/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/icmp_ratelimit | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/tcp_available_congestion_control | /sbin/sysctl | N/A |
| File opened for reading | /proc/580/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/21/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/kernel/random/poolsize | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/kernel/domainname | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/lo/temp_valid_lft | /sbin/sysctl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/hostname-f.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-currentcontext.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-ln.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/lsof-n-P-p.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-nr.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-checkconfig.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-storageclass,pv,pvc.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/df-h.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-ln.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-L.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ps-uax.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ifconfig-a.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/hostname-f.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-replicaset-allnamespaces.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-storageclass,pv,pvc.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/sysctl-a.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/uname-a.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-version.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-getcontexts.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-replicaset-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/id.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ifconfig-a.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-version.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-nodes.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-nodes.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-services-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/dmesg.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/df-h.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/dmesg.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-daemonset-allnamespaces.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/command-v-kubectl.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-currentcontext.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-namespaces.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-nodes.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-pods-allnamespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-storageclass,pv,pvc.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/lsof-n-P-p.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-S.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/id.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/lsof-n-P-p.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-S.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-getcontexts.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-currentcontext.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-clusterinfo-dump.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/_etc_os-release | /bin/cp | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/uname-a.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-daemonset-allnamespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-S.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/command-v-kubectl.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-version.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-namespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-nodes.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/sysctl-a.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-L.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ifconfig-a.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-nr.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-version.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-clusterinfo-dump.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-nodes.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-pods-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/mount.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/df-h.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/command-v-kubectl.err.txt | /bin/bash | N/A |
Processes
/tmp/k3s-master/contrib/util/diagnostics.sh
[/tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/bin/id
[id -u]
/bin/cat
[cat /proc/sys/kernel/random/uuid]
/usr/bin/tr
[tr [:lower:] [:upper:]]
/bin/mktemp
[mktemp -d /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-XXXXXXXX]
/bin/readlink
[readlink -m /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol]
/bin/mkdir
[mkdir -p /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system]
/bin/cp
[cp --recursive --dereference /etc/os-release /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/_etc_os-release]
/sbin/sysctl
[sysctl -a]
/bin/uname
[uname -a]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/uname-a.err.txt]
/bin/ps
[ps uax]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ps-uax.err.txt]
/bin/dmesg
[dmesg]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/dmesg.err.txt]
/usr/bin/id
[id]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/id.err.txt]
/bin/mount
[mount]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/mount.err.txt]
/bin/df
[df -h]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/df-h.err.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ifconfig-a.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-ln.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-nr.txt]
/usr/bin/pgrep
[pgrep -o k3s]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/lsof-n-P-p.txt]
/sbin/iptables
[iptables -L]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-L.err.txt]
/sbin/iptables
[iptables -S]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-S.err.txt]
/bin/hostname
[hostname -f]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/hostname-f.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/hostname-f.err.txt]
/bin/mkdir
[mkdir -p /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-version.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-checkconfig.txt]
/bin/journalctl
[journalctl --field _SYSTEMD_UNIT]
/bin/grep
[grep k3s]
/bin/mkdir
[mkdir -p /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/command-v-kubectl.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/command-v-kubectl.err.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-version.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-getcontexts.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-currentcontext.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-clusterinfo-dump.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-namespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-nodes.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-nodes.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-pods-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-services-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-daemonset-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-deployments-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-replicaset-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-storageclass,pv,pvc.txt]
/usr/bin/tr
[tr [:lower:] [:upper:]]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian9-armhf-20240418-en-6 | udp |
Files
/tmp/sh-thd.3ikOIH
| MD5 | c1ca62dec968677a3bfafab4f4e7d59c |
| SHA1 | cc750ebfae6817a24ff2bceaebec38c5e11f883f |
| SHA256 | 99347398e3860004a2db097da166c590f27c942e729a406ecea61aa784fa544b |
| SHA512 | ef9337ef3cccbad24ee114604ae4ee45d3d5d64ed0bdf0676a6093746e592714b07a40cc52477b36cdf31eb2e33a1be4062a2311a5eaffa7247f8e64b39fa0dd |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/_etc_os-release
| MD5 | 6b9cb463744e6c78a180041ae5c82068 |
| SHA1 | b66fa3cc6b749fc33c049dc2f4ea3b6d9f12a9a7 |
| SHA256 | ff83f0c28edf5d329efd04b1f776bceef961380b1733d47469c4c54eab4b40b2 |
| SHA512 | 3636e4089e683ec160911c7b855495d68993fda6140636a402881ea9d207ca6afad704f10afaa79dbf3e510b3ff2fc31bcf6bb26def11ac22dddaba74cab95be |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/sysctl-a.cmd.txt
| MD5 | 65a913226117e10569f47210ba5cc9e4 |
| SHA1 | c958c77311ef8ea7767c0c6e8ad1645eebd9394a |
| SHA256 | 4ea6aada74971199ecb08b13fbe3add985765a673bb8ec2c9ed7f488ab8ca21c |
| SHA512 | 914ae3d1e97baffa38a84f0bf45e92d77ebada3ad4779e1669696231450825f7f9f989e48fe1bd17b861f1d8ddd763749673cc6ba8041c194b7689c477227cee |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/sysctl-a.err.txt
| MD5 | f58ca9e51d5c1377a85a3adb49bbd098 |
| SHA1 | 3e2ce04cdaf927e4e1a8480f1e52ecac70c4261b |
| SHA256 | 891da683164708facaff8b66c3b54e81631be0ab1a0fd1beb53f9fad5d11080e |
| SHA512 | 4e8f00fbed1b9867606d3af67aded2df67c45226cfc2d1a25a53fe73bc9e88dd9639849f53a9ebfc71b33f16bd0945354cf04ccff8f008425a652576ead0e6dc |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/uname-a.cmd.txt
| MD5 | 6d03a4bce238ab72e1efd760a9d7d22d |
| SHA1 | 39a250e1c093ecfcd2473e71716ba65b37940e21 |
| SHA256 | a5c41ad2a873e7904cb35754bf57108df0b72d5939ba9d9b0a8250affda6285d |
| SHA512 | 28caf42ce66c25c8cea394de5f845490221cc7824c4689ad56cd85ccea4a1e0631ae70870be1a5b36e9fdea88ee069198ea21f839c20434f0c996e09b8a7bd3a |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ps-uax.cmd.txt
| MD5 | 691b561deef6ef64e778e28766cedbf4 |
