File name:

install.sh

Full analysis: https://app.any.run/tasks/0c699f27-d5ff-4088-a84d-c992fd0f3cef
Verdict: Malicious activity
Analysis date: May 16, 2025, 22:59:55
OS: Ubuntu 22.04.2
Indicators:
MIME: text/x-shellscript
File info: Bourne-Again shell script, Unicode text, UTF-8 text executable
MD5:

82272258D15225DB07DF8DAD3EB29A04

SHA1:

CAC5AC1BB71A5C0152F8E5A58BDA1763C5D8B0BA

SHA256:

99F9B14E0DF4B70BE7D889D9EE91383B95368CA160CEB623B2CD864F56742D48

SSDEEP:

96:5SjffLHPkTnfVK9QBbzRCuaBUPoneKnA+HIEg8j3io43gFFh3gSOrqacMI9+e:5SjffL3uaBeoVnZHIEX+3C3Tp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Adds/modifies system service, likely for persistence

      • dpkg (PID: 42052)

  • SUSPICIOUS

    • Executes commands using command-line interpreter

      • sudo (PID: 41030)
      • gnome-terminal-server (PID: 41774)

    • Modifies file or directory owner

      • sudo (PID: 41027)
      • dash (PID: 42238)

    • Reads passwd file

      • http (PID: 41045)
      • http (PID: 41044)
      • http (PID: 41046)
      • apt (PID: 41034)
      • gpgv (PID: 41048)
      • http (PID: 41053)
      • python3.10 (PID: 41042)
      • python3.10 (PID: 41043)
      • http (PID: 41075)
      • store (PID: 41255)
      • gpgv (PID: 41430)
      • store (PID: 41526)
      • tar (PID: 42057)
      • dpkg (PID: 42052)
      • tar (PID: 42066)
      • tar (PID: 42077)
      • tar (PID: 42104)
      • tar (PID: 42086)
      • tar (PID: 42095)
      • apt (PID: 41991)
      • http (PID: 42034)
      • perl (PID: 42036)
      • tar (PID: 42150)
      • tar (PID: 42168)
      • tar (PID: 42215)
      • tar (PID: 42186)
      • tar (PID: 42199)
      • tar (PID: 42224)
      • tar (PID: 42113)
      • tar (PID: 42122)
      • tar (PID: 42131)
      • tar (PID: 42141)
      • tar (PID: 42159)
      • tar (PID: 42177)
      • getent (PID: 42240)
      • getent (PID: 42243)
      • useradd (PID: 42252)
      • usermod (PID: 42259)
      • chage (PID: 42266)
      • perl (PID: 42245)
      • mandb (PID: 42362)
      • tor (PID: 42353)
      • install (PID: 42351)
      • tor (PID: 42352)

    • Check the Environment Variables Related to System Identification (os-release)