| SHA1 | deecfe74e77f32702af64f7d98f7976bebed926c |
| SHA256 | 9a262237c8fdccc327d5fa407fc6ed67125f5c10d6cfa893fd844fc449b0b0f6 |
| SHA512 | e9b4dc23441e6723af8e68b3835046bcdd973e157736d610f3691f85fe00ebe71b75bc4dd6a54516b53e9a2ed0e3a248b12344733fb07262ada5b1856cbefb70 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/dmesg.cmd.txt
| MD5 | 5e586b12552daf93c7af22dccbbf673b |
| SHA1 | 87b5100b995abbc509d56fbc2f21a5e36f31e19d |
| SHA256 | ecdd46797ccbbd216430279b15b436d2ed9f0afa18d3115f7cb21d88d7c7f227 |
| SHA512 | cad46c0ec64a9fd7860343b2703ad98dc5aa0231b8a08af5af34fbd44f8730f313c2f25dd81273b2e3e3c62af69dc11fed051036b6f2fb4e41c91ecb870fca88 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/id.cmd.txt
| MD5 | 49f96038f20aa062772267b640a18d79 |
| SHA1 | d5c07425675ba6682d89278ed8616a88d49af0a2 |
| SHA256 | 984a644ec3b56d32b0404777e1eb73390c4b0742a6a0e183f07861056b6746de |
| SHA512 | 2236c2c538189f24d1e9334832ac9db9df3c141bb98af9cd5c6a3ec5ade393a5a573f682953ee2dbff9aaa96bbecc0726deaeee962cd070ed44d183130c7408a |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/mount.cmd.txt
| MD5 | d8019401b7e42876fd36020a04c3bf2c |
| SHA1 | 49e9151a32ea1ffc9b3c50c0d8711575fde1aebe |
| SHA256 | c29c742d06751d4f0189151a5eb8df519779a56b90701230c359d9de849914ad |
| SHA512 | 6c549cdea03de6c868080cc301c38948fcedfcb96e0ade3881321e8d6fe2c59f97b73d2b44fc5016cb3a15194a84357d7176da5e6ed5586b193dd9fc7a0ee084 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/df-h.cmd.txt
| MD5 | 69a238d8cb3c5f979252010b3299e524 |
| SHA1 | c989bd551bfa8c755f6cacacb90c5c509432110e |
| SHA256 | 3242baedf369c64515b1cb0c47ea519e0e5c71911d863ff0e41d4ae9426fcd97 |
| SHA512 | ef99d9670cccbd6edfe26c74a13567360cc7f22ee507d68f5e3eceb6c0891689321397c56ddddf8ea942990f72d8276827277b2c1c8213f0c244ce94d286840a |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ifconfig-a.cmd.txt
| MD5 | af9af3cccdf311f8c81f08e97e8d0aa0 |
| SHA1 | 93ed74c2d1ab654206a6ff50c8b0955901fed699 |
| SHA256 | 235a86b5220bd41c03dc776f96f1dc95806e7a0579ffd4126afda0eda33b7186 |
| SHA512 | 61293697a81ef554d494e9a0219a50dfa9ec2a1658c38e60c1cdbc2c382128faa24a9d9e1f0d871df50a82e16190262e9a83db1372ca324ca625b48b9380de1a |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/ifconfig-a.err.txt
| MD5 | 2205dea4d61a6d56f12580a91bf88ebd |
| SHA1 | ea5c2d483ac5600ab9650a15fd5a6cc1abeaef4b |
| SHA256 | 96de101f770c28472d203a7c2f0588f76125e56963adc253315ecf7e5362d57b |
| SHA512 | 894c76524767d0ed7b890961a8a85582024f61bfc7382c62b42a89b172fa1b3f4cb907517c836838aa76b3ebb9e86838fa24e3029cffaa92e8779f950fb90238 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-ln.cmd.txt
| MD5 | 34b0eb93562d163c0421d090e1af127a |
| SHA1 | a92fd8952b3f7e38e9473507eb5118379762259b |
| SHA256 | 6aa3e31d3a1e7c3ad12f70971de5bd17ccd04c42150acb6dcee0366966e4efde |
| SHA512 | 3d600a185c170ef42990bef49d5d0fe7cab5b9b523d06f88b3b93900042a5c59dbe3761daf1c5937846d6cb0c2a854ed3d288a5f14bf86e2a4809222c151b98b |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-ln.err.txt
| MD5 | a01d8d19ee83ee3b9e3aa93994adeac1 |
| SHA1 | e8d2614ca92e7bf98a77bd9a665e4c90666d9ea9 |
| SHA256 | 67dd27625b828ba9afc4e1660cb7ceacaaa1c0c53d1f012092d7634b477caf83 |
| SHA512 | 852baf4d57d0e566306afbd95e048b579e037436e58df90fd7fffa231c1ce6f35364f19a8463c8e72e189abbafa0d6e2ce0cd63e5fc14fc6923f23bfa86d50a7 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/netstat-nr.cmd.txt
| MD5 | f91997b53c5bb88b78adbc7c6045acfa |
| SHA1 | 76d0d0b39dd17bf89516ca246e273aaad204f306 |
| SHA256 | 69db1fee62f367e4c5c5662955fe1960e638605415869851b82bdb9cb0097176 |
| SHA512 | f7bf633b9542a935188a2527075243a72846ebbe18079103035e141571225ecfb5cc7d2647044b89fe2bd6b849c30c41ffda4608fd23886765f34970d3271c5e |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/lsof-n-P-p.cmd.txt
| MD5 | 3b97c34d2930b286446fe0e3c0a3992f |
| SHA1 | 8ade115cded46e67fdbf533d6b28ed0965f5e9e5 |
| SHA256 | 76e39d40cc0973fa69f2968eb13060976f5d9a11e070f9b74b8614086c35d99f |
| SHA512 | d961289fc6ab8e72344b0be929ad8abb327d897c3fe19c84fa92e9530dec3ec80e1706711e4c8104c1cc44f7c7b81f591e9d26ef0df293983dbf9005c312f285 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/lsof-n-P-p.err.txt
| MD5 | fef6762266aceba4193ef24290aaca06 |
| SHA1 | faac5e497bdee0d77c700c53e4e4d3f435a2d4d0 |
| SHA256 | dc096a6dd561bf05605bf08b0ae028e6ac371bb55b1ac10b1099326a69c2936e |
| SHA512 | 24ad1b561af4a12995f444914014cd1a9c91506c5ada43518d5be94d54f7bd870f9b8dff8a34f8a89ddbc02643816583a39e33ea7d8655b33ee6ee91337a9e93 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-L.cmd.txt
| MD5 | 434489814c5c403c06037f82f9e9a264 |
| SHA1 | 47b6cbb7c23e2c02ce89a10ea2df3cb17c8c98aa |
| SHA256 | 46da7b1e98fcbc799e2dbe3d5e347476ae1d85818364a70c822add53a488ea46 |
| SHA512 | ca0cd8a62be26f5c4a511795ca5a66705f30d78bdff1405e5ad451c2cbb5b4f102334afa9cf956b80f6e36868608a67c0888d34012e8d7140cb2d6402b8f42ca |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/iptables-S.cmd.txt
| MD5 | 3b4ee7611e467391ba258b42f691fc34 |
| SHA1 | 8f442990dd87f47f59bb91e5f45563e191e4e3dd |
| SHA256 | 42129453f7b3b970155c3acaea97965f29694fc7dabd544cdfbde2ad5463348a |
| SHA512 | cfb660bc6c96f7a98e445bd9e0b7f40ebe2c7490351bac2c8a6d3a00a4e1d97ffc5a199e4d399b90b7ef4baf3b3b1468d017afe14004edb2340d23f6aafd17e8 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/system/hostname-f.cmd.txt
| MD5 | 01c771b88df59ada175c1653db8bea99 |
| SHA1 | e21d64f4f91b700f4ce8d9e65bb2806df96e5d55 |
| SHA256 | 80cfa79f1c72e35ea11dea69762c2bbc0f11c683cd8ef840996ede660d69c04a |
| SHA512 | 15f11c20166742cbce33caf92482e2f0b96378f4a4ba17740ab7066511206ef3012ad132934108bbbc98b02c672d6b4348d80b011bbf862624148bdf2860cc54 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-version.cmd.txt
| MD5 | 2f314c074a46fcfbf6f5f13a4ea2a6be |
| SHA1 | 650ecc8d90046edc71609c5b0a5491bcb7bf4f51 |
| SHA256 | ee0d9f93c2b132ac9bbaa7226439ee9e6127425bdf75e630ac894fb85d439bf2 |
| SHA512 | a9d1270bbff5f0756a122c32727be732b412a31fb7d4310eaecc93f00d46239d003eeca9032779d35bfa1992e6104342ac082c561e79217cf3775606d4462637 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-version.err.txt
| MD5 | 2f821ac970317a5954f9e4b78a508e63 |
| SHA1 | c82324b92ad1f492221cb9203171d87a74182b38 |
| SHA256 | 6d5a1ded372e8240ae92ab10faa113f4300bc4ad68ba6c9cac7fa7f969dff93d |
| SHA512 | c10c8a1dce6a09cf1bb0acd99c808939c472f92a3d14ecbc5bbd6f15e2bd53036c627542a2f9a959bd23f3b6036bc5e530bf2e96a7705e468496b90f0b1e009d |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/k3s/k3s-checkconfig.cmd.txt
| MD5 | 3fc4a3e73307f2a04a4901a2d7f65c48 |
| SHA1 | 4063beda5c8cf430d48c87fa1a6a68ddbb93c20c |
| SHA256 | 26f41d1fb3bfccae59379f6a945a348ee951aa4cb6d63ded1b2a7fe51990a570 |
| SHA512 | 1fc1804eca455263001c23e92dea1cae8fdec88797ff7cf5fecc0943a5c4473e9785300d4570a52e9afa83485c4cfc7541d3c3acf8abb83f7a9b3d18143a5f83 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/command-v-kubectl.cmd.txt
| MD5 | ae1741b49f8cb260295757450f4e940c |
| SHA1 | 4ddff8d1a4d241d916647c3416993c2b71d4f08f |
| SHA256 | 5249dea92706d039a3d9c4e7858f4c89b59cde4e0b9295a84b9043e9d73fca9c |
| SHA512 | 8dd4a19c58288396d5d3417c4537197bae3cb3536b608870cb15d9b8fec4ba3bf8f2cc60cad2a8c9023228b2e0df42d59d51890d052ce2b7697d76fb32719e44 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-version.cmd.txt
| MD5 | 96275629f4d50cacc031d9fff056ce0c |
| SHA1 | b47a3521d57e3e86b368994e24075ecee3dd82e7 |
| SHA256 | c49de28b5ecf8b3ddef8ac49737f3870a2b35b77e27b43ec6c8551ed62fd5b15 |
| SHA512 | e0187e7e3bc98aac93fa71c4dc674c54a8325b0454cf64a1b10ff335084d246c414698ac7a293a463de78d30537e92afc9678c8b3951730d2fe1080dfefd8f62 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-version.err.txt
| MD5 | 2b6011e00005a20f051a13323fe2eff0 |
| SHA1 | 7bbc836e615dbd816abad1086e8c75242f84f6a8 |
| SHA256 | 09afb740ea2b3de3ebd36d564f4a9ac8f0214f39efcf027617818054ea845511 |
| SHA512 | 934b95dc713d5c028d099c7c434cbb50707771a875b868a3698de2e131f0801633a7a35700d3207735bb6ce22df323448ca221cf21b1f2ea29775ce114fb4b07 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-getcontexts.cmd.txt
| MD5 | 654e808e4ffd2d97f7e608045cfb16a5 |
| SHA1 | e95666ee9b61a08e754d914115808feffb985760 |
| SHA256 | 424d24f21990aa6c59e6f781f0b25e21f48d31697c53e057aa698e20324b497a |
| SHA512 | 69252aa13b6f9231b8337b71bcd88b8b7bedd6cb4ce9bd912d34fa1c1327e07371385398ccbd3dbc71da2f768f6285a3f77a9e05368b2fb0fa22d1f3c7b22a27 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-config-currentcontext.cmd.txt
| MD5 | 3f76b376d8dc2e1a52eeabb0c3830887 |
| SHA1 | 5f85fa92c2bbe97609a2ba048a8767bf281d0f7a |
| SHA256 | 09ff9097f11f5a67fff70dbec7bfa87df7f2187ee5c029a2c90d6c208bfbbee3 |
| SHA512 | 1f38033692606a45b15c347494db53b5ae9dbeff6b0898ab9d3e1395c659ec077b21b96127db314387fde40e13c92b820d823e3df7e4363ab92db346f0b798fb |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-clusterinfo-dump.cmd.txt
| MD5 | 6fbf190b03be40ae5f8ec36154c72514 |
| SHA1 | c4a49be9f3d7276f30078ed1a7d14f2c40bef3cd |
| SHA256 | 264c0da3f3425bcbbe165df2fea3ec2e3dfc0727e7352510c5ab9cbefbfafcb0 |
| SHA512 | b460c1d6f32a83ac133690712c359bfe911da14058d90454c2f80386133d35134d9d9fe60ff550ba92dd6101040e46c750edc36e5e4fad50b565b08ad6585f77 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-namespaces.cmd.txt
| MD5 | 542e77fcb4b18534f77121a54cc98085 |
| SHA1 | de02b14b99fc69c48befc21fb98c3ada7bac2e04 |
| SHA256 | c485003651d2468a3c16c762765bd746e6f08d47d22960eb2fe9323a2fd663da |
| SHA512 | df578273d33501fe0cbb6bd471e42f02e62b52ec7beeb60889b95a052dc5a8af2068025cdd670110de7679468e83c10dc96d571943ce1e3a77c73d4543ff0333 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-get-nodes.cmd.txt
| MD5 | 3fc130b3e6ef3ca21bc420868d5b580c |