      • python3.10 (PID: 41043)
      • appstreamcli (PID: 41536)
      • python3.10 (PID: 41662)
      • python3.10 (PID: 41673)
      • python3.10 (PID: 41676)
      • python3.10 (PID: 41675)
      • python3.10 (PID: 41678)
      • python3.10 (PID: 41679)
      • python3.10 (PID: 41680)
      • python3.10 (PID: 41674)
      • python3.10 (PID: 41677)
      • python3.10 (PID: 41683)
      • python3.10 (PID: 41684)
      • python3.10 (PID: 41686)
      • python3.10 (PID: 41687)
      • python3.10 (PID: 41688)
      • python3.10 (PID: 41689)
      • python3.10 (PID: 41681)
      • python3.10 (PID: 41682)
      • python3.10 (PID: 41685)
      • python3.10 (PID: 41691)
      • python3.10 (PID: 41692)
      • python3.10 (PID: 41695)
      • python3.10 (PID: 41697)
      • python3.10 (PID: 41690)
      • python3.10 (PID: 41693)
      • python3.10 (PID: 41694)
      • python3.10 (PID: 41696)
      • python3.10 (PID: 41701)
      • python3.10 (PID: 41702)
      • python3.10 (PID: 41698)
      • python3.10 (PID: 41699)
      • python3.10 (PID: 41700)
      • python3.10 (PID: 41703)
      • python3.10 (PID: 41710)
      • python3.10 (PID: 41711)
      • python3.10 (PID: 41712)
      • python3.10 (PID: 41705)
      • python3.10 (PID: 41706)
      • python3.10 (PID: 41707)
      • python3.10 (PID: 41704)
      • python3.10 (PID: 41708)
      • python3.10 (PID: 41709)
      • python3.10 (PID: 41716)
      • python3.10 (PID: 41715)
      • python3.10 (PID: 41717)
      • python3.10 (PID: 41718)
      • python3.10 (PID: 41720)
      • python3.10 (PID: 41713)
      • python3.10 (PID: 41714)
      • python3.10 (PID: 41719)
      • python3.10 (PID: 41723)
      • python3.10 (PID: 41725)
      • python3.10 (PID: 41721)
      • python3.10 (PID: 41722)
      • python3.10 (PID: 41724)
      • python3.10 (PID: 41726)
      • python3.10 (PID: 41727)
      • python3.10 (PID: 41731)
      • python3.10 (PID: 41732)
      • python3.10 (PID: 41733)
      • python3.10 (PID: 41735)
      • python3.10 (PID: 41734)
      • python3.10 (PID: 41728)
      • python3.10 (PID: 41729)
      • python3.10 (PID: 41730)
      • python3.10 (PID: 41740)
      • python3.10 (PID: 41739)
      • python3.10 (PID: 41741)
      • python3.10 (PID: 41742)
      • python3.10 (PID: 41743)
      • python3.10 (PID: 41744)
      • python3.10 (PID: 41745)
      • python3.10 (PID: 41736)
      • python3.10 (PID: 41737)
      • python3.10 (PID: 41738)
      • python3.10 (PID: 41748)
      • python3.10 (PID: 41750)
      • python3.10 (PID: 41751)
      • python3.10 (PID: 41752)
      • python3.10 (PID: 41753)
      • python3.10 (PID: 41754)
      • python3.10 (PID: 41755)
      • python3.10 (PID: 41746)
      • python3.10 (PID: 41747)
      • python3.10 (PID: 41749)
      • python3.10 (PID: 41757)
      • python3.10 (PID: 41758)
      • python3.10 (PID: 41760)
      • python3.10 (PID: 41763)
      • python3.10 (PID: 41769)
      • python3.10 (PID: 41771)
      • python3.10 (PID: 41756)
      • python3.10 (PID: 41775)
      • python3.10 (PID: 41809)
      • python3.10 (PID: 41780)
      • python3.10 (PID: 41781)
      • python3.10 (PID: 41808)
      • python3.10 (PID: 41770)
      • python3.10 (PID: 41772)
      • python3.10 (PID: 41773)
      • python3.10 (PID: 41783)
      • python3.10 (PID: 41810)
      • python3.10 (PID: 41811)
      • python3.10 (PID: 41813)
      • python3.10 (PID: 41815)
      • python3.10 (PID: 41816)
      • python3.10 (PID: 41812)
      • python3.10 (PID: 41814)
      • python3.10 (PID: 41821)
      • python3.10 (PID: 41820)
      • python3.10 (PID: 41822)
      • python3.10 (PID: 41824)
      • python3.10 (PID: 41817)
      • python3.10 (PID: 41818)
      • python3.10 (PID: 41819)
      • python3.10 (PID: 41823)
      • python3.10 (PID: 41831)
      • python3.10 (PID: 41832)
      • python3.10 (PID: 41828)
      • python3.10 (PID: 41833)
      • python3.10 (PID: 41830)
      • python3.10 (PID: 41834)
      • python3.10 (PID: 41826)
      • python3.10 (PID: 41825)
      • python3.10 (PID: 41827)
      • python3.10 (PID: 41829)
      • python3.10 (PID: 41835)
      • python3.10 (PID: 41836)
      • python3.10 (PID: 41837)
      • python3.10 (PID: 41839)
      • python3.10 (PID: 41840)
      • python3.10 (PID: 41844)
      • python3.10 (PID: 41842)
      • python3.10 (PID: 41843)
      • python3.10 (PID: 41838)
      • python3.10 (PID: 41841)
      • python3.10 (PID: 41845)
      • python3.10 (PID: 41848)
      • python3.10 (PID: 41847)
      • python3.10 (PID: 41849)
      • python3.10 (PID: 41850)
      • python3.10 (PID: 41851)
      • python3.10 (PID: 41852)
      • python3.10 (PID: 41853)
      • python3.10 (PID: 41846)
      • python3.10 (PID: 41857)
      • python3.10 (PID: 41856)
      • python3.10 (PID: 41858)
      • python3.10 (PID: 41859)
      • python3.10 (PID: 41861)
      • python3.10 (PID: 41855)
      • python3.10 (PID: 41854)
      • python3.10 (PID: 41866)
      • python3.10 (PID: 41865)
      • python3.10 (PID: 41868)
      • python3.10 (PID: 41867)
      • python3.10 (PID: 41869)
      • python3.10 (PID: 41870)
      • python3.10 (PID: 41862)
      • python3.10 (PID: 41863)
      • python3.10 (PID: 41864)
      • python3.10 (PID: 41871)
      • python3.10 (PID: 41873)
      • python3.10 (PID: 41874)
      • python3.10 (PID: 41877)
      • python3.10 (PID: 41875)
      • python3.10 (PID: 41876)
      • python3.10 (PID: 41878)
      • python3.10 (PID: 41879)
      • python3.10 (PID: 41872)
      • python3.10 (PID: 41881)
      • python3.10 (PID: 41882)
      • python3.10 (PID: 41885)
      • python3.10 (PID: 41886)
      • python3.10 (PID: 41880)
      • python3.10 (PID: 41883)
      • python3.10 (PID: 41884)
      • python3.10 (PID: 41887)
      • python3.10 (PID: 41890)
      • python3.10 (PID: 41893)
      • python3.10 (PID: 41892)
      • python3.10 (PID: 41894)
      • python3.10 (PID: 41895)
      • python3.10 (PID: 41897)
      • python3.10 (PID: 41889)
      • python3.10 (PID: 41888)
      • python3.10 (PID: 41891)
      • python3.10 (PID: 41860)
      • python3.10 (PID: 41898)
      • python3.10 (PID: 41899)
      • python3.10 (PID: 41900)
      • python3.10 (PID: 41901)
      • python3.10 (PID: 41904)
      • python3.10 (PID: 41896)
      • python3.10 (PID: 41902)
      • python3.10 (PID: 41903)
      • python3.10 (PID: 41908)
      • python3.10 (PID: 41906)
      • python3.10 (PID: 41911)
      • python3.10 (PID: 41909)
      • python3.10 (PID: 41910)
      • python3.10 (PID: 41913)
      • python3.10 (PID: 41912)
      • python3.10 (PID: 41905)
      • python3.10 (PID: 41907)
      • python3.10 (PID: 41916)
      • python3.10 (PID: 41919)
      • python3.10 (PID: 41918)
      • python3.10 (PID: 41920)
      • python3.10 (PID: 41914)
      • python3.10 (PID: 41915)
      • python3.10 (PID: 41917)
      • python3.10 (PID: 41922)
      • python3.10 (PID: 41925)
      • python3.10 (PID: 41924)
      • python3.10 (PID: 41926)
      • python3.10 (PID: 41928)
      • python3.10 (PID: 41921)
      • python3.10 (PID: 41923)
      • python3.10 (PID: 41927)
      • python3.10 (PID: 41933)
      • python3.10 (PID: 41932)
      • python3.10 (PID: 41934)
      • python3.10 (PID: 41936)
      • python3.10 (PID: 41935)
      • python3.10 (PID: 41929)
      • python3.10 (PID: 41930)
      • python3.10 (PID: 41931)
      • python3.10 (PID: 41942)
      • python3.10 (PID: 41944)
      • python3.10 (PID: 41943)
      • python3.10 (PID: 41937)
      • python3.10 (PID: 41938)
      • python3.10 (PID: 41939)
      • python3.10 (PID: 41940)
      • python3.10 (PID: 41941)
      • python3.10 (PID: 41949)
      • python3.10 (PID: 41948)
      • python3.10 (PID: 41950)
      • python3.10 (PID: 41951)
      • python3.10 (PID: 41952)
      • python3.10 (PID: 41945)
      • python3.10 (PID: 41946)
      • python3.10 (PID: 41947)
      • python3.10 (PID: 41956)
      • python3.10 (PID: 41960)
      • python3.10 (PID: 41958)
      • python3.10 (PID: 41957)
      • python3.10 (PID: 41959)
      • python3.10 (PID: 41954)
      • python3.10 (PID: 41953)
      • python3.10 (PID: 41955)
      • python3.10 (PID: 41967)
      • python3.10 (PID: 41964)
      • python3.10 (PID: 41965)
      • python3.10 (PID: 41966)
      • python3.10 (PID: 41968)
      • python3.10 (PID: 41961)
      • python3.10 (PID: 41962)
      • python3.10 (PID: 41963)
      • python3.10 (PID: 41971)
      • python3.10 (PID: 41972)
      • python3.10 (PID: 41973)
      • python3.10 (PID: 41974)
      • python3.10 (PID: 41976)
      • python3.10 (PID: 41975)
      • python3.10 (PID: 41969)
      • python3.10 (PID: 41970)
      • python3.10 (PID: 41979)
      • python3.10 (PID: 41981)
      • snap (PID: 41995)
      • python3.10 (PID: 41977)
      • python3.10 (PID: 41978)
      • python3.10 (PID: 41980)
      • snap (PID: 42022)
      • snap (PID: 42010)
      • python3.10 (PID: 42396)
      • python3.10 (PID: 42388)
      • python3.10 (PID: 42400)
      • python3.10 (PID: 42401)
      • python3.10 (PID: 42402)
      • python3.10 (PID: 42403)
      • python3.10 (PID: 42404)
      • python3.10 (PID: 42397)
      • python3.10 (PID: 42398)
      • python3.10 (PID: 42399)
      • python3.10 (PID: 42409)
      • python3.10 (PID: 42410)
      • python3.10 (PID: 42412)
      • python3.10 (PID: 42405)
      • python3.10 (PID: 42406)
      • python3.10 (PID: 42407)
      • python3.10 (PID: 42408)
      • python3.10 (PID: 42411)
      • python3.10 (PID: 42414)
      • python3.10 (PID: 42417)
      • python3.10 (PID: 42418)
      • python3.10 (PID: 42413)
      • python3.10 (PID: 42415)
      • python3.10 (PID: 42416)
      • python3.10 (PID: 42423)
      • python3.10 (PID: 42424)
      • python3.10 (PID: 42425)
      • python3.10 (PID: 42419)
      • python3.10 (PID: 42420)
      • python3.10 (PID: 42421)
      • python3.10 (PID: 42422)
      • python3.10 (PID: 42429)
      • python3.10 (PID: 42431)
      • python3.10 (PID: 42432)
      • python3.10 (PID: 42427)
      • python3.10 (PID: 42426)
      • python3.10 (PID: 42428)
      • python3.10 (PID: 42430)
      • python3.10 (PID: 42438)
      • python3.10 (PID: 42433)
      • python3.10 (PID: 42434)
      • python3.10 (PID: 42435)
      • python3.10 (PID: 42436)
      • python3.10 (PID: 42437)
      • python3.10 (PID: 42443)
      • python3.10 (PID: 42446)
      • python3.10 (PID: 42444)
      • python3.10 (PID: 42439)
      • python3.10 (PID: 42440)
      • python3.10 (PID: 42441)
      • python3.10 (PID: 42442)
      • python3.10 (PID: 42445)
      • python3.10 (PID: 42450)
      • python3.10 (PID: 42451)
      • python3.10 (PID: 42452)
      • python3.10 (PID: 42453)
      • python3.10 (PID: 42454)
      • python3.10 (PID: 42455)
      • python3.10 (PID: 42447)
      • python3.10 (PID: 42449)
      • python3.10 (PID: 42448)
      • python3.10 (PID: 42457)
      • python3.10 (PID: 42458)
      • python3.10 (PID: 42459)
      • python3.10 (PID: 42460)
      • python3.10 (PID: 42462)
      • python3.10 (PID: 42461)
      • python3.10 (PID: 42463)
      • python3.10 (PID: 42464)
      • python3.10 (PID: 42456)
      • python3.10 (PID: 42466)
      • python3.10 (PID: 42469)
      • python3.10 (PID: 42472)
      • python3.10 (PID: 42470)
      • python3.10 (PID: 42473)
      • python3.10 (PID: 42474)
      • python3.10 (PID: 42465)
      • python3.10 (PID: 42467)
      • python3.10 (PID: 42468)
      • python3.10 (PID: 42471)
      • python3.10 (PID: 42481)
      • python3.10 (PID: 42477)
      • python3.10 (PID: 42478)
      • python3.10 (PID: 42479)
      • python3.10 (PID: 42482)
      • python3.10 (PID: 42475)
      • python3.10 (PID: 42476)
      • python3.10 (PID: 42480)
      • python3.10 (PID: 42486)
      • python3.10 (PID: 42484)
      • python3.10 (PID: 42485)
      • python3.10 (PID: 42487)
      • python3.10 (PID: 42488)
      • python3.10 (PID: 42489)
      • python3.10 (PID: 42490)
      • python3.10 (PID: 42483)
      • python3.10 (PID: 42494)
      • python3.10 (PID: 42495)
      • python3.10 (PID: 42496)
      • python3.10 (PID: 42498)
      • python3.10 (PID: 42497)
      • python3.10 (PID: 42491)
      • python3.10 (PID: 42492)
      • python3.10 (PID: 42493)
      • python3.10 (PID: 42500)
      • python3.10 (PID: 42504)
      • python3.10 (PID: 42502)
      • python3.10 (PID: 42505)
      • python3.10 (PID: 42506)
      • python3.10 (PID: 42499)
      • python3.10 (PID: 42501)
      • python3.10 (PID: 42503)
      • python3.10 (PID: 42515)
      • python3.10 (PID: 42516)
      • python3.10 (PID: 42517)
      • python3.10 (PID: 42518)
      • python3.10 (PID: 42519)
      • python3.10 (PID: 42520)
      • python3.10 (PID: 42507)
      • python3.10 (PID: 42514)
      • python3.10 (PID: 42524)
      • python3.10 (PID: 42523)
      • python3.10 (PID: 42527)
      • python3.10 (PID: 42525)
      • python3.10 (PID: 42526)
      • python3.10 (PID: 42528)
      • python3.10 (PID: 42521)
      • python3.10 (PID: 42522)
      • python3.10 (PID: 42531)
      • python3.10 (PID: 42532)
      • python3.10 (PID: 42533)
      • python3.10 (PID: 42535)
      • python3.10 (PID: 42529)
      • python3.10 (PID: 42530)
      • python3.10 (PID: 42534)
      • python3.10 (PID: 42538)
      • python3.10 (PID: 42542)
      • python3.10 (PID: 42539)
      • python3.10 (PID: 42540)
      • python3.10 (PID: 42541)
      • python3.10 (PID: 42543)
      • python3.10 (PID: 42536)
      • python3.10 (PID: 42537)
      • python3.10 (PID: 42550)
      • python3.10 (PID: 42547)
      • python3.10 (PID: 42548)
      • python3.10 (PID: 42549)
      • python3.10 (PID: 42551)
      • python3.10 (PID: 42544)
      • python3.10 (PID: 42545)
      • python3.10 (PID: 42546)
      • python3.10 (PID: 42554)
      • python3.10 (PID: 42555)
      • python3.10 (PID: 42556)
      • python3.10 (PID: 42558)
      • python3.10 (PID: 42559)
      • python3.10 (PID: 42552)
      • python3.10 (PID: 42553)
      • python3.10 (PID: 42557)
      • python3.10 (PID: 42563)
      • python3.10 (PID: 42564)
      • python3.10 (PID: 42566)
      • python3.10 (PID: 42565)
      • python3.10 (PID: 42560)
      • python3.10 (PID: 42561)
      • python3.10 (PID: 42562)
      • python3.10 (PID: 42571)
      • python3.10 (PID: 42572)
      • python3.10 (PID: 42573)
      • python3.10 (PID: 42574)
      • python3.10 (PID: 42569)
      • python3.10 (PID: 42567)
      • python3.10 (PID: 42568)
      • python3.10 (PID: 42570)
      • python3.10 (PID: 42579)
      • python3.10 (PID: 42578)
      • python3.10 (PID: 42580)
      • python3.10 (PID: 42583)
      • python3.10 (PID: 42582)
      • python3.10 (PID: 42575)
      • python3.10 (PID: 42576)
      • python3.10 (PID: 42577)
      • python3.10 (PID: 42581)
      • python3.10 (PID: 42585)
      • python3.10 (PID: 42586)
      • python3.10 (PID: 42587)
      • python3.10 (PID: 42584)
      • python3.10 (PID: 42589)
      • python3.10 (PID: 42588)
      • python3.10 (PID: 42590)
      • python3.10 (PID: 42591)
      • python3.10 (PID: 42592)
      • python3.10 (PID: 42599)
      • python3.10 (PID: 42600)
      • python3.10 (PID: 42601)
      • python3.10 (PID: 42593)
      • python3.10 (PID: 42594)
      • python3.10 (PID: 42596)
      • python3.10 (PID: 42595)
      • python3.10 (PID: 42597)
      • python3.10 (PID: 42598)
      • python3.10 (PID: 42608)
      • python3.10 (PID: 42605)
      • python3.10 (PID: 42604)
      • python3.10 (PID: 42606)
      • python3.10 (PID: 42607)
      • python3.10 (PID: 42609)
      • python3.10 (PID: 42602)
      • python3.10 (PID: 42603)
      • python3.10 (PID: 42613)
      • python3.10 (PID: 42614)
      • python3.10 (PID: 42615)
      • python3.10 (PID: 42616)
      • python3.10 (PID: 42617)
      • python3.10 (PID: 42610)
      • python3.10 (PID: 42611)
      • python3.10 (PID: 42612)
      • python3.10 (PID: 42620)
      • python3.10 (PID: 42625)
      • python3.10 (PID: 42622)
      • python3.10 (PID: 42624)
      • python3.10 (PID: 42623)
      • python3.10 (PID: 42618)
      • python3.10 (PID: 42619)
      • python3.10 (PID: 42621)
      • python3.10 (PID: 42629)
      • python3.10 (PID: 42630)
      • python3.10 (PID: 42631)
      • python3.10 (PID: 42632)
      • python3.10 (PID: 42634)
      • python3.10 (PID: 42626)
      • python3.10 (PID: 42627)
      • python3.10 (PID: 42628)
      • python3.10 (PID: 42636)
      • python3.10 (PID: 42638)
      • python3.10 (PID: 42640)
      • python3.10 (PID: 42639)
      • python3.10 (PID: 42633)
      • python3.10 (PID: 42635)
      • python3.10 (PID: 42637)
      • python3.10 (PID: 42641)
      • python3.10 (PID: 42647)
      • python3.10 (PID: 42645)
      • python3.10 (PID: 42648)
      • python3.10 (PID: 42649)
      • python3.10 (PID: 42642)
      • python3.10 (PID: 42643)
      • python3.10 (PID: 42644)
      • python3.10 (PID: 42646)
      • python3.10 (PID: 42652)
      • python3.10 (PID: 42655)
      • python3.10 (PID: 42654)
      • python3.10 (PID: 42657)
      • python3.10 (PID: 42650)
      • python3.10 (PID: 42651)
      • python3.10 (PID: 42653)
      • python3.10 (PID: 42656)
      • python3.10 (PID: 42661)
      • python3.10 (PID: 42662)
      • python3.10 (PID: 42664)
      • python3.10 (PID: 42665)
      • python3.10 (PID: 42666)
      • python3.10 (PID: 42658)
      • python3.10 (PID: 42659)
      • python3.10 (PID: 42660)
      • python3.10 (PID: 42663)
      • python3.10 (PID: 42667)
      • python3.10 (PID: 42669)
      • python3.10 (PID: 42671)
      • python3.10 (PID: 42672)
      • python3.10 (PID: 42668)
      • python3.10 (PID: 42670)
      • snap (PID: 42675)