| SHA1 | 3e4537d06a2cdd870d039bf2ab61b1409e74b0b0 |
| SHA256 | e53bbc0cbc3e768a07a8efff68520cf45d2f49e83c9f26ed5aa8d6343af84150 |
| SHA512 | b80f2d773d0b7572dfffa81f52192a218fd6e5a0aba199625f82843d6661b407faa111017b0ed4e66a4dde63c1662b2231e71c4e84fdc6effbdba7b380c008aa |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-nodes.cmd.txt
| MD5 | d16eebb25c9302a1cdf34bdcf7c936ed |
| SHA1 | 7d5398e18b6c0b768ec40a22cbd56971998a9544 |
| SHA256 | e8a1ed5c0ed31fa8e9ae1aff89e1d54e5aa18170f8df1dbf103e7a6861394d29 |
| SHA512 | d9ecc8b01af11a95b295a2517bd1d37e3d253c577a2a0434fa965d8f7772494abfa3aafa73cf19bd476cb46682422d4d9253818f72cbff26cc75789d5cb5ef63 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-pods-allnamespaces.cmd.txt
| MD5 | c863f288967d132b29784e4401b58512 |
| SHA1 | 02ae31e412ff27b9f16b82c1157ad9c9835ed333 |
| SHA256 | 2cf64ab9440bbac91a1ea61888b59f6b97dd0e5adeca729ea8a35429888a2623 |
| SHA512 | 2c5b6ee9e0577f07ef7b3daaf91f1188f58ef2d0d6b971978f4ccec8bae07718879f8cf972a0b7d6aa01e70b28fe2c4ec9427bb7bfe4182fa2693a79a4de696b |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-services-allnamespaces.cmd.txt
| MD5 | 6eca4cf5ebd52f8c2e05e548d720c96b |
| SHA1 | ca48ca8abc3a2cae6a3d4937cca6f78977c39e78 |
| SHA256 | fdf148fcabcf78973dca2ac6687d01116bd2e33715b451441cc01123e74b6d84 |
| SHA512 | d4ce17bc6c1bf1b8376c16e84450bb91a001c28d51aa4d701670f28ada0577c607492c265d8f05bc614c171477dc91406dc0002071a34e6ba4b9f7bcd282b962 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt
| MD5 | c8132922440ccf9c50ff06d65205abd7 |
| SHA1 | 096ed9504bed6655fe7fb7ff1035af007416fc32 |
| SHA256 | 362103778c695feeec811d59a43290d5ee4e0df2ab1fbc3ff00758faf85eb8a4 |
| SHA512 | ee60150b145acbb81694022e3da9de1f105bf483ed4bbdd522f7f9a2b521c4d103412f8e5b53ac2f787804c1ff111ef57a6fda3c199bc4e7c683391c75748b27 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-deployments-allnamespaces.cmd.txt
| MD5 | 3631db57279a5dc45dce19137d1c8026 |
| SHA1 | ccdb8306f79869356d536fdf6edd5d99c3f71978 |
| SHA256 | bd6e8a341d59c7a49d9de9d1c8265d6f0885b4d14eabdc8fbe219b75b7846d86 |
| SHA512 | 23bd0a920543de4d8e82d8b9515f591aa6a2729055e5b6ef2ba1a1249260dedf41948cea4e24c5573ece57d23672725f0e45e28c64b7dc83458c0764ce5f755d |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-replicaset-allnamespaces.cmd.txt
| MD5 | 0d6930d59e8d0fc4648b1c170caf1909 |
| SHA1 | d887818f29e86139b6cd482577d051c6d4d6d548 |
| SHA256 | 6a5e42de63285374c442ec79ada7080ab41bae85438f4adfd95913916d14ba57 |
| SHA512 | 62216eec2f04bdfc0ab69a5c00ec8246ab28f1d6f0164764bf1dd17d2461b5ddce4e632af1af07ff5865fb08e0e09390b18c0bbfa7ead48575e5ad0d81ba7133 |
/tmp/k3s-diagnostics-3C68FEDB-2D42-4984-A707-D4320BADAA80-WUGcksol/kube/kubectl-describe-storageclass,pv,pvc.cmd.txt
| MD5 | 3c44ff5f7437e2e9ee9bfc27b7239ef8 |
| SHA1 | 51bf4232870c2a38a6fd0240bf18d0fbd5b11458 |
| SHA256 | 643633049e2e90205e3c8841019ba822cd651134021b7d8f1b03f2a8be3ca3ea |
| SHA512 | 6c9a23be940cd980415f9c0118f8156cdf94b3d20b17b8fb95e4da1b8e4f5f517dc4f2eb4727a6fb97c74e50f965fab4f9a7ca9d8f398ba7111170343b1a0513 |
Analysis: behavioral17
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-mipsbe-20240418-en
Max time kernel
9s
Max time network
10s
Command Line
Signatures
Enumerates running processes
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /sbin/sysctl | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /bin/ps | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/pgrep | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/8/stat | /bin/ps | N/A |
| File opened for reading | /proc/385/stat | /bin/ps | N/A |
| File opened for reading | /proc/sys/kernel/domainname | /sbin/sysctl | N/A |
| File opened for reading | /proc/stat | /bin/ps | N/A |
| File opened for reading | /proc/sys/net/ipv4/tcp_fastopen_key | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/default/use_optimistic | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/lo/accept_redirects | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/flowlabel_state_ranges | /sbin/sysctl | N/A |
| File opened for reading | /proc/8/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/sys/kernel/overflowgid | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/kernel/pty | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/all/log_martians | /sbin/sysctl | N/A |
| File opened for reading | /proc/707/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/8/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/79/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/net/ipv4/route/gc_elasticity | /sbin/sysctl | N/A |
| File opened for reading | /proc/756/status | /bin/ps | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/default/max_desync_factor | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/default/router_solicitation_max_interval | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/lo/router_solicitations | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/neigh/lo | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/ip_forward | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/all/accept_ra_rtr_pref | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/neigh/enp0s19/proxy_qlen | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/vm/laptop_mode | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/core/busy_poll | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/enp0s19/temp_valid_lft | /sbin/sysctl | N/A |
| File opened for reading | /proc/69/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/72/status | /bin/ps | N/A |
| File opened for reading | /proc/sys/kernel/perf_event_max_stack | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/all/ignore_routes_with_linkdown | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/neigh/enp0s19/unres_qlen_bytes | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/enp0s19/disable_ipv6 | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/ip6frag_time | /sbin/sysctl | N/A |
| File opened for reading | /proc/81/status | /bin/ps | N/A |
| File opened for reading | /proc/sys/kernel/max_lock_depth | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/kernel/traceoff_on_warning | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/fs/mqueue/msg_max | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/tcp_workaround_signed_windows | /sbin/sysctl | N/A |
| File opened for reading | /proc/filesystems | /bin/ps | N/A |
| File opened for reading | /proc/sys/net/ipv4/neigh/default/mcast_resolicit | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/neigh/lo/proxy_delay | /sbin/sysctl | N/A |
| File opened for reading | /proc/73/cmdline | /bin/ps | N/A |
| File opened for reading | /proc/6/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/fs/file-max | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/enp0s19/send_redirects | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/ipfrag_high_thresh | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/route/error_cost | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/lo/forwarding | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/mld_max_msf | /sbin/sysctl | N/A |
| File opened for reading | /proc/3/stat | /bin/ps | N/A |
| File opened for reading | /proc/sys/fs/inotify/max_user_instances | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/conf/lo/proxy_arp | /sbin/sysctl | N/A |
| File opened for reading | /proc/16/status | /bin/ps | N/A |
| File opened for reading | /proc/sys/net/core/optmem_max | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/lo/accept_ra | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv4/icmp_msgs_burst | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/conf/lo/accept_ra_from_local | /sbin/sysctl | N/A |
| File opened for reading | /proc/sys/net/ipv6/neigh/enp0s19/gc_stale_time | /sbin/sysctl | N/A |
| File opened for reading | /proc/11/stat | /bin/ps | N/A |
| File opened for reading | /proc/12/stat | /bin/ps | N/A |
| File opened for reading | /proc/17/cmdline | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/77/stat | /usr/bin/pgrep | N/A |
| File opened for reading | /proc/sys/dev/cdrom | /sbin/sysctl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-services-allnamespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-storageclass,pv,pvc.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/sysctl-a.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/lsof-n-P-p.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/hostname-f.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-version.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-namespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/dmesg.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ifconfig-a.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/lsof-n-P-p.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-version.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-S.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-S.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/sh-thd.CCd4tX | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/sysctl-a.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/uname-a.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-nr.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-S.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-checkconfig.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-getcontexts.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-L.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-currentcontext.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-currentcontext.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/uname-a.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ps-uax.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/dmesg.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/df-h.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-L.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-nodes.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-replicaset-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-storageclass,pv,pvc.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-deployments-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/dmesg.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-ln.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/command-v-kubectl.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-nodes.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-pods-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-namespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-replicaset-allnamespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/mount.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-checkconfig.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-version.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-clusterinfo-dump.txt | /bin/bash | N/A |