    • Executes the "rm" command to delete files or directories

      • dash (PID: 41055)
      • dash (PID: 41184)
      • dash (PID: 41123)
      • dash (PID: 41245)
      • dash (PID: 41308)
      • dash (PID: 41369)
      • dash (PID: 41432)
      • dash (PID: 41479)
      • dash (PID: 41648)
      • dpkg (PID: 42052)
      • dash (PID: 42374)
      • sudo (PID: 42687)

    • Creates shell script file

      • dash (PID: 41055)
      • dash (PID: 41123)
      • dash (PID: 41245)
      • dash (PID: 41184)
      • dash (PID: 41308)
      • dash (PID: 41369)
      • dash (PID: 41432)
      • dash (PID: 41479)

    • Modifies Cron jobs

      • apt (PID: 41991)

    • Writes to Systemd service files (likely for persistence achievement)

      • apt (PID: 41991)
      • systemd (PID: 42290)
      • systemd (PID: 42321)

    • Creates or rewrites file in the "bin" folder

      • dpkg (PID: 42052)

    • Reads /proc/mounts (likely used to find writable filesystems)

      • aa-enabled (PID: 42281)
      • apparmor_parser (PID: 42282)

    • Uses base64 (probably to encode stolen data or decode malicious payload)

      • dash (PID: 42234)

    • Changes time attribute to hide new files or make changes to the existing one

      • dash (PID: 42372)

    • Connects to unusual port

      • tor (PID: 42353)

  • INFO

    • Creates file in the temporary folder

      • apt (PID: 41034)
      • gpgv (PID: 41049)
      • python3.10 (PID: 41043)
      • cat (PID: 41094)
      • touch (PID: 41083)
      • dash (PID: 41055)
      • cat (PID: 41108)
      • cp (PID: 41109)
      • cat (PID: 41100)
      • gpgv (PID: 41122)
      • cat (PID: 41104)
      • cat (PID: 41165)
      • cat (PID: 41155)
      • cp (PID: 41170)
      • touch (PID: 41205)
      • gpgv (PID: 41183)
      • cat (PID: 41169)
      • cp (PID: 41231)
      • cat (PID: 41226)
      • cat (PID: 41216)
      • cat (PID: 41222)
      • dash (PID: 41184)
      • touch (PID: 41144)
      • cat (PID: 41161)
      • dash (PID: 41123)
      • cat (PID: 41230)
      • gpgv (PID: 41244)
      • cat (PID: 41279)
      • touch (PID: 41268)
      • dash (PID: 41245)
      • cat (PID: 41285)
      • cat (PID: 41293)
      • cat (PID: 41289)
      • cp (PID: 41294)
      • gpgv (PID: 41307)
      • cat (PID: 41340)
      • dash (PID: 41308)
      • touch (PID: 41329)
      • cat (PID: 41350)
      • cp (PID: 41416)
      • cat (PID: 41407)
      • cat (PID: 41354)
      • gpgv (PID: 41368)
      • touch (PID: 41390)
      • cat (PID: 41401)
      • dash (PID: 41369)
      • cat (PID: 41415)
      • gpgv (PID: 41431)
      • cat (PID: 41411)
      • cat (PID: 41346)
      • cp (PID: 41355)
      • touch (PID: 41453)
      • cp (PID: 41465)
      • dash (PID: 41432)
      • cat (PID: 41464)
      • gpgv (PID: 41478)
      • touch (PID: 41500)
      • cat (PID: 41511)
      • cp (PID: 41512)
      • dash (PID: 41479)
      • python3.10 (PID: 41662)
      • apt-esm-hook (PID: 41987)
      • apt (PID: 41991)
      • python3.10 (PID: 42388)

    • Checks timezone

      • apt (PID: 41034)
      • http (PID: 41044)
      • python3.10 (PID: 41042)
      • http (PID: 41045)
      • python3.10 (PID: 41043)
      • http (PID: 41046)
      • gpgv (PID: 41048)
      • ubuntu-distro-info (PID: 41051)
      • ubuntu-distro-info (PID: 41054)
      • http (PID: 41075)
      • gpgv (PID: 41116)
      • gpgv (PID: 41177)
      • gpgv (PID: 41238)
      • store (PID: 41255)
      • gpgv (PID: 41301)
      • gpgv (PID: 41362)
      • gpgv (PID: 41423)
      • gpgv (PID: 41430)
      • gpgv (PID: 41472)
      • gpgv (PID: 41519)
      • store (PID: 41526)
      • http (PID: 41053)
      • python3.10 (PID: 41662)
      • python3.10 (PID: 41629)
      • python3.10 (PID: 41675)
      • python3.10 (PID: 41676)
      • python3.10 (PID: 41678)
      • python3.10 (PID: 41679)
      • python3.10 (PID: 41682)
      • python3.10 (PID: 41673)
      • python3.10 (PID: 41674)
      • python3.10 (PID: 41677)
      • python3.10 (PID: 41680)
      • python3.10 (PID: 41684)
      • python3.10 (PID: 41685)
      • python3.10 (PID: 41686)
      • python3.10 (PID: 41688)
      • python3.10 (PID: 41687)
      • python3.10 (PID: 41689)
      • python3.10 (PID: 41681)
      • python3.10 (PID: 41683)
      • python3.10 (PID: 41694)
      • python3.10 (PID: 41693)
      • python3.10 (PID: 41695)
      • python3.10 (PID: 41696)
      • python3.10 (PID: 41697)
      • python3.10 (PID: 41690)
      • python3.10 (PID: 41691)
      • python3.10 (PID: 41692)
      • python3.10 (PID: 41700)
      • python3.10 (PID: 41702)
      • python3.10 (PID: 41701)
      • python3.10 (PID: 41706)
      • python3.10 (PID: 41704)
      • python3.10 (PID: 41705)
      • python3.10 (PID: 41699)
      • python3.10 (PID: 41698)
      • python3.10 (PID: 41708)
      • python3.10 (PID: 41710)
      • python3.10 (PID: 41711)
      • python3.10 (PID: 41712)
      • python3.10 (PID: 41707)
      • python3.10 (PID: 41703)
      • python3.10 (PID: 41709)
      • python3.10 (PID: 41715)
      • python3.10 (PID: 41717)
      • python3.10 (PID: 41716)
      • python3.10 (PID: 41718)
      • python3.10 (PID: 41719)
      • python3.10 (PID: 41713)
      • python3.10 (PID: 41714)
      • python3.10 (PID: 41720)
      • python3.10 (PID: 41724)
      • python3.10 (PID: 41725)
      • python3.10 (PID: 41726)
      • python3.10 (PID: 41729)
      • python3.10 (PID: 41728)
      • python3.10 (PID: 41721)
      • python3.10 (PID: 41722)
      • python3.10 (PID: 41723)
      • python3.10 (PID: 41727)
      • python3.10 (PID: 41731)
      • python3.10 (PID: 41735)
      • python3.10 (PID: 41734)
      • python3.10 (PID: 41736)
      • python3.10 (PID: 41730)
      • python3.10 (PID: 41732)
      • python3.10 (PID: 41733)
      • python3.10 (PID: 41746)
      • python3.10 (PID: 41741)
      • python3.10 (PID: 41742)
      • python3.10 (PID: 41743)
      • python3.10 (PID: 41744)
      • python3.10 (PID: 41745)
      • python3.10 (PID: 41737)
      • python3.10 (PID: 41738)
      • python3.10 (PID: 41739)
      • python3.10 (PID: 41740)
      • python3.10 (PID: 41747)
      • python3.10 (PID: 41748)
      • python3.10 (PID: 41749)
      • python3.10 (PID: 41750)
      • python3.10 (PID: 41751)
      • python3.10 (PID: 41755)
      • python3.10 (PID: 41752)
      • python3.10 (PID: 41753)
      • python3.10 (PID: 41754)
      • python3.10 (PID: 41757)
      • python3.10 (PID: 41758)
      • python3.10 (PID: 41763)
      • python3.10 (PID: 41759)
      • python3.10 (PID: 41760)
      • python3.10 (PID: 41769)
      • python3.10 (PID: 41770)
      • python3.10 (PID: 41756)
      • python3.10 (PID: 41775)
      • python3.10 (PID: 41781)
      • python3.10 (PID: 41780)
      • python3.10 (PID: 41783)
      • python3.10 (PID: 41808)
      • python3.10 (PID: 41809)
      • python3.10 (PID: 41771)
      • python3.10 (PID: 41773)
      • python3.10 (PID: 41772)
      • python3.10 (PID: 41811)
      • python3.10 (PID: 41812)
      • python3.10 (PID: 41817)
      • python3.10 (PID: 41816)
      • python3.10 (PID: 41815)
      • python3.10 (PID: 41810)
      • python3.10 (PID: 41813)
      • python3.10 (PID: 41814)
      • python3.10 (PID: 41820)
      • python3.10 (PID: 41822)
      • python3.10 (PID: 41823)
      • python3.10 (PID: 41824)
      • python3.10 (PID: 41818)
      • python3.10 (PID: 41819)
      • python3.10 (PID: 41821)
      • python3.10 (PID: 41825)
      • python3.10 (PID: 41828)
      • python3.10 (PID: 41831)
      • python3.10 (PID: 41829)
      • python3.10 (PID: 41832)
      • python3.10 (PID: 41833)
      • python3.10 (PID: 41834)
      • python3.10 (PID: 41835)
      • python3.10 (PID: 41826)
      • python3.10 (PID: 41827)
      • python3.10 (PID: 41830)
      • python3.10 (PID: 41837)
      • python3.10 (PID: 41836)
      • python3.10 (PID: 41838)
      • python3.10 (PID: 41840)
      • python3.10 (PID: 41839)
      • python3.10 (PID: 41841)
      • python3.10 (PID: 41842)
      • python3.10 (PID: 41843)
      • python3.10 (PID: 41844)
      • python3.10 (PID: 41845)
      • python3.10 (PID: 41847)
      • python3.10 (PID: 41846)
      • python3.10 (PID: 41849)
      • python3.10 (PID: 41848)
      • python3.10 (PID: 41851)
      • python3.10 (PID: 41850)
      • python3.10 (PID: 41852)
      • python3.10 (PID: 41853)
      • python3.10 (PID: 41857)
      • python3.10 (PID: 41856)
      • python3.10 (PID: 41860)
      • python3.10 (PID: 41858)
      • python3.10 (PID: 41861)
      • python3.10 (PID: 41854)
      • python3.10 (PID: 41855)
      • python3.10 (PID: 41859)
      • python3.10 (PID: 41864)
      • python3.10 (PID: 41865)
      • python3.10 (PID: 41866)
      • python3.10 (PID: 41867)
      • python3.10 (PID: 41868)
      • python3.10 (PID: 41869)
      • python3.10 (PID: 41871)
      • python3.10 (PID: 41870)
      • python3.10 (PID: 41863)
      • python3.10 (PID: 41862)
      • python3.10 (PID: 41872)
      • python3.10 (PID: 41874)
      • python3.10 (PID: 41873)
      • python3.10 (PID: 41875)
      • python3.10 (PID: 41877)
      • python3.10 (PID: 41878)
      • python3.10 (PID: 41879)
      • python3.10 (PID: 41876)
      • python3.10 (PID: 41882)
      • python3.10 (PID: 41883)
      • python3.10 (PID: 41885)
      • python3.10 (PID: 41884)
      • python3.10 (PID: 41886)
      • python3.10 (PID: 41887)
      • python3.10 (PID: 41888)
      • python3.10 (PID: 41880)
      • python3.10 (PID: 41881)
      • python3.10 (PID: 41891)
      • python3.10 (PID: 41895)
      • python3.10 (PID: 41894)
      • python3.10 (PID: 41892)
      • python3.10 (PID: 41893)
      • python3.10 (PID: 41896)
      • python3.10 (PID: 41890)
      • python3.10 (PID: 41889)
      • python3.10 (PID: 41898)
      • python3.10 (PID: 41902)
      • python3.10 (PID: 41901)
      • python3.10 (PID: 41904)
      • python3.10 (PID: 41903)
      • python3.10 (PID: 41905)
      • python3.10 (PID: 41897)
      • python3.10 (PID: 41899)
      • python3.10 (PID: 41900)
      • python3.10 (PID: 41907)
      • python3.10 (PID: 41909)
      • python3.10 (PID: 41911)
      • python3.10 (PID: 41910)
      • python3.10 (PID: 41912)
      • python3.10 (PID: 41906)
      • python3.10 (PID: 41908)
      • python3.10 (PID: 41916)
      • python3.10 (PID: 41917)
      • python3.10 (PID: 41919)
      • python3.10 (PID: 41920)
      • python3.10 (PID: 41914)
      • python3.10 (PID: 41913)
      • python3.10 (PID: 41915)
      • python3.10 (PID: 41918)
      • python3.10 (PID: 41922)
      • python3.10 (PID: 41925)
      • python3.10 (PID: 41926)
      • python3.10 (PID: 41928)
      • python3.10 (PID: 41929)
      • python3.10 (PID: 41921)
      • python3.10 (PID: 41923)
      • python3.10 (PID: 41924)
      • python3.10 (PID: 41927)
      • python3.10 (PID: 41932)
      • python3.10 (PID: 41933)
      • python3.10 (PID: 41934)
      • python3.10 (PID: 41935)
      • python3.10 (PID: 41936)
      • python3.10 (PID: 41937)
      • python3.10 (PID: 41930)
      • python3.10 (PID: 41931)
      • python3.10 (PID: 41941)
      • python3.10 (PID: 41940)
      • python3.10 (PID: 41943)
      • python3.10 (PID: 41942)
      • python3.10 (PID: 41944)
      • python3.10 (PID: 41945)
      • python3.10 (PID: 41938)
      • python3.10 (PID: 41939)
      • python3.10 (PID: 41948)
      • python3.10 (PID: 41949)
      • python3.10 (PID: 41950)
      • python3.10 (PID: 41951)
      • python3.10 (PID: 41952)
      • python3.10 (PID: 41953)
      • python3.10 (PID: 41947)
      • python3.10 (PID: 41946)
      • python3.10 (PID: 41956)
      • python3.10 (PID: 41959)
      • python3.10 (PID: 41960)
      • python3.10 (PID: 41961)
      • python3.10 (PID: 41955)
      • python3.10 (PID: 41954)
      • python3.10 (PID: 41957)
      • python3.10 (PID: 41958)
      • python3.10 (PID: 41965)
      • python3.10 (PID: 41964)
      • python3.10 (PID: 41966)
      • python3.10 (PID: 41968)
      • python3.10 (PID: 41962)
      • python3.10 (PID: 41963)
      • python3.10 (PID: 41967)
      • python3.10 (PID: 41977)
      • python3.10 (PID: 41973)
      • python3.10 (PID: 41974)
      • python3.10 (PID: 41975)
      • python3.10 (PID: 41969)
      • python3.10 (PID: 41971)
      • python3.10 (PID: 41970)
      • python3.10 (PID: 41972)
      • python3.10 (PID: 41979)
      • python3.10 (PID: 41981)
      • python3.10 (PID: 41980)