| File opened for modification | /tmp/sh-thd.LtRIye | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ifconfig-a.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-nr.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-version.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/command-v-kubectl.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-daemonset-allnamespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-currentcontext.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-services-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/uname-a.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/df-h.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/df-h.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-ln.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-getcontexts.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ifconfig-a.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-nr.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/hostname-f.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-getcontexts.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-pods-allnamespaces.err.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-version.cmd.txt | /bin/bash | N/A |
| File opened for modification | /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-namespaces.txt | /bin/bash | N/A |
Processes
/tmp/k3s-master/contrib/util/diagnostics.sh
[/tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/diagnostics.sh]
/usr/bin/id
[id -u]
/bin/cat
[cat /proc/sys/kernel/random/uuid]
/usr/bin/tr
[tr [:lower:] [:upper:]]
/bin/mktemp
[mktemp -d /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-XXXXXXXX]
/bin/readlink
[readlink -m /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx]
/bin/mkdir
[mkdir -p /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system]
/bin/cp
[cp --recursive --dereference /etc/os-release /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/_etc_os-release]
/sbin/sysctl
[sysctl -a]
/bin/uname
[uname -a]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/uname-a.err.txt]
/bin/ps
[ps uax]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ps-uax.err.txt]
/bin/dmesg
[dmesg]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/dmesg.err.txt]
/usr/bin/id
[id]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/id.err.txt]
/bin/mount
[mount]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/mount.err.txt]
/bin/df
[df -h]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/df-h.err.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ifconfig-a.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-ln.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-nr.txt]
/usr/bin/pgrep
[pgrep -o k3s]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/lsof-n-P-p.txt]
/sbin/iptables
[iptables -L]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-L.err.txt]
/sbin/iptables
[iptables -S]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-S.err.txt]
/bin/hostname
[hostname -f]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/hostname-f.txt]
/bin/mkdir
[mkdir -p /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-version.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-checkconfig.txt]
/bin/journalctl
[journalctl --field _SYSTEMD_UNIT]
/bin/grep
[grep k3s]
/bin/mkdir
[mkdir -p /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/command-v-kubectl.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/command-v-kubectl.err.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-version.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-getcontexts.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-currentcontext.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-clusterinfo-dump.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-namespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-nodes.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-nodes.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-pods-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-services-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-daemonset-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-deployments-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-replicaset-allnamespaces.txt]
/bin/rm
[rm /tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-storageclass,pv,pvc.txt]
/usr/bin/tr
[tr [:lower:] [:upper:]]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian9-mipsbe-20240418-en-3 | udp |
Files
/tmp/sh-thd.CCd4tX
| MD5 | e31126093946d67a308926ccc064b171 |
| SHA1 | 5638b72172d99db995387b1eaa80bce1b72b8014 |
| SHA256 | 2313707b4667e3e70898b6bb32883cce30d980dd4648899fc133a004ee020f4d |
| SHA512 | 2863ebb1461ee5670450e545e7b44960f594ea0f4bd41d94c276a9c126b4bfb93a3fba512ae7a370f3d327fb77460ef1f946baf45727514744b6944dae89491b |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/_etc_os-release
| MD5 | 6b9cb463744e6c78a180041ae5c82068 |
| SHA1 | b66fa3cc6b749fc33c049dc2f4ea3b6d9f12a9a7 |
| SHA256 | ff83f0c28edf5d329efd04b1f776bceef961380b1733d47469c4c54eab4b40b2 |
| SHA512 | 3636e4089e683ec160911c7b855495d68993fda6140636a402881ea9d207ca6afad704f10afaa79dbf3e510b3ff2fc31bcf6bb26def11ac22dddaba74cab95be |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/sysctl-a.cmd.txt
| MD5 | 65a913226117e10569f47210ba5cc9e4 |
| SHA1 | c958c77311ef8ea7767c0c6e8ad1645eebd9394a |
| SHA256 | 4ea6aada74971199ecb08b13fbe3add985765a673bb8ec2c9ed7f488ab8ca21c |
| SHA512 | 914ae3d1e97baffa38a84f0bf45e92d77ebada3ad4779e1669696231450825f7f9f989e48fe1bd17b861f1d8ddd763749673cc6ba8041c194b7689c477227cee |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/sysctl-a.err.txt
| MD5 | d36cc5bb15821d3b56e5783cda82c81d |
| SHA1 | aa805238a3181895d21513c060e7b491c248b169 |
| SHA256 | f351dd41c58a56faad25a60b1e2931ed551d10f9b461420e561eed6bd786ff93 |
| SHA512 | 7f56cd98df040c7c36380e40ecbe9e2db8bbd64ff4f3ff87df55c63554f7603cb42afde1feff1a0bcd85009dc80807e3d7f185e6da9bde8cc1b742150326cb32 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/uname-a.cmd.txt
| MD5 | 6d03a4bce238ab72e1efd760a9d7d22d |
| SHA1 | 39a250e1c093ecfcd2473e71716ba65b37940e21 |
| SHA256 | a5c41ad2a873e7904cb35754bf57108df0b72d5939ba9d9b0a8250affda6285d |
| SHA512 | 28caf42ce66c25c8cea394de5f845490221cc7824c4689ad56cd85ccea4a1e0631ae70870be1a5b36e9fdea88ee069198ea21f839c20434f0c996e09b8a7bd3a |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ps-uax.cmd.txt
| MD5 | 691b561deef6ef64e778e28766cedbf4 |
| SHA1 | deecfe74e77f32702af64f7d98f7976bebed926c |
| SHA256 | 9a262237c8fdccc327d5fa407fc6ed67125f5c10d6cfa893fd844fc449b0b0f6 |
| SHA512 | e9b4dc23441e6723af8e68b3835046bcdd973e157736d610f3691f85fe00ebe71b75bc4dd6a54516b53e9a2ed0e3a248b12344733fb07262ada5b1856cbefb70 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/dmesg.cmd.txt
| MD5 | 5e586b12552daf93c7af22dccbbf673b |
| SHA1 | 87b5100b995abbc509d56fbc2f21a5e36f31e19d |
| SHA256 | ecdd46797ccbbd216430279b15b436d2ed9f0afa18d3115f7cb21d88d7c7f227 |
| SHA512 | cad46c0ec64a9fd7860343b2703ad98dc5aa0231b8a08af5af34fbd44f8730f313c2f25dd81273b2e3e3c62af69dc11fed051036b6f2fb4e41c91ecb870fca88 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/id.cmd.txt
| MD5 | 49f96038f20aa062772267b640a18d79 |
| SHA1 | d5c07425675ba6682d89278ed8616a88d49af0a2 |
| SHA256 | 984a644ec3b56d32b0404777e1eb73390c4b0742a6a0e183f07861056b6746de |
| SHA512 | 2236c2c538189f24d1e9334832ac9db9df3c141bb98af9cd5c6a3ec5ade393a5a573f682953ee2dbff9aaa96bbecc0726deaeee962cd070ed44d183130c7408a |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/mount.cmd.txt
| MD5 | d8019401b7e42876fd36020a04c3bf2c |
| SHA1 | 49e9151a32ea1ffc9b3c50c0d8711575fde1aebe |
| SHA256 | c29c742d06751d4f0189151a5eb8df519779a56b90701230c359d9de849914ad |
| SHA512 | 6c549cdea03de6c868080cc301c38948fcedfcb96e0ade3881321e8d6fe2c59f97b73d2b44fc5016cb3a15194a84357d7176da5e6ed5586b193dd9fc7a0ee084 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/df-h.cmd.txt
| MD5 | 69a238d8cb3c5f979252010b3299e524 |
| SHA1 | c989bd551bfa8c755f6cacacb90c5c509432110e |
| SHA256 | 3242baedf369c64515b1cb0c47ea519e0e5c71911d863ff0e41d4ae9426fcd97 |
| SHA512 | ef99d9670cccbd6edfe26c74a13567360cc7f22ee507d68f5e3eceb6c0891689321397c56ddddf8ea942990f72d8276827277b2c1c8213f0c244ce94d286840a |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ifconfig-a.cmd.txt
| MD5 | af9af3cccdf311f8c81f08e97e8d0aa0 |
| SHA1 | 93ed74c2d1ab654206a6ff50c8b0955901fed699 |
| SHA256 | 235a86b5220bd41c03dc776f96f1dc95806e7a0579ffd4126afda0eda33b7186 |