      • apt-esm-hook (PID: 41987)
      • apt (PID: 41991)
      • python3.10 (PID: 41976)
      • python3.10 (PID: 41978)
      • http (PID: 42034)
      • dpkg (PID: 42052)
      • groupadd (PID: 42246)
      • useradd (PID: 42252)
      • chage (PID: 42266)
      • dpkg (PID: 42229)
      • update-alternatives (PID: 42231)
      • update-alternatives (PID: 42233)
      • usermod (PID: 42259)
      • tor (PID: 42352)
      • tor (PID: 42353)
      • python3.10 (PID: 42396)
      • python3.10 (PID: 42397)
      • python3.10 (PID: 42398)
      • python3.10 (PID: 42388)
      • python3.10 (PID: 42401)
      • python3.10 (PID: 42402)
      • python3.10 (PID: 42404)
      • python3.10 (PID: 42405)
      • python3.10 (PID: 42399)
      • python3.10 (PID: 42400)
      • python3.10 (PID: 42403)
      • python3.10 (PID: 42409)
      • python3.10 (PID: 42410)
      • python3.10 (PID: 42411)
      • python3.10 (PID: 42412)
      • python3.10 (PID: 42406)
      • python3.10 (PID: 42407)
      • python3.10 (PID: 42408)
      • python3.10 (PID: 42416)
      • python3.10 (PID: 42417)
      • python3.10 (PID: 42419)
      • python3.10 (PID: 42413)
      • python3.10 (PID: 42414)
      • python3.10 (PID: 42415)
      • python3.10 (PID: 42418)
      • python3.10 (PID: 42425)
      • python3.10 (PID: 42424)
      • python3.10 (PID: 42420)
      • python3.10 (PID: 42421)
      • python3.10 (PID: 42422)
      • python3.10 (PID: 42423)
      • python3.10 (PID: 42430)
      • python3.10 (PID: 42431)
      • python3.10 (PID: 42432)
      • python3.10 (PID: 42426)
      • python3.10 (PID: 42428)
      • python3.10 (PID: 42427)
      • python3.10 (PID: 42429)
      • python3.10 (PID: 42437)
      • python3.10 (PID: 42436)
      • python3.10 (PID: 42438)
      • python3.10 (PID: 42439)
      • python3.10 (PID: 42433)
      • python3.10 (PID: 42434)
      • python3.10 (PID: 42435)
      • python3.10 (PID: 42443)
      • python3.10 (PID: 42444)
      • python3.10 (PID: 42445)
      • python3.10 (PID: 42446)
      • python3.10 (PID: 42447)
      • python3.10 (PID: 42440)
      • python3.10 (PID: 42441)
      • python3.10 (PID: 42442)
      • python3.10 (PID: 42451)
      • python3.10 (PID: 42454)
      • python3.10 (PID: 42452)
      • python3.10 (PID: 42453)
      • python3.10 (PID: 42455)
      • python3.10 (PID: 42448)
      • python3.10 (PID: 42449)
      • python3.10 (PID: 42450)
      • python3.10 (PID: 42456)
      • python3.10 (PID: 42458)
      • python3.10 (PID: 42460)
      • python3.10 (PID: 42464)
      • python3.10 (PID: 42463)
      • python3.10 (PID: 42465)
      • python3.10 (PID: 42457)
      • python3.10 (PID: 42459)
      • python3.10 (PID: 42461)
      • python3.10 (PID: 42462)
      • python3.10 (PID: 42468)
      • python3.10 (PID: 42467)
      • python3.10 (PID: 42469)
      • python3.10 (PID: 42470)
      • python3.10 (PID: 42471)
      • python3.10 (PID: 42474)
      • python3.10 (PID: 42472)
      • python3.10 (PID: 42466)
      • python3.10 (PID: 42476)
      • python3.10 (PID: 42477)
      • python3.10 (PID: 42478)
      • python3.10 (PID: 42479)
      • python3.10 (PID: 42481)
      • python3.10 (PID: 42480)
      • python3.10 (PID: 42482)
      • python3.10 (PID: 42473)
      • python3.10 (PID: 42475)
      • python3.10 (PID: 42486)
      • python3.10 (PID: 42488)
      • python3.10 (PID: 42490)
      • python3.10 (PID: 42489)
      • python3.10 (PID: 42491)
      • python3.10 (PID: 42483)
      • python3.10 (PID: 42485)
      • python3.10 (PID: 42484)
      • python3.10 (PID: 42487)
      • python3.10 (PID: 42497)
      • python3.10 (PID: 42494)
      • python3.10 (PID: 42495)
      • python3.10 (PID: 42496)
      • python3.10 (PID: 42498)
      • python3.10 (PID: 42499)
      • python3.10 (PID: 42493)
      • python3.10 (PID: 42492)
      • python3.10 (PID: 42503)
      • python3.10 (PID: 42504)
      • python3.10 (PID: 42506)
      • python3.10 (PID: 42505)
      • python3.10 (PID: 42507)
      • python3.10 (PID: 42500)
      • python3.10 (PID: 42502)
      • python3.10 (PID: 42501)
      • python3.10 (PID: 42516)
      • python3.10 (PID: 42519)
      • python3.10 (PID: 42521)
      • python3.10 (PID: 42520)
      • python3.10 (PID: 42514)
      • python3.10 (PID: 42515)
      • python3.10 (PID: 42517)
      • python3.10 (PID: 42518)
      • python3.10 (PID: 42525)
      • python3.10 (PID: 42527)
      • python3.10 (PID: 42522)
      • python3.10 (PID: 42523)
      • python3.10 (PID: 42524)
      • python3.10 (PID: 42526)
      • python3.10 (PID: 42528)
      • python3.10 (PID: 42533)
      • python3.10 (PID: 42532)
      • python3.10 (PID: 42534)
      • python3.10 (PID: 42535)
      • python3.10 (PID: 42536)
      • python3.10 (PID: 42529)
      • python3.10 (PID: 42530)
      • python3.10 (PID: 42531)
      • python3.10 (PID: 42540)
      • python3.10 (PID: 42541)
      • python3.10 (PID: 42543)
      • python3.10 (PID: 42542)
      • python3.10 (PID: 42545)
      • python3.10 (PID: 42537)
      • python3.10 (PID: 42538)
      • python3.10 (PID: 42539)
      • python3.10 (PID: 42548)
      • python3.10 (PID: 42549)
      • python3.10 (PID: 42551)
      • python3.10 (PID: 42544)
      • python3.10 (PID: 42546)
      • python3.10 (PID: 42547)
      • python3.10 (PID: 42550)
      • python3.10 (PID: 42555)
      • python3.10 (PID: 42557)
      • python3.10 (PID: 42558)
      • python3.10 (PID: 42559)
      • python3.10 (PID: 42552)
      • python3.10 (PID: 42553)
      • python3.10 (PID: 42554)
      • python3.10 (PID: 42556)
      • python3.10 (PID: 42562)
      • python3.10 (PID: 42563)
      • python3.10 (PID: 42567)
      • python3.10 (PID: 42564)
      • python3.10 (PID: 42565)
      • python3.10 (PID: 42566)
      • python3.10 (PID: 42560)
      • python3.10 (PID: 42561)
      • python3.10 (PID: 42570)
      • python3.10 (PID: 42571)
      • python3.10 (PID: 42573)
      • python3.10 (PID: 42574)
      • python3.10 (PID: 42572)
      • python3.10 (PID: 42569)
      • python3.10 (PID: 42568)
      • python3.10 (PID: 42581)
      • python3.10 (PID: 42580)
      • python3.10 (PID: 42579)
      • python3.10 (PID: 42583)
      • python3.10 (PID: 42584)
      • python3.10 (PID: 42575)
      • python3.10 (PID: 42576)
      • python3.10 (PID: 42577)
      • python3.10 (PID: 42578)
      • python3.10 (PID: 42582)
      • python3.10 (PID: 42586)
      • python3.10 (PID: 42585)
      • python3.10 (PID: 42587)
      • python3.10 (PID: 42588)
      • python3.10 (PID: 42589)
      • python3.10 (PID: 42590)
      • python3.10 (PID: 42591)
      • python3.10 (PID: 42592)
      • python3.10 (PID: 42593)
      • python3.10 (PID: 42594)
      • python3.10 (PID: 42598)
      • python3.10 (PID: 42599)
      • python3.10 (PID: 42600)
      • python3.10 (PID: 42601)
      • python3.10 (PID: 42595)
      • python3.10 (PID: 42597)
      • python3.10 (PID: 42596)
      • python3.10 (PID: 42604)
      • python3.10 (PID: 42607)
      • python3.10 (PID: 42610)
      • python3.10 (PID: 42602)
      • python3.10 (PID: 42603)
      • python3.10 (PID: 42606)
      • python3.10 (PID: 42605)
      • python3.10 (PID: 42608)
      • python3.10 (PID: 42612)
      • python3.10 (PID: 42613)
      • python3.10 (PID: 42616)
      • python3.10 (PID: 42614)
      • python3.10 (PID: 42615)
      • python3.10 (PID: 42617)
      • python3.10 (PID: 42618)
      • python3.10 (PID: 42609)
      • python3.10 (PID: 42611)
      • python3.10 (PID: 42621)
      • python3.10 (PID: 42622)
      • python3.10 (PID: 42623)
      • python3.10 (PID: 42624)
      • python3.10 (PID: 42625)
      • python3.10 (PID: 42626)
      • python3.10 (PID: 42619)
      • python3.10 (PID: 42620)
      • python3.10 (PID: 42630)
      • python3.10 (PID: 42629)
      • python3.10 (PID: 42633)
      • python3.10 (PID: 42631)
      • python3.10 (PID: 42634)
      • python3.10 (PID: 42627)
      • python3.10 (PID: 42628)
      • python3.10 (PID: 42632)
      • python3.10 (PID: 42637)
      • python3.10 (PID: 42638)
      • python3.10 (PID: 42639)
      • python3.10 (PID: 42640)
      • python3.10 (PID: 42641)
      • python3.10 (PID: 42642)
      • python3.10 (PID: 42635)
      • python3.10 (PID: 42636)
      • python3.10 (PID: 42645)
      • python3.10 (PID: 42646)
      • python3.10 (PID: 42647)
      • python3.10 (PID: 42648)
      • python3.10 (PID: 42650)
      • python3.10 (PID: 42644)
      • python3.10 (PID: 42643)
      • python3.10 (PID: 42649)
      • python3.10 (PID: 42653)
      • python3.10 (PID: 42654)
      • python3.10 (PID: 42655)
      • python3.10 (PID: 42656)
      • python3.10 (PID: 42657)
      • python3.10 (PID: 42651)
      • python3.10 (PID: 42652)
      • python3.10 (PID: 42658)
      • python3.10 (PID: 42661)
      • python3.10 (PID: 42665)
      • python3.10 (PID: 42664)
      • python3.10 (PID: 42663)
      • python3.10 (PID: 42666)
      • python3.10 (PID: 42660)
      • python3.10 (PID: 42659)
      • python3.10 (PID: 42662)
      • python3.10 (PID: 42670)
      • python3.10 (PID: 42672)
      • python3.10 (PID: 42671)
      • python3.10 (PID: 42667)
      • python3.10 (PID: 42668)
      • python3.10 (PID: 42669)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.sh | Linux/UNIX shell script (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
1 720
Monitored processes
1 588
Malicious processes
9
Suspicious processes
6