| SHA512 | 61293697a81ef554d494e9a0219a50dfa9ec2a1658c38e60c1cdbc2c382128faa24a9d9e1f0d871df50a82e16190262e9a83db1372ca324ca625b48b9380de1a |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/ifconfig-a.err.txt
| MD5 | 2205dea4d61a6d56f12580a91bf88ebd |
| SHA1 | ea5c2d483ac5600ab9650a15fd5a6cc1abeaef4b |
| SHA256 | 96de101f770c28472d203a7c2f0588f76125e56963adc253315ecf7e5362d57b |
| SHA512 | 894c76524767d0ed7b890961a8a85582024f61bfc7382c62b42a89b172fa1b3f4cb907517c836838aa76b3ebb9e86838fa24e3029cffaa92e8779f950fb90238 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-ln.cmd.txt
| MD5 | 34b0eb93562d163c0421d090e1af127a |
| SHA1 | a92fd8952b3f7e38e9473507eb5118379762259b |
| SHA256 | 6aa3e31d3a1e7c3ad12f70971de5bd17ccd04c42150acb6dcee0366966e4efde |
| SHA512 | 3d600a185c170ef42990bef49d5d0fe7cab5b9b523d06f88b3b93900042a5c59dbe3761daf1c5937846d6cb0c2a854ed3d288a5f14bf86e2a4809222c151b98b |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-ln.err.txt
| MD5 | a01d8d19ee83ee3b9e3aa93994adeac1 |
| SHA1 | e8d2614ca92e7bf98a77bd9a665e4c90666d9ea9 |
| SHA256 | 67dd27625b828ba9afc4e1660cb7ceacaaa1c0c53d1f012092d7634b477caf83 |
| SHA512 | 852baf4d57d0e566306afbd95e048b579e037436e58df90fd7fffa231c1ce6f35364f19a8463c8e72e189abbafa0d6e2ce0cd63e5fc14fc6923f23bfa86d50a7 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/netstat-nr.cmd.txt
| MD5 | f91997b53c5bb88b78adbc7c6045acfa |
| SHA1 | 76d0d0b39dd17bf89516ca246e273aaad204f306 |
| SHA256 | 69db1fee62f367e4c5c5662955fe1960e638605415869851b82bdb9cb0097176 |
| SHA512 | f7bf633b9542a935188a2527075243a72846ebbe18079103035e141571225ecfb5cc7d2647044b89fe2bd6b849c30c41ffda4608fd23886765f34970d3271c5e |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/lsof-n-P-p.cmd.txt
| MD5 | 3b97c34d2930b286446fe0e3c0a3992f |
| SHA1 | 8ade115cded46e67fdbf533d6b28ed0965f5e9e5 |
| SHA256 | 76e39d40cc0973fa69f2968eb13060976f5d9a11e070f9b74b8614086c35d99f |
| SHA512 | d961289fc6ab8e72344b0be929ad8abb327d897c3fe19c84fa92e9530dec3ec80e1706711e4c8104c1cc44f7c7b81f591e9d26ef0df293983dbf9005c312f285 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/lsof-n-P-p.err.txt
| MD5 | fef6762266aceba4193ef24290aaca06 |
| SHA1 | faac5e497bdee0d77c700c53e4e4d3f435a2d4d0 |
| SHA256 | dc096a6dd561bf05605bf08b0ae028e6ac371bb55b1ac10b1099326a69c2936e |
| SHA512 | 24ad1b561af4a12995f444914014cd1a9c91506c5ada43518d5be94d54f7bd870f9b8dff8a34f8a89ddbc02643816583a39e33ea7d8655b33ee6ee91337a9e93 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-L.cmd.txt
| MD5 | 434489814c5c403c06037f82f9e9a264 |
| SHA1 | 47b6cbb7c23e2c02ce89a10ea2df3cb17c8c98aa |
| SHA256 | 46da7b1e98fcbc799e2dbe3d5e347476ae1d85818364a70c822add53a488ea46 |
| SHA512 | ca0cd8a62be26f5c4a511795ca5a66705f30d78bdff1405e5ad451c2cbb5b4f102334afa9cf956b80f6e36868608a67c0888d34012e8d7140cb2d6402b8f42ca |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/iptables-S.cmd.txt
| MD5 | 3b4ee7611e467391ba258b42f691fc34 |
| SHA1 | 8f442990dd87f47f59bb91e5f45563e191e4e3dd |
| SHA256 | 42129453f7b3b970155c3acaea97965f29694fc7dabd544cdfbde2ad5463348a |
| SHA512 | cfb660bc6c96f7a98e445bd9e0b7f40ebe2c7490351bac2c8a6d3a00a4e1d97ffc5a199e4d399b90b7ef4baf3b3b1468d017afe14004edb2340d23f6aafd17e8 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/hostname-f.cmd.txt
| MD5 | 01c771b88df59ada175c1653db8bea99 |
| SHA1 | e21d64f4f91b700f4ce8d9e65bb2806df96e5d55 |
| SHA256 | 80cfa79f1c72e35ea11dea69762c2bbc0f11c683cd8ef840996ede660d69c04a |
| SHA512 | 15f11c20166742cbce33caf92482e2f0b96378f4a4ba17740ab7066511206ef3012ad132934108bbbc98b02c672d6b4348d80b011bbf862624148bdf2860cc54 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/system/hostname-f.err.txt
| MD5 | 428abf1a44de5a105a35bbd0e39ef779 |
| SHA1 | 7af871b6aa7748a37dfee56da2c343fb75dbd5d6 |
| SHA256 | 4f67526861c6d543f3a592aa1e36abc9b39c5d304dafcfb294efb24b3ef4ebba |
| SHA512 | e420f327502d83def7674fd15d9c634c611e0952aac6a826869ad891dd405ed95c618d40b5af1280eaef2a607cc5356d686ca56dda927a61354c11a005893f91 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-version.cmd.txt
| MD5 | 2f314c074a46fcfbf6f5f13a4ea2a6be |
| SHA1 | 650ecc8d90046edc71609c5b0a5491bcb7bf4f51 |
| SHA256 | ee0d9f93c2b132ac9bbaa7226439ee9e6127425bdf75e630ac894fb85d439bf2 |
| SHA512 | a9d1270bbff5f0756a122c32727be732b412a31fb7d4310eaecc93f00d46239d003eeca9032779d35bfa1992e6104342ac082c561e79217cf3775606d4462637 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-version.err.txt
| MD5 | 2f821ac970317a5954f9e4b78a508e63 |
| SHA1 | c82324b92ad1f492221cb9203171d87a74182b38 |
| SHA256 | 6d5a1ded372e8240ae92ab10faa113f4300bc4ad68ba6c9cac7fa7f969dff93d |
| SHA512 | c10c8a1dce6a09cf1bb0acd99c808939c472f92a3d14ecbc5bbd6f15e2bd53036c627542a2f9a959bd23f3b6036bc5e530bf2e96a7705e468496b90f0b1e009d |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/k3s/k3s-checkconfig.cmd.txt
| MD5 | 3fc4a3e73307f2a04a4901a2d7f65c48 |
| SHA1 | 4063beda5c8cf430d48c87fa1a6a68ddbb93c20c |
| SHA256 | 26f41d1fb3bfccae59379f6a945a348ee951aa4cb6d63ded1b2a7fe51990a570 |
| SHA512 | 1fc1804eca455263001c23e92dea1cae8fdec88797ff7cf5fecc0943a5c4473e9785300d4570a52e9afa83485c4cfc7541d3c3acf8abb83f7a9b3d18143a5f83 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/command-v-kubectl.cmd.txt
| MD5 | ae1741b49f8cb260295757450f4e940c |
| SHA1 | 4ddff8d1a4d241d916647c3416993c2b71d4f08f |
| SHA256 | 5249dea92706d039a3d9c4e7858f4c89b59cde4e0b9295a84b9043e9d73fca9c |
| SHA512 | 8dd4a19c58288396d5d3417c4537197bae3cb3536b608870cb15d9b8fec4ba3bf8f2cc60cad2a8c9023228b2e0df42d59d51890d052ce2b7697d76fb32719e44 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-version.cmd.txt
| MD5 | 96275629f4d50cacc031d9fff056ce0c |
| SHA1 | b47a3521d57e3e86b368994e24075ecee3dd82e7 |
| SHA256 | c49de28b5ecf8b3ddef8ac49737f3870a2b35b77e27b43ec6c8551ed62fd5b15 |
| SHA512 | e0187e7e3bc98aac93fa71c4dc674c54a8325b0454cf64a1b10ff335084d246c414698ac7a293a463de78d30537e92afc9678c8b3951730d2fe1080dfefd8f62 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-version.err.txt
| MD5 | 2b6011e00005a20f051a13323fe2eff0 |
| SHA1 | 7bbc836e615dbd816abad1086e8c75242f84f6a8 |
| SHA256 | 09afb740ea2b3de3ebd36d564f4a9ac8f0214f39efcf027617818054ea845511 |
| SHA512 | 934b95dc713d5c028d099c7c434cbb50707771a875b868a3698de2e131f0801633a7a35700d3207735bb6ce22df323448ca221cf21b1f2ea29775ce114fb4b07 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-getcontexts.cmd.txt
| MD5 | 654e808e4ffd2d97f7e608045cfb16a5 |
| SHA1 | e95666ee9b61a08e754d914115808feffb985760 |
| SHA256 | 424d24f21990aa6c59e6f781f0b25e21f48d31697c53e057aa698e20324b497a |
| SHA512 | 69252aa13b6f9231b8337b71bcd88b8b7bedd6cb4ce9bd912d34fa1c1327e07371385398ccbd3dbc71da2f768f6285a3f77a9e05368b2fb0fa22d1f3c7b22a27 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-config-currentcontext.cmd.txt
| MD5 | 3f76b376d8dc2e1a52eeabb0c3830887 |
| SHA1 | 5f85fa92c2bbe97609a2ba048a8767bf281d0f7a |
| SHA256 | 09ff9097f11f5a67fff70dbec7bfa87df7f2187ee5c029a2c90d6c208bfbbee3 |
| SHA512 | 1f38033692606a45b15c347494db53b5ae9dbeff6b0898ab9d3e1395c659ec077b21b96127db314387fde40e13c92b820d823e3df7e4363ab92db346f0b798fb |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-clusterinfo-dump.cmd.txt
| MD5 | 6fbf190b03be40ae5f8ec36154c72514 |
| SHA1 | c4a49be9f3d7276f30078ed1a7d14f2c40bef3cd |
| SHA256 | 264c0da3f3425bcbbe165df2fea3ec2e3dfc0727e7352510c5ab9cbefbfafcb0 |
| SHA512 | b460c1d6f32a83ac133690712c359bfe911da14058d90454c2f80386133d35134d9d9fe60ff550ba92dd6101040e46c750edc36e5e4fad50b565b08ad6585f77 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-namespaces.cmd.txt
| MD5 | 542e77fcb4b18534f77121a54cc98085 |
| SHA1 | de02b14b99fc69c48befc21fb98c3ada7bac2e04 |
| SHA256 | c485003651d2468a3c16c762765bd746e6f08d47d22960eb2fe9323a2fd663da |
| SHA512 | df578273d33501fe0cbb6bd471e42f02e62b52ec7beeb60889b95a052dc5a8af2068025cdd670110de7679468e83c10dc96d571943ce1e3a77c73d4543ff0333 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-get-nodes.cmd.txt
| MD5 | 3fc130b3e6ef3ca21bc420868d5b580c |
| SHA1 | 3e4537d06a2cdd870d039bf2ab61b1409e74b0b0 |
| SHA256 | e53bbc0cbc3e768a07a8efff68520cf45d2f49e83c9f26ed5aa8d6343af84150 |
| SHA512 | b80f2d773d0b7572dfffa81f52192a218fd6e5a0aba199625f82843d6661b407faa111017b0ed4e66a4dde63c1662b2231e71c4e84fdc6effbdba7b380c008aa |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-nodes.cmd.txt
| MD5 | d16eebb25c9302a1cdf34bdcf7c936ed |
| SHA1 | 7d5398e18b6c0b768ec40a22cbd56971998a9544 |
| SHA256 | e8a1ed5c0ed31fa8e9ae1aff89e1d54e5aa18170f8df1dbf103e7a6861394d29 |
| SHA512 | d9ecc8b01af11a95b295a2517bd1d37e3d253c577a2a0434fa965d8f7772494abfa3aafa73cf19bd476cb46682422d4d9253818f72cbff26cc75789d5cb5ef63 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-pods-allnamespaces.cmd.txt
| MD5 | c863f288967d132b29784e4401b58512 |
| SHA1 | 02ae31e412ff27b9f16b82c1157ad9c9835ed333 |
| SHA256 | 2cf64ab9440bbac91a1ea61888b59f6b97dd0e5adeca729ea8a35429888a2623 |
| SHA512 | 2c5b6ee9e0577f07ef7b3daaf91f1188f58ef2d0d6b971978f4ccec8bae07718879f8cf972a0b7d6aa01e70b28fe2c4ec9427bb7bfe4182fa2693a79a4de696b |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-services-allnamespaces.cmd.txt
| MD5 | 6eca4cf5ebd52f8c2e05e548d720c96b |
| SHA1 | ca48ca8abc3a2cae6a3d4937cca6f78977c39e78 |
| SHA256 | fdf148fcabcf78973dca2ac6687d01116bd2e33715b451441cc01123e74b6d84 |
| SHA512 | d4ce17bc6c1bf1b8376c16e84450bb91a001c28d51aa4d701670f28ada0577c607492c265d8f05bc614c171477dc91406dc0002071a34e6ba4b9f7bcd282b962 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-daemonset-allnamespaces.cmd.txt
| MD5 | c8132922440ccf9c50ff06d65205abd7 |
| SHA1 | 096ed9504bed6655fe7fb7ff1035af007416fc32 |
| SHA256 | 362103778c695feeec811d59a43290d5ee4e0df2ab1fbc3ff00758faf85eb8a4 |
| SHA512 | ee60150b145acbb81694022e3da9de1f105bf483ed4bbdd522f7f9a2b521c4d103412f8e5b53ac2f787804c1ff111ef57a6fda3c199bc4e7c683391c75748b27 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-deployments-allnamespaces.cmd.txt
| MD5 | 3631db57279a5dc45dce19137d1c8026 |
| SHA1 | ccdb8306f79869356d536fdf6edd5d99c3f71978 |
| SHA256 | bd6e8a341d59c7a49d9de9d1c8265d6f0885b4d14eabdc8fbe219b75b7846d86 |
| SHA512 | 23bd0a920543de4d8e82d8b9515f591aa6a2729055e5b6ef2ba1a1249260dedf41948cea4e24c5573ece57d23672725f0e45e28c64b7dc83458c0764ce5f755d |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-replicaset-allnamespaces.cmd.txt
| MD5 | 0d6930d59e8d0fc4648b1c170caf1909 |
| SHA1 | d887818f29e86139b6cd482577d051c6d4d6d548 |
| SHA256 | 6a5e42de63285374c442ec79ada7080ab41bae85438f4adfd95913916d14ba57 |
| SHA512 | 62216eec2f04bdfc0ab69a5c00ec8246ab28f1d6f0164764bf1dd17d2461b5ddce4e632af1af07ff5865fb08e0e09390b18c0bbfa7ead48575e5ad0d81ba7133 |
/tmp/k3s-diagnostics-A1E11B89-6AE1-4385-9755-8307608A6AB2-V7rcMarx/kube/kubectl-describe-storageclass,pv,pvc.cmd.txt
| MD5 | 3c44ff5f7437e2e9ee9bfc27b7239ef8 |
| SHA1 | 51bf4232870c2a38a6fd0240bf18d0fbd5b11458 |
| SHA256 | 643633049e2e90205e3c8841019ba822cd651134021b7d8f1b03f2a8be3ca3ea |
| SHA512 | 6c9a23be940cd980415f9c0118f8156cdf94b3d20b17b8fb95e4da1b8e4f5f517dc4f2eb4727a6fb97c74e50f965fab4f9a7ca9d8f398ba7111170343b1a0513 |
Analysis: behavioral19
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:14
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
132s
Command Line
Signatures
Processes
/tmp/k3s-master/contrib/util/fetch-diags.sh
[/tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.4:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-mipsel-20240226-en
Max time kernel
6s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh
[/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/bin/date
[date +%s]
/usr/bin/openssl
[openssl version]
/usr/bin/openssl
[openssl ecparam -name prime256v1 -genkey -noout -out /dev/null]
/usr/bin/openssl
[openssl version]
/bin/grep
[grep -qF OpenSSL 3]
/bin/mkdir
[mkdir -p /var/lib/rancher/k3s/server/tls/etcd]
/bin/mkdir
[mkdir -p .ca/certs]
/usr/bin/touch
[touch .ca/index]
/usr/bin/openssl
[openssl rand -hex 8]
/bin/rm
[rm -rf .ca]
Network
Files
/var/lib/rancher/k3s/server/tls/.ca/serial
| MD5 | 073641b5d1609fea02a834d5d9a73523 |
| SHA1 | 91573c89134892c2c5e3e33b29ea5a673aa549fe |
| SHA256 | 4265d89d6254e83569adb15227dd479731b04500d394f3921420dd1010919638 |
| SHA512 | f3212877bb058943456fa4855c490c59e31f631258aad3f64870ed62915afbaba599745599c96f9f85db8c0f8516d43e6fac4bb981b557dae1f0b43d43fe68cd |
Analysis: behavioral28
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-armhf-20240611-en
Max time kernel
1s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh
[/tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/rotate-default-ca-certs.sh]
/bin/date
[date +%s]
/usr/bin/openssl
[openssl version]
/usr/bin/openssl
[openssl ecparam -name prime256v1 -genkey -out /dev/null]
/usr/bin/openssl
[openssl version]
/bin/grep
[grep -qF OpenSSL 3]
/bin/mkdir
[mkdir -p /var/lib/rancher/k3s/server/rotate-ca/tls/etcd]
/bin/mkdir
[mkdir -p .ca/certs]
/usr/bin/touch
[touch .ca/index]
/usr/bin/openssl
[openssl rand -hex 8]
/bin/rm
[rm -rf .ca]
Network
Files
/var/lib/rancher/k3s/server/rotate-ca/tls/.ca/serial
| MD5 | 5d84a40f885c8d39de8c44059d07e6d8 |
| SHA1 | edef6ec966bd0c4f569297c8b50c1a15913bd871 |
| SHA256 | a866002c07621fd5a8e902a5e46467d6173e7b2fd79a3d4db3b6a3174666eea7 |
| SHA512 | 10b1447a8ca1d35b4865668e2bba3abee871af53fdb70297f96e200b1894b295a8ec53b0b953ef4f1c16b5da81334ee1a0ba705e0474d8670dce07d1530cb38c |
Analysis: behavioral14
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-mipsel-20240418-en
Max time kernel
17s
Command Line
Signatures
Reads list of loaded kernel modules
| Description | Indicator | Process | Target |
| File opened for reading | /proc/modules | /sbin/lsmod | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/free | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/kernel/security/apparmor/profiles | /bin/cat | N/A |
| File opened for reading | /sys/module/sg/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ip_tables/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crc32c_generic/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/usbcore/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/stahp/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ttm/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sr_mod/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/usbcore/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/drm_kms_helper/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sysfillrect/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/mbcache | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/hid_generic/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/hid/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ata_generic/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sg/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sr_mod/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/e1000/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/stahp/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/mbcache/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/syscopyarea/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/cirrus/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/drm_kms_helper/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/uhci_hcd/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sysimgblt/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/fb_sys_fops/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ecb | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ecb/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/hid/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/usb_common/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ip_tables/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ext4/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/cdrom | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/drm | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/jbd2/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/fscrypto/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/usbhid | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/hid | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/syscopyarea/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/jbd2 | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/hid_generic | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/i2c_core/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ttm/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/cdrom/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/uhci_hcd/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ehci_pci/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ehci_hcd/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ata_piix/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/usb_common | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sysfillrect/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sr_mod | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ehci_pci | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/syscopyarea | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sysimgblt/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/fscrypto | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ecb/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ehci_hcd | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ata_piix | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/joydev/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/drm/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/fb_sys_fops/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crc16/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/jbd2/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/joydev | /sbin/lsmod | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/kernel/keys/root_maxkeys | /bin/cat | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/stat | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/awk | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /usr/bin/free | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/free | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/stat | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/free | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/id | N/A |
| File opened for reading | /proc/cmdline | /sbin/lsmod | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/awk | N/A |
| File opened for reading | /proc/sys/kernel/keys/root_maxkeys | /bin/cat | N/A |
| File opened for reading | /proc/self/cgroup | /tmp/k3s-master/contrib/util/check-config.sh | N/A |
| File opened for reading | /proc/cmdline | /sbin/modprobe | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
Processes
/tmp/k3s-master/contrib/util/check-config.sh
[/tmp/k3s-master/contrib/util/check-config.sh]
/bin/uname
[uname -r]
/usr/bin/dirname
[dirname /tmp/k3s-master/contrib/util/check-config.sh]
/bin/cat
[cat /sys/kernel/security/apparmor/profiles]
/bin/grep
[grep -q zgrep (enforce)]
/bin/uname
[uname -r]
/usr/bin/tr
[tr \n :]
/usr/bin/tr
[tr : \n]
/bin/grep
[grep -v -E ^/tmp/k3s-master/contrib/util$]
/sbin/iptables
[/sbin/iptables --version]
/usr/bin/awk
[awk { print $2 }]
/usr/bin/dirname
[dirname /sbin/iptables]
/bin/grep
[grep -v -q -E ^v[0-9]]
/usr/bin/head
[head -n 1]
/usr/bin/sort
[sort -V]
/usr/bin/free
[free]
/bin/grep
[grep -i ^swap:]
/usr/bin/awk
[awk { print $2 }]
/bin/grep
[grep -q -E ^10\.(42|43)\.]