Behavior graph

Click at the process to see the details
dash no specs sudo no specs chown no specs chmod no specs sudo no specs bash no specs locale-check no specs sudo no specs apt no specs dpkg no specs http no specs http no specs apt no specs dash no specs id no specs systemctl no specs python3.10 no specs python3.10 no specs http http http gpgv no specs gpgv no specs dpkg no specs ubuntu-distro-info no specs gpgv no specs http no specs http ubuntu-distro-info no specs dash no specs python3.10 no specs dash no specs apt-config no specs python3.10 no specs python3.10 no specs python3.10 no specs apt-config no specs apt-config no specs dpkg no specs dpkg no specs dpkg no specs apt-config no specs python3.10 no specs dash no specs http no specs apt-config no specs dpkg no specs dpkg no specs apt-config no specs http dpkg no specs apt-config no specs dpkg no specs mktemp no specs chmod no specs readlink no specs rm no specs touch no specs apt-config no specs readlink no specs find no specs dash no specs dash no specs cmp no specs dash no specs cat no specs dpkg no specs dash no specs sort no specs dash no specs cmp no specs dash no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs cat no specs cp no specs dash no specs dash no specs gpgv no specs dash no specs sed no specs dash no specs sed no specs gpgconf no specs gpg-connect-agent no specs gpg-connect-agent no specs gpg-connect-agent no specs rm no specs gpgv no specs dash no specs dash no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs dash no specs apt-config no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs apt-config no specs apt-config no specs dpkg no specs dpkg no specs mktemp no specs chmod no specs readlink no specs rm no specs touch no specs apt-config no specs dpkg no specs readlink no specs find no specs dash no specs dash no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs dash no specs sort no specs cat no specs cp no specs dash no specs dash no specs gpgv no specs gpgconf no specs dash no specs sed no specs dash no specs sed no specs gpg-connect-agent no specs gpg-connect-agent no specs gpg-connect-agent no specs rm no specs gpgv no specs dash no specs dash no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs dash no specs apt-config no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs apt-config no specs apt-config no specs dpkg no specs dpkg no specs mktemp no specs chmod no specs readlink no specs rm no specs touch no specs apt-config no specs readlink no specs find no specs dash no specs dpkg no specs dash no specs sort no specs dash no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs cat no specs cp no specs dash no specs dash no specs gpgv no specs gpgconf no specs dash no specs sed no specs dash no specs sed no specs gpg-connect-agent no specs gpg-connect-agent no specs gpg-connect-agent no specs rm no specs gpgv no specs dash no specs dash no specs apt-config no specs apt-config no specs apt-config no specs store no specs apt-config no specs store no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs dash no specs apt-config no specs apt-config no specs dpkg no specs dpkg no specs apt-config no specs mktemp no specs chmod no specs readlink no specs rm no specs touch no specs apt-config no specs dpkg no specs dpkg no specs readlink no specs find no specs dash no specs dash no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs cmp no specs dash no specs cat no specs dash no specs sort no specs dash no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs cat no specs cp no specs dash no specs dash no specs gpgv no specs gpgconf no specs dash no specs sed no specs dash no specs sed no specs gpg-connect-agent no specs gpg-connect-agent no specs gpg-connect-agent no specs rm no specs gpgv no specs dash no specs dash no specs apt-config no specs apt-config no specs apt-config no specs dpkg no specs dpkg no specs dpkg no specs apt-config no specs dpkg no specs dash no specs apt-config no specs apt-config no specs dpkg no specs dpkg no specs apt-config no specs mktemp no specs chmod no specs readlink no specs dpkg no specs rm no specs touch no specs apt-config no specs readlink no specs find no specs dash no specs dash no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs dpkg no specs dash no specs sort no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs cat no specs cp no specs dash no specs dash no specs gpgv no specs dash no specs sed no specs dash no specs sed no specs gpgconf no specs rm no specs gpg-connect-agent no specs gpg-connect-agent no specs gpg-connect-agent no specs gpgv no specs dash no specs dash no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs dash no specs apt-config no specs dpkg no specs apt-config no specs apt-config no specs mktemp no specs dpkg no specs dpkg no specs chmod no specs readlink no specs rm no specs touch no specs apt-config no specs readlink no specs find no specs dash no specs dash no specs cmp no specs dash no specs cat no specs dpkg no specs dash no specs sort no specs dash no specs cmp no specs dash no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs cat no specs dash no specs cmp no specs dash no specs cat no specs cp no specs dash no specs dash no specs gpgv no specs dash no specs sed no specs dash no specs sed no specs gpgconf no specs rm no specs gpgv no specs gpgv no specs gpg-connect-agent no specs gpg-connect-agent no specs gpg-connect-agent no specs gpgv no specs dash no specs dash no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs dash no specs apt-config no specs apt-config no specs apt-config no specs mktemp no specs chmod no specs readlink no specs rm no specs touch no specs apt-config no specs readlink no specs find no specs dash no specs dash no specs cmp no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs dash no specs sort no specs dash no specs cat no specs cp no specs dash no specs dash no specs gpgv no specs gpgconf no specs dash no specs sed no specs dash no specs sed no specs gpg-connect-agent no specs gpg-connect-agent no specs gpg-connect-agent no specs rm no specs gpgv no specs dash no specs dash no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs dash no specs apt-config no specs apt-config no specs apt-config no specs mktemp no specs chmod no specs readlink no specs rm no specs touch no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs apt-config no specs readlink no specs find no specs dash no specs dash no specs cmp no specs dash no specs cat no specs cp no specs dash no specs dash no specs gpgv no specs gpgconf no specs dash no specs sort no specs dash no specs sed no specs dash no specs sed no specs gpg-connect-agent no specs gpg-connect-agent no specs gpg-connect-agent no specs rm no specs store no specs store no specs apt no specs dash no specs dash no specs dash no specs touch no specs test no specs echo no specs dash no specs test no specs appstreamcli no specs tar no specs gzip no specs tar no specs gzip no specs tar no specs tar no specs gzip no specs gzip no specs tar no specs gzip no specs tar no specs gzip no specs tar no specs tar no specs gzip no specs gzip no specs tar no specs tar no specs gzip no specs gzip no specs tar no specs gzip no specs tar no specs tar no specs tar no specs tar no specs gzip no specs gzip no specs gzip no specs gzip no specs tar no specs gzip no specs tar no specs gzip no specs tar no specs tar no specs tar no specs tar no specs tar no specs gzip no specs gzip no specs gzip no specs gzip no specs gzip no specs tar no specs tar no specs tar no specs tar no specs tar no specs gzip no specs gzip no specs gzip no specs gzip no specs gzip no specs tar no specs gzip no specs tar no specs tar no specs gzip no specs gzip no specs tar no specs gzip no specs tar no specs tar no specs tar no specs tar no specs gzip no specs gzip no specs gzip no specs gzip no specs tar no specs tar no specs tar no specs tar no specs tar no specs tar no specs gzip no specs gzip no specs gzip no specs gzip no specs gzip no specs gzip no specs tar no specs tar no specs tar no specs tar no specs gzip no specs gzip no specs gzip no specs gzip no specs dash no specs test no specs python3.10 no specs dpkg no specs apt-helper no specs apt-helper no specs apt-helper no specs apt-helper no specs apt-helper no specs apt-helper no specs apt-helper no specs apt-helper no specs apt-helper no specs apt-helper no specs apt-helper no specs apt-helper no specs apt-helper no specs apt-helper no specs apt-helper no specs apt-helper no specs dash no specs dash no specs apt-config no specs apt-config no specs apt-config no specs dpkg no specs dpkg no specs dpkg no specs apt-config no specs dpkg no specs apt-config no specs find no specs dpkg no specs mktemp no specs python3.10 no specs dirname no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs gnome-terminal.real no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs gnome-terminal-server no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs bash no specs dash no specs dircolors no specs python3.10 no specs basename no specs dash no specs dirname no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs rm no specs dpkg no specs dpkg no specs apt no specs dash no specs apt-esm-hook no specs dpkg no specs dpkg no specs sudo no specs apt no specs dpkg no specs dpkg no specs dash no specs snap no specs http no specs dash no specs snap no specs dash no specs http snap no specs dash no specs perl no specs locale no specs dash no specs stty no specs dash no specs stty no specs dash no specs dash no specs dash no specs dash no specs dpkg no specs dpkg no specs dpkg no specs stty no specs stty no specs stty no specs stty no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dash no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs rm no specs dpkg-deb no specs dpkg-deb no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg-split no specs dpkg-deb no specs dash no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dash no specs dpkg-deb no specs dpkg-deb no specs basename no specs dpkg no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dash no specs dpkg-deb no specs dash no specs dash no specs dpkg-deb no specs dpkg-deb no specs basename no specs dpkg no specs basename no specs dpkg no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg-split no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs dpkg-deb no specs tar no specs dpkg-deb no specs dpkg-deb no specs rm no specs dpkg no specs dash no specs update-alternatives no specs dash no specs update-alternatives no specs dash no specs tac no specs base64 no specs gzip no specs dash no specs dash no specs dash no specs perl no specs getent no specs cut no specs getent no specs cut no specs groupadd no specs groupadd no specs groupadd no specs groupadd no specs groupadd no specs groupadd no specs useradd no specs useradd no specs useradd no specs useradd no specs useradd no specs useradd no specs useradd no specs usermod no specs usermod no specs usermod no specs usermod no specs usermod no specs usermod no specs usermod no specs chage no specs mkdir no specs mkdir no specs dash no specs chown no specs chmod no specs dash no specs chage no specs chage no specs chage no specs chown no specs chmod no specs dirname no specs mkdir no specs install no specs aa-enabled no specs apparmor_parser no specs apparmor_parser no specs perl no specs perl no specs perl no specs systemctl no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs cat no specs mkdir no specs ls no specs systemd-veritysetup-generator no specs dash no specs mkdir no specs ln no specs find no specs dash no specs basename no specs dpkg no specs perl no specs systemctl no specs systemd no specs systemd no specs snapd-env-generator no specs dash no specs generate no specs dash no specs snapd-generator no specs systemd-bless-boot-generator no specs systemd-cryptsetup-generator no specs systemd-debug-generator no specs systemd-fstab-generator no specs systemd-getty-generator no specs systemd-gpt-auto-generator no specs systemd-hibernate-resume-generator no specs systemd-rc-local-generator no specs cat no specs systemd-run-generator no specs systemd-system-update-generator no specs systemd-sysv-generator no specs systemd-veritysetup-generator no specs dash no specs mkdir no specs ln no specs mkdir no specs ls no specs find no specs dash no specs systemctl no specs systemctl no specs systemctl no specs systemctl no specs true no specs install no specs tor no specs tor dash no specs dash no specs dash no specs basename no specs dpkg no specs basename no specs dpkg no specs dash no specs mandb no specs dash no specs ldconfig.real no specs dpkg no specs dpkg no specs dpkg no specs apt no specs dash no specs dash no specs test no specs echo no specs touch no specs dash no specs apt-config no specs apt-config no specs dpkg no specs dpkg no specs apt-config no specs dpkg no specs apt-config no specs dpkg no specs apt-config no specs dpkg no specs find no specs mktemp no specs python3.10 no specs dirname no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs dpkg no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs python3.10 no specs rm no specs dash no specs sudo no specs snap no specs rm no specs bash no specs bash no specs sudo no specs ln no specs sudo no specs chmod no specs