/bin/grep
[grep -v cni0]
/sbin/ip
[ip route]
/bin/cat
[cat /proc/sys/kernel/keys/root_maxkeys]
/bin/cat
[cat /proc/sys/kernel/keys/root_maxkeys]
/usr/bin/id
[id -u]
/bin/grep
[grep -q configs]
/sbin/lsmod
[lsmod]
/sbin/modprobe
[modprobe configs]
/bin/zcat
[zcat /boot/config-4.9.0-13-4kc-malta]
/bin/gzip
[gzip -cd /boot/config-4.9.0-13-4kc-malta]
/usr/bin/stat
[stat --file-system --format=%t /sys/fs/cgroup]
/usr/bin/stat
[stat --file-system --format=%t /sys/fs/cgroup/unified]
/bin/grep
[grep -Ec (^|:)(cpuset|memory)($|:)]
/usr/bin/tr
[tr -s \n]
/bin/cat
[cat /sys/module/apparmor/parameters/enabled]
/bin/grep
[grep CONFIG_NAMESPACES=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NET_NS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_PID_NS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IPC_NS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_UTS_NS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUPS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_PIDS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_CPUACCT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_DEVICE=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_FREEZER=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_SCHED=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CPUSETS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_MEMCG=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_KEYS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_VETH=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_VETH=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_BRIDGE=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_BRIDGE=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_BRIDGE_NETFILTER=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_BRIDGE_NETFILTER=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_FILTER=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_FILTER=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_TARGET_MASQUERADE=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_TARGET_MASQUERADE=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_TARGET_REJECT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_TARGET_REJECT=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_IPVS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_IPVS=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_COMMENT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_COMMENT=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_NAT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_NAT=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NF_NAT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NF_NAT=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_POSIX_MQUEUE=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_USER_NS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep -q -E ^(centos|rhel)$]
/bin/grep
[grep CONFIG_SECCOMP=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_BLK_CGROUP=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_BLK_DEV_THROTTLING=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_PERF=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_HUGETLB=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_HUGETLB=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NET_CLS_CGROUP=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_NET_CLS_CGROUP=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CGROUP_NET_PRIO=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CFS_BANDWIDTH=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_FAIR_GROUP_SCHED=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_RT_GROUP_SCHED=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_RT_GROUP_SCHED=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_TARGET_REDIRECT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_NF_TARGET_REDIRECT=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_SET=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_SET=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_VS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_VS=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_VS_NFCT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_VS_PROTO_TCP=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_VS_PROTO_UDP=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_VS_RR=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_IP_VS_RR=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_EXT4_FS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_EXT4_FS=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_EXT4_FS_POSIX_ACL=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_EXT4_FS_SECURITY=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_EXT4_FS=[y|m] /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_EXT4_FS_POSIX_ACL=[y|m] /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_EXT4_FS_SECURITY=[y|m] /boot/config-4.9.0-13-4kc-malta]
/bin/sed
[sed s/^/ /]
/bin/grep
[grep CONFIG_VXLAN=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_VXLAN=m /boot/config-4.9.0-13-4kc-malta]
/bin/sed
[sed s/^/ /]
/bin/grep
[grep CONFIG_CRYPTO=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_AEAD=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_AEAD=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_GCM=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_GCM=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_SEQIV=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_SEQIV=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_GHASH=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_CRYPTO_GHASH=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_XFRM=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_XFRM_USER=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_XFRM_USER=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_XFRM_ALGO=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_XFRM_ALGO=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_INET_ESP=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_INET_ESP=m /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_INET_XFRM_MODE_TRANSPORT=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_INET_XFRM_MODE_TRANSPORT=m /boot/config-4.9.0-13-4kc-malta]
/bin/sed
[sed s/^/ /]
/bin/grep
[grep CONFIG_OVERLAY_FS=y /boot/config-4.9.0-13-4kc-malta]
/bin/grep
[grep CONFIG_OVERLAY_FS=m /boot/config-4.9.0-13-4kc-malta]
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:14
Platform
win10v2004-20240709-en
Max time kernel
91s
Max time network
93s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.drone.yml
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
win7-20240705-en
Max time kernel
102s
Max time network
18s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\yml_auto_file | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\yml_auto_file\ | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\yml_auto_file\shell | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\yml_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.yml | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.yml\ = "yml_auto_file" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\yml_auto_file\shell\Read | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\yml_auto_file\shell\Read\command | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2144 wrote to memory of 2928 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2144 wrote to memory of 2928 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2144 wrote to memory of 2928 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2928 wrote to memory of 2976 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2928 wrote to memory of 2976 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2928 wrote to memory of 2976 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2928 wrote to memory of 2976 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.github\.codecov.yml
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\k3s-master\.github\.codecov.yml
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\k3s-master\.github\.codecov.yml"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | 7a258a8aa852145c109f74f1b9fb856c |
| SHA1 | c3cc9a0d44a92fdcee889a75dfb898eb421afc28 |
| SHA256 | a738e958f477da541401592e3a1f5c10fd91eeb0a4a862dce08423016050a293 |
| SHA512 | 30cae7e88ac3adf0a75a859aa2e626930ac573edec47386a857ee392167a7220620a48df8738b0fd65c462ff1f7a005825505b571359e31c446a8b52377db4df |
Analysis: behavioral12
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-armhf-20240611-en
Max time kernel
10s
Command Line
Signatures
Reads list of loaded kernel modules
| Description | Indicator | Process | Target |
| File opened for reading | /proc/modules | /sbin/lsmod | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/free | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/module/virtio_net/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio_mmio/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ip_tables/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/autofs4/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ext4 | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/jbd2 | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crc32c_generic | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ext4/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/mbcache/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio_ring/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/stahp | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crc16/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio_mmio | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio_blk/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio_net | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio_mmio/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio_blk/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/stahp/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ext4/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/jbd2/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crc32c_generic/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/jbd2/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/fscrypto/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/mbcache | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/mbcache/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/evdev | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/evdev/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/x_tables | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/autofs4/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/fscrypto/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ip_tables/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/x_tables/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ext4/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crc16/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/fscrypto | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/x_tables/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ecb/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/evdev/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/autofs4/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crc32c_generic/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio_blk/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/apparmor/parameters/enabled | /bin/cat | N/A |
| File opened for reading | /sys/module/jbd2/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ecb/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/mbcache/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/stahp/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ip_tables | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/autofs4 | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crc16 | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crc16/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/stahp/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ecb/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio_net/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/kernel/security/apparmor/profiles | /bin/cat | N/A |
| File opened for reading | /sys/module/ip_tables/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ecb | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio_mmio/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio_ring/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/x_tables/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crc32c_generic/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio_ring/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio/refcnt | /sbin/lsmod | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/kernel/keys/root_maxkeys | /bin/cat | N/A |
| File opened for reading | /proc/cmdline | /sbin/lsmod | N/A |
| File opened for reading | /proc/cmdline | /sbin/modprobe | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/free | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/free | N/A |
| File opened for reading | /proc/sys/kernel/keys/root_maxkeys | /bin/cat | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/awk | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/stat | N/A |
| File opened for reading | /proc/self/cgroup | /tmp/k3s-master/contrib/util/check-config.sh | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/stat | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /usr/bin/free | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/awk | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/id | N/A |
Processes
/tmp/k3s-master/contrib/util/check-config.sh
[/tmp/k3s-master/contrib/util/check-config.sh]
/bin/uname
[uname -r]
/usr/bin/dirname
[dirname /tmp/k3s-master/contrib/util/check-config.sh]
/bin/cat
[cat /sys/kernel/security/apparmor/profiles]
/bin/grep
[grep -q zgrep (enforce)]
/bin/uname
[uname -r]
/usr/bin/tr
[tr \n :]
/usr/bin/tr
[tr : \n]
/bin/grep
[grep -v -E ^/tmp/k3s-master/contrib/util$]
/sbin/iptables
[/sbin/iptables --version]
/usr/bin/awk
[awk { print $2 }]
/usr/bin/dirname
[dirname /sbin/iptables]
/bin/grep
[grep -v -q -E ^v[0-9]]
/usr/bin/sort
[sort -V]
/usr/bin/head
[head -n 1]
/usr/bin/free
[free]
/bin/grep
[grep -i ^swap:]
/usr/bin/awk
[awk { print $2 }]
/sbin/ip
[ip route]
/bin/grep
[grep -q -E ^10\.(42|43)\.]
/bin/grep
[grep -v cni0]
/bin/cat
[cat /proc/sys/kernel/keys/root_maxkeys]
/bin/cat
[cat /proc/sys/kernel/keys/root_maxkeys]
/usr/bin/id
[id -u]
/sbin/lsmod
[lsmod]
/bin/grep
[grep -q configs]
/sbin/modprobe
[modprobe configs]
/bin/zcat
[zcat /boot/config-4.9.0-13-armmp-lpae]
/bin/gzip
[gzip -cd /boot/config-4.9.0-13-armmp-lpae]
/usr/bin/stat
[stat --file-system --format=%t /sys/fs/cgroup]
/usr/bin/stat
[stat --file-system --format=%t /sys/fs/cgroup/unified]
/bin/grep
[grep -Ec (^|:)(cpuset|memory)($|:)]
/usr/bin/tr
[tr -s \n]
/bin/cat
[cat /sys/module/apparmor/parameters/enabled]
/bin/grep
[grep CONFIG_NAMESPACES=y /boot/config-4.9.0-13-armmp-lpae]
/bin/grep
[grep CONFIG_NET_NS=y /boot/config-4.9.0-13-armmp-lpae]
/bin/grep
[grep CONFIG_PID_NS=y /boot/config-4.9.0-13-armmp-lpae]
/bin/grep
[grep CONFIG_IPC_NS=y /boot/config-4.9.0-13-armmp-lpae]
/bin/grep
[grep CONFIG_UTS_NS=y /boot/config-4.9.0-13-armmp-lpae]
/bin/grep
[grep CONFIG_CGROUPS=y /boot/config-4.9.0-13-armmp-lpae]
/bin/grep
[grep CONFIG_CGROUP_PIDS=y /boot/config-4.9.0-13-armmp-lpae]
/bin/grep
[grep CONFIG_CGROUP_CPUACCT=y /boot/config-4.9.0-13-armmp-lpae]
/bin/grep
[grep CONFIG_CGROUP_DEVICE=y /boot/config-4.9.0-13-armmp-lpae]
/bin/grep
[grep CONFIG_CGROUP_FREEZER=y /boot/config-4.9.0-13-armmp-lpae]
/bin/grep
[grep CONFIG_CGROUP_SCHED=y /boot/config-4.9.0-13-armmp-lpae]
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:14
Platform
debian9-armhf-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/k3s-master/contrib/util/fetch-diags.sh
[/tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:14
Platform
win7-20240708-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\k3s-master.zip
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
128s
Command Line
Signatures
Reads list of loaded kernel modules
| Description | Indicator | Process | Target |
| File opened for reading | /proc/modules | /sbin/lsmod | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/free | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/module/drm_kms_helper/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/drm_kms_helper/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/aes_x86_64/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/autofs4 | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/nf_tables/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/lp/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ip_tables | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/nf_tables_inet/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/fb_sys_fops/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/drm | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/aesni_intel/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/8139too/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sysfillrect/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/hid_generic/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/stahp/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/glue_helper/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/cryptd/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/x_tables | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sysimgblt/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ghash_clmulni_intel/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/libahci/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/fb_sys_fops/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/pcbc/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/binfmt_misc/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sch_fq_codel/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/aes_x86_64/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/glue_helper | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/floppy/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/joydev/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/nf_tables/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/nf_tables_ipv4/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sysimgblt | /sbin/lsmod | N/A |
| File opened for reading | /sys/kernel/security/apparmor/profiles | /bin/cat | N/A |
| File opened for reading | /sys/module/sysimgblt/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/i2c_piix4/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/qemu_fw_cfg/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/8139cp/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio_blk/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/usbhid/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/8139cp/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/i2c_piix4/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/parport_pc/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ttm/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ttm | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sch_fq_codel | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/nf_tables_ipv6/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/input_leds/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/virtio_gpu/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/psmouse/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/libahci/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crypto_simd/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/i2c_piix4/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crct10dif_pclmul | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/ahci/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/sysfillrect | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/mac_hid | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/libahci/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/parport_pc | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/nf_tables_ipv4/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/aesni_intel/refcnt | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/8139too/coresize | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/drm/holders | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/crypto_simd | /sbin/lsmod | N/A |
| File opened for reading | /sys/module/binfmt_misc | /sbin/lsmod | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/maps | /usr/bin/awk | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/free | N/A |
| File opened for reading | /proc/cmdline | /sbin/modprobe | N/A |
| File opened for reading | /proc/self/cgroup | /tmp/k3s-master/contrib/util/check-config.sh | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/awk | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /usr/bin/free | N/A |
| File opened for reading | /proc/sys/kernel/keys/root_maxkeys | /bin/cat | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/id | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/sys/kernel/keys/root_maxkeys | /bin/cat | N/A |
| File opened for reading | /proc/cmdline | /sbin/lsmod | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/stat | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/stat | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
Processes
/tmp/k3s-master/contrib/util/check-config.sh
[/tmp/k3s-master/contrib/util/check-config.sh]
/bin/uname
[uname -r]
/usr/bin/dirname
[dirname /tmp/k3s-master/contrib/util/check-config.sh]
/bin/grep
[grep -q zgrep (enforce)]
/bin/cat
[cat /sys/kernel/security/apparmor/profiles]
/bin/uname
[uname -r]
/usr/bin/tr
[tr \n :]
/bin/grep
[grep -v -E ^/tmp/k3s-master/contrib/util$]
/usr/bin/tr
[tr : \n]
/sbin/iptables
[/sbin/iptables --version]
/usr/bin/awk
[awk { print $2 }]
/usr/bin/dirname
[dirname /sbin/iptables]
/bin/grep
[grep -v -q -E ^v[0-9]]
/usr/bin/head
[head -n 1]
/usr/bin/sort
[sort -V]
/usr/bin/awk
[awk { print $2 }]
/bin/grep
[grep -i ^swap:]
/usr/bin/free
[free]
/bin/grep
[grep -q -E ^10\.(42|43)\.]