Process information

PID
CMD
Path
Indicators
Parent process
41026/bin/sh -c "sudo chown user /tmp/install\.sh && chmod +x /tmp/install\.sh && DISPLAY=:0 sudo -iu user /tmp/install\.sh "/usr/bin/dashIntiFjKCklFyPMJr
User:
user
Integrity Level:
UNKNOWN
Exit code:
256
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
41027sudo chown user /tmp/install.sh/usr/bin/sudodash
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0
/usr/lib/x86_64-linux-gnu/libselinux.so.1
/usr/libexec/sudo/libsudo_util.so.0.0.0
/usr/lib/x86_64-linux-gnu/libc.so.6
/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.10.4
/usr/lib/x86_64-linux-gnu/libnss_systemd.so.2
/usr/libexec/sudo/sudoers.so
/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1
/usr/lib/x86_64-linux-gnu/libz.so.1.2.11
41028chown user /tmp/install.sh/usr/bin/chownsudo
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
41029chmod +x /tmp/install.sh/usr/bin/chmoddash
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
41030sudo -iu user /tmp/install.sh/usr/bin/sudodash
User:
root
Integrity Level:
UNKNOWN
Exit code:
256
Modules
Images
/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0
/usr/lib/x86_64-linux-gnu/libselinux.so.1
/usr/libexec/sudo/libsudo_util.so.0.0.0
/usr/lib/x86_64-linux-gnu/libc.so.6
/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.10.4
/usr/lib/x86_64-linux-gnu/libnss_systemd.so.2
/usr/libexec/sudo/sudoers.so
/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1
/usr/lib/x86_64-linux-gnu/libz.so.1.2.11
41031/bin/bash /tmp/install.sh/usr/bin/bashsudo
User:
user
Integrity Level:
UNKNOWN
Exit code:
256
Modules
Images
/usr/lib/x86_64-linux-gnu/libtinfo.so.6.3
/usr/lib/x86_64-linux-gnu/libc.so.6
41032/usr/bin/locale-check C.UTF-8/usr/bin/locale-checkbash
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libc.so.6
41033sudo apt update/usr/bin/sudobash
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0
/usr/lib/x86_64-linux-gnu/libselinux.so.1
/usr/libexec/sudo/libsudo_util.so.0.0.0
/usr/lib/x86_64-linux-gnu/libc.so.6
/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.10.4
/usr/libexec/sudo/sudoers.so
/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1
/usr/lib/x86_64-linux-gnu/libz.so.1.2.11
/usr/lib/x86_64-linux-gnu/libnss_systemd.so.2
41034apt update/usr/bin/aptsudo
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0
/usr/lib/x86_64-linux-gnu/libapt-pkg.so.6.0.0
/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.30
/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
/usr/lib/x86_64-linux-gnu/libc.so.6
/usr/lib/x86_64-linux-gnu/libz.so.1.2.11
/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4
/usr/lib/x86_64-linux-gnu/liblzma.so.5.2.5
/usr/lib/x86_64-linux-gnu/liblz4.so.1.9.3
/usr/lib/x86_64-linux-gnu/libzstd.so.1.4.8
41035/usr/bin/dpkg --print-foreign-architectures/usr/bin/dpkgapt
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Modules
Images
/usr/lib/x86_64-linux-gnu/libselinux.so.1
/usr/lib/x86_64-linux-gnu/libc.so.6
/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.10.4
Executable files
0
Suspicious files
110
Text files
437
Unknown types
0

Dropped files

PID
Process
Filename
Type
41034apt/tmp/#6029333 (deleted)text
MD5:
SHA256:
41034apt/tmp/#6029335 (deleted)text
MD5:
SHA256:
41034apt/tmp/#6029338 (deleted)text
MD5:
SHA256:
41034apt/tmp/#6029339 (deleted)text
MD5:
SHA256:
41034apt/tmp/#6029364 (deleted)text
MD5:
SHA256:
41034apt/tmp/#6029358 (deleted)text
MD5:
SHA256:
41034apt/tmp/#6029359 (deleted)text
MD5:
SHA256:
41034apt/tmp/#6029378 (deleted)text
MD5:
SHA256:
41034apt/tmp/#6029379 (deleted)text
MD5:
SHA256:
41034apt/tmp/#6029527 (deleted)text
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
86
TCP/UDP connections
20
DNS requests
33
Threats
89

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
41046
http
GET
304
185.125.190.81:80
http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease
unknown
whitelisted
GET
204
91.189.91.96:80
http://connectivity-check.ubuntu.com/
unknown
whitelisted
41045
http
GET
304
185.125.188.87:80
http://archive.canonical.com/ubuntu/dists/jammy/InRelease
unknown
whitelisted
41046
http
GET
200
185.125.190.81:80
http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease
unknown
whitelisted
41046
http
GET
200
185.125.190.81:80
http://archive.ubuntu.com/ubuntu/dists/jammy-security/InRelease
unknown
whitelisted
41046
http
GET
185.125.190.81:80
http://archive.ubuntu.com/ubuntu/dists/jammy-updates/main/i18n/by-hash/SHA256/8f37ea95901da50847dfa4275d962bac4fa61cbc18c83db0360b5f424f623c26
unknown
whitelisted
41046
http
GET
185.125.190.81:80
http://archive.ubuntu.com/ubuntu/dists/jammy-updates/main/binary-i386/by-hash/SHA256/7e191b7e172825b202c319f8bd33d4a1599b695675ee419e68a617d46ad8bedc
unknown
whitelisted
41046
http
GET
185.125.190.81:80
http://archive.ubuntu.com/ubuntu/dists/jammy-updates/main/cnf/by-hash/SHA256/2d0587b6c257f1ca8f7871cca1e552bbfee665d1464a14a1307fe252978e2ee5
unknown
whitelisted
41046
http
GET
185.125.190.81:80
http://archive.ubuntu.com/ubuntu/dists/jammy-updates/main/dep11/by-hash/SHA256/46961106e0e16966be552f2394a73c03bbfeff44673c61e2f26354821ad79869
unknown
whitelisted
41046
http
GET
200
185.125.190.81:80
http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
484
avahi-daemon
224.0.0.251:5353
unknown
185.125.190.48:80
connectivity-check.ubuntu.com
Canonical Group Limited
GB
whitelisted
91.189.91.49:80
connectivity-check.ubuntu.com
Canonical Group Limited
US
whitelisted
169.150.255.183:443
odrs.gnome.org
GB
whitelisted
91.189.91.96:80
connectivity-check.ubuntu.com
Canonical Group Limited
US
whitelisted
512
snapd
185.125.188.58:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
512
snapd
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
41046
http
185.125.190.81:80
archive.ubuntu.com
Canonical Group Limited
GB
whitelisted
41045
http
185.125.188.87:80
archive.canonical.com
Canonical Group Limited
GB
whitelisted
41044
http
142.250.184.238:443
dl.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
connectivity-check.ubuntu.com
  • 185.125.190.48
  • 185.125.190.97
  • 91.189.91.98
  • 185.125.190.96
  • 185.125.190.49
  • 91.189.91.49
  • 91.189.91.96
  • 185.125.190.17
  • 185.125.190.98
  • 185.125.190.18
  • 91.189.91.48
  • 2001:67c:1562::23
  • 2620:2d:4000:1::2a
  • 2620:2d:4000:1::2b
  • 2620:2d:4000:1::96
  • 2620:2d:4000:1::97
  • 2620:2d:4002:1::198
  • 2620:2d:4002:1::196
  • 2001:67c:1562::24
  • 2620:2d:4000:1::98
  • 2620:2d:4000:1::23
  • 2620:2d:4000:1::22
whitelisted
google.com
  • 142.250.186.174
  • 2a00:1450:4001:82a::200e
whitelisted
odrs.gnome.org
  • 169.150.255.183
  • 37.19.194.80
  • 212.102.56.179
  • 207.211.211.26
  • 195.181.170.18
  • 169.150.255.181
  • 195.181.175.41
  • 2a02:6ea0:c700::19
  • 2a02:6ea0:c700::112
  • 2a02:6ea0:c700::107
  • 2a02:6ea0:c700::21
  • 2a02:6ea0:c700::18
  • 2a02:6ea0:c700::11
  • 2a02:6ea0:c700::101
whitelisted
api.snapcraft.io
  • 185.125.188.58
  • 185.125.188.59
  • 185.125.188.54
  • 185.125.188.57
  • 2620:2d:4000:1010::2e6
  • 2620:2d:4000:1010::117
  • 2620:2d:4000:1010::344
  • 2620:2d:4000:1010::42
whitelisted
_http._tcp.archive.ubuntu.com
whitelisted
_http._tcp.archive.canonical.com
whitelisted
_https._tcp.dl.google.com
whitelisted
archive.ubuntu.com
  • 185.125.190.81
  • 91.189.91.83
  • 185.125.190.82
  • 185.125.190.83
  • 91.189.91.81
  • 2620:2d:4000:1::102
  • 2620:2d:4000:1::101
  • 2620:2d:4002:1::103
  • 2620:2d:4000:1::103
  • 2620:2d:4002:1::101
whitelisted
archive.canonical.com
  • 185.125.188.87
  • 185.125.188.12
  • 91.189.91.15
  • 2620:2d:4000:1003::3c9
  • 2001:67c:1562::1c
  • 2620:2d:4000:1003::111
whitelisted
dl.google.com
  • 142.250.184.238
  • 2a00:1450:4001:831::200e
whitelisted

Threats

PID
Process
Class
Message
41045
http
Not Suspicious Traffic
ET INFO GNU/Linux APT User-Agent Outbound likely related to package management
41046
http
Not Suspicious Traffic
ET INFO GNU/Linux APT User-Agent Outbound likely related to package management
41046
http
Not Suspicious Traffic
ET INFO GNU/Linux APT User-Agent Outbound likely related to package management
41046
http
Not Suspicious Traffic
ET INFO GNU/Linux APT User-Agent Outbound likely related to package management
41046
http
Not Suspicious Traffic
ET INFO GNU/Linux APT User-Agent Outbound likely related to package management
41046
http
Not Suspicious Traffic
ET INFO GNU/Linux APT User-Agent Outbound likely related to package management
41046
http
Not Suspicious Traffic
ET INFO GNU/Linux APT User-Agent Outbound likely related to package management
41046
http
Not Suspicious Traffic
ET INFO GNU/Linux APT User-Agent Outbound likely related to package management
41046
http
Not Suspicious Traffic
ET INFO GNU/Linux APT User-Agent Outbound likely related to package management
41046
http
Not Suspicious Traffic
ET INFO GNU/Linux APT User-Agent Outbound likely related to package management
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
install.sh