/bin/grep
[grep -v cni0]
/sbin/ip
[ip route]
/bin/cat
[cat /proc/sys/kernel/keys/root_maxkeys]
/bin/cat
[cat /proc/sys/kernel/keys/root_maxkeys]
/usr/bin/id
[id -u]
/bin/grep
[grep -q configs]
/sbin/lsmod
[lsmod]
/sbin/modprobe
[modprobe configs]
/bin/zcat
[zcat /boot/config-4.15.0-213-generic]
/bin/gzip
[gzip -cd /boot/config-4.15.0-213-generic]
/usr/bin/stat
[stat --file-system --format=%t /sys/fs/cgroup]
/usr/bin/stat
[stat --file-system --format=%t /sys/fs/cgroup/unified]
/bin/grep
[grep -Ec (^|:)(cpuset|memory)($|:)]
/usr/bin/tr
[tr -s \n]
/bin/cat
[cat /sys/module/apparmor/parameters/enabled]
/bin/grep
[grep CONFIG_NAMESPACES=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NET_NS=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_PID_NS=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IPC_NS=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_UTS_NS=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CGROUPS=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CGROUP_PIDS=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CGROUP_CPUACCT=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CGROUP_DEVICE=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CGROUP_FREEZER=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CGROUP_SCHED=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CPUSETS=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_MEMCG=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_KEYS=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_VETH=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_VETH=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_BRIDGE=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_BRIDGE=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_BRIDGE_NETFILTER=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_BRIDGE_NETFILTER=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_NF_FILTER=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_NF_FILTER=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_NF_TARGET_MASQUERADE=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_NF_TARGET_MASQUERADE=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_NF_TARGET_REJECT=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_NF_TARGET_REJECT=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_IPVS=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_IPVS=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_COMMENT=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_COMMENT=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_NF_NAT=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_NF_NAT=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NF_NAT=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NF_NAT=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_POSIX_MQUEUE=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_USER_NS=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep -q -E ^(centos|rhel)$]
/bin/grep
[grep CONFIG_SECCOMP=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_BLK_CGROUP=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_BLK_DEV_THROTTLING=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CGROUP_PERF=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CGROUP_HUGETLB=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NET_CLS_CGROUP=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_NET_CLS_CGROUP=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CGROUP_NET_PRIO=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CFS_BANDWIDTH=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_FAIR_GROUP_SCHED=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_RT_GROUP_SCHED=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_RT_GROUP_SCHED=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_NF_TARGET_REDIRECT=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_NF_TARGET_REDIRECT=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_SET=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_SET=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_VS=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_VS=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_VS_NFCT=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_VS_PROTO_TCP=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_VS_PROTO_UDP=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_VS_RR=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_IP_VS_RR=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_EXT4_FS=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_EXT4_FS_POSIX_ACL=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_EXT4_FS_SECURITY=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_EXT4_FS=[y|m] /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_EXT4_FS_POSIX_ACL=[y|m] /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_EXT4_FS_SECURITY=[y|m] /boot/config-4.15.0-213-generic]
/bin/sed
[sed s/^/ /]
/bin/grep
[grep CONFIG_VXLAN=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_VXLAN=m /boot/config-4.15.0-213-generic]
/bin/sed
[sed s/^/ /]
/bin/grep
[grep CONFIG_CRYPTO=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CRYPTO_AEAD=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CRYPTO_GCM=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CRYPTO_SEQIV=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_CRYPTO_GHASH=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_XFRM=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_XFRM_USER=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_XFRM_USER=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_XFRM_ALGO=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_XFRM_ALGO=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_INET_ESP=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_INET_ESP=m /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_INET_XFRM_MODE_TRANSPORT=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_INET_XFRM_MODE_TRANSPORT=m /boot/config-4.15.0-213-generic]
/bin/sed
[sed s/^/ /]
/bin/grep
[grep CONFIG_OVERLAY_FS=y /boot/config-4.15.0-213-generic]
/bin/grep
[grep CONFIG_OVERLAY_FS=m /boot/config-4.15.0-213-generic]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 195.181.164.15:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-mipsel-20240418-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/k3s-master/contrib/util/fetch-diags.sh
[/tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/fetch-diags.sh]
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-mipsbe-20240611-en
Max time kernel
3s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /bin/mkdir | N/A |
Processes
/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh
[/tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/local/sbin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/local/bin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/sbin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/usr/bin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/sbin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/bin/bash
[bash /tmp/k3s-master/contrib/util/generate-custom-ca-certs.sh]
/bin/date
[date +%s]
/usr/bin/openssl
[openssl version]
/usr/bin/openssl
[openssl ecparam -name prime256v1 -genkey -noout -out /dev/null]
/bin/grep
[grep -qF OpenSSL 3]
/usr/bin/openssl
[openssl version]
/bin/mkdir
[mkdir -p /var/lib/rancher/k3s/server/tls/etcd]
/bin/mkdir
[mkdir -p .ca/certs]
/usr/bin/touch
[touch .ca/index]
/usr/bin/openssl
[openssl rand -hex 8]
/bin/rm
[rm -rf .ca]
Network
Files
/var/lib/rancher/k3s/server/tls/.ca/serial
| MD5 | 539bb1bacac08f2c88e5d497395885a5 |
| SHA1 | 269404ec3d094ddba241276631f427aa473b0e7f |
| SHA256 | 4f0ced45a75faaf308aaeddf6ab5a03307553219f2c1436c1e7f35791d71b568 |
| SHA512 | da920daf44f4ccfbd9231840cb2c707e9defc2c4f2330aba2e24ca553b0ec1f4c21d442e767efb81d2aaee089ee11500a4aad54442cfebda9ebdb3cb7f589e2e |
Analysis: behavioral31
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
149s
Max time network
133s
Command Line
Signatures
Write file to user bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /usr/local/bin/k3s-ro-test | /usr/bin/touch | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/id | N/A |
Processes
/tmp/k3s-master/install.sh
[/tmp/k3s-master/install.sh]
/bin/sed
[sed -e s/\([][!#$%&()*;<=>?\_`{|}]\)/\\\1/g;]
/bin/sed
[sed -e s/[][!#$%&()*;<=>?\_`{|}/[:space:]]/^/g;]
/usr/bin/id
[id -u]
/bin/sh
[sh -c touch /usr/local/bin/k3s-ro-test && rm -rf /usr/local/bin/k3s-ro-test]
/usr/bin/touch
[touch /usr/local/bin/k3s-ro-test]
/bin/rm
[rm -rf /usr/local/bin/k3s-ro-test]
/usr/bin/sha256sum
[sha256sum /usr/local/bin/k3s /etc/systemd/system/k3s.service /etc/systemd/system/k3s.service.env]
/bin/uname
[uname -m]
/bin/mktemp
[mktemp -d -t k3s-install.XXXXXXXXXX]
/bin/sed
[sed -e s|.*/||]
/usr/bin/curl
[curl -w %{url_effective} -L -s -S https://update.k3s.io/v1-release/channels/stable -o /dev/null]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | update.k3s.io | udp |
| US | 1.1.1.1:53 | update.k3s.io | udp |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.6:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
debian9-armhf-20240418-en
Max time kernel
149s
Max time network
5s
Command Line
Signatures
Write file to user bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /usr/local/bin/k3s-ro-test | /usr/bin/touch | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/id | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
Processes
/tmp/k3s-master/install.sh
[/tmp/k3s-master/install.sh]
/bin/sed
[sed -e s/\([][!#$%&()*;<=>?\_`{|}]\)/\\\1/g;]
/bin/sed
[sed -e s/[][!#$%&()*;<=>?\_`{|}/[:space:]]/^/g;]
/usr/bin/id
[id -u]
/bin/sh
[sh -c touch /usr/local/bin/k3s-ro-test && rm -rf /usr/local/bin/k3s-ro-test]
/usr/bin/touch
[touch /usr/local/bin/k3s-ro-test]
/bin/rm
[rm -rf /usr/local/bin/k3s-ro-test]
/usr/bin/sha256sum
[sha256sum /usr/local/bin/k3s /etc/systemd/system/k3s.service /etc/systemd/system/k3s.service.env]
/bin/uname
[uname -m]
/bin/mktemp
[mktemp -d -t k3s-install.XXXXXXXXXX]
/usr/bin/curl
[curl -w %{url_effective} -L -s -S https://update.k3s.io/v1-release/channels/stable -o /dev/null]
/bin/sed
[sed -e s|.*/||]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | update.k3s.io | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-15 05:05
Reported
2024-07-15 05:15
Platform
win7-20240708-en
Max time kernel
117s
Max time network
123s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\dockerignore_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\dockerignore_auto_file\ | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\dockerignore_auto_file | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\.dockerignore | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\.dockerignore\ = "dockerignore_auto_file" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\dockerignore_auto_file\shell\Read | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\dockerignore_auto_file\shell | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_CLASSES\dockerignore_auto_file\shell\Read\command | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2636 wrote to memory of 2832 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2636 wrote to memory of 2832 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2636 wrote to memory of 2832 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2832 wrote to memory of 1896 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2832 wrote to memory of 1896 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2832 wrote to memory of 1896 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2832 wrote to memory of 1896 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\k3s-master\.dockerignore
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\k3s-master\.dockerignore
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\k3s-master\.dockerignore"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | 7ef2267463a11b6ca01b7efb5d1a67eb |
| SHA1 | e233b0da49d49f6082bd2a73eea051323b977ccc |
| SHA256 | db6f10c39933c3b8185b93ff381c72b647e5443c6c7b207d2823512e72ce0a70 |
| SHA512 | 9074e036205225e7dc3a55eeecbf40fda234b584f86bf5972e8e2f46bcdd491239f9be074d59dbce854e9e479cabaed94ba4a2fec4e4f0f199455f20c25455ca |