Analysis

  • max time kernel
    113s
  • max time network
    151s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240729-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    25-11-2024 20:04

General

  • Target

    resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh

  • Size

    1KB

  • MD5

    cba6e6dfa77711fe4a65875b4a77c032

  • SHA1

    66164fc6a7f678daa293570e05963555d418831e

  • SHA256

    17d0c0361e8a66efc1db45004a75fad9cb33426d6c07b90db838929c4ae96a74

  • SHA512

    7d30bb242d3deb0e7e3df8881103bfa868cddbd6ff01aaae6d64aa37eecaaf145785e21882e2fdf1c9e6aee2e05a1d888438a1fc780fb78c36e22e4ebd496842

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 32 IoCs

    Malware often drops required files in the /tmp directory.

  • Software Deployment Tools 1 TTPs 4 IoCs

    Use software deployment tools to execute code.

Processes

  • /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
    /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
    1⤵
      PID:815
    • /usr/local/sbin/bash
      bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
      1⤵
        PID:815
      • /usr/local/bin/bash
        bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
        1⤵
          PID:815
        • /usr/sbin/bash
          bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
          1⤵
            PID:815
          • /usr/bin/bash
            bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
            1⤵
              PID:815
            • /sbin/bash
              bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
              1⤵
                PID:815
              • /bin/bash
                bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
                1⤵
                  PID:815
                  • /usr/bin/arch
                    arch
                    2⤵
                      PID:816
                    • /bin/bash
                      bash -c "source /etc/os-release && echo \$ID"
                      2⤵
                        PID:821
                      • /usr/bin/dpkg
                        dpkg --get-selections
                        2⤵
                        • Reads runtime system information
                        • Software Deployment Tools
                        PID:822
                      • /bin/grep
                        grep -q "^google-chrome-beta[[:space:]]*install\$"
                        2⤵
                          PID:823
                        • /usr/bin/apt-get
                          apt-get update
                          2⤵
                          • Reads runtime system information
                          • Writes file to tmp directory
                          • Software Deployment Tools
                          PID:824
                          • /usr/bin/dpkg
                            /usr/bin/dpkg --print-foreign-architectures
                            3⤵
                              PID:825
                            • /usr/lib/apt/methods/http
                              /usr/lib/apt/methods/http
                              3⤵
                                PID:826
                              • /usr/lib/apt/methods/https
                                /usr/lib/apt/methods/https
                                3⤵
                                  PID:827
                                • /usr/lib/apt/methods/https
                                  /usr/lib/apt/methods/https
                                  3⤵
                                  • Reads runtime system information
                                  PID:828
                                • /usr/lib/apt/methods/http
                                  /usr/lib/apt/methods/http
                                  3⤵
                                    PID:829
                                  • /usr/lib/apt/methods/gpgv
                                    /usr/lib/apt/methods/gpgv
                                    3⤵
                                      PID:831
                                    • /usr/lib/apt/methods/gpgv
                                      /usr/lib/apt/methods/gpgv
                                      3⤵
                                      • Reads runtime system information
                                      • Writes file to tmp directory
                                      PID:832
                                      • /usr/bin/apt-key
                                        /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.2rG6Tj /tmp/apt.data.SnhQTp
                                        4⤵
                                        • Writes file to tmp directory
                                        PID:834
                                        • /usr/bin/apt-config
                                          apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
                                          5⤵
                                          • Reads runtime system information
                                          PID:836
                                          • /usr/bin/dpkg
                                            /usr/bin/dpkg --print-foreign-architectures
                                            6⤵
                                            • Reads runtime system information
                                            PID:837
                                        • /usr/bin/apt-config
                                          apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
                                          5⤵
                                          • Reads runtime system information
                                          PID:838
                                          • /usr/bin/dpkg
                                            /usr/bin/dpkg --print-foreign-architectures
                                            6⤵
                                            • Reads runtime system information
                                            PID:839
                                        • /usr/bin/apt-config
                                          apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
                                          5⤵
                                          • Reads runtime system information
                                          PID:840
                                          • /usr/bin/dpkg
                                            /usr/bin/dpkg --print-foreign-architectures
                                            6⤵
                                            • Reads runtime system information
                                            PID:841
                                        • /usr/bin/apt-config
                                          apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
                                          5⤵
                                          • Reads runtime system information
                                          PID:842
                                          • /usr/bin/dpkg
                                            /usr/bin/dpkg --print-foreign-architectures
                                            6⤵
                                            • Reads runtime system information
                                            PID:843
                                        • /usr/bin/apt-config
                                          apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
                                          5⤵
                                          • Reads runtime system information
                                          PID:844
                                          • /usr/bin/dpkg
                                            /usr/bin/dpkg --print-foreign-architectures
                                            6⤵
                                              PID:845
                                          • /usr/bin/apt-config
                                            apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
                                            5⤵
                                            • Reads runtime system information
                                            PID:846
                                            • /usr/bin/dpkg
                                              /usr/bin/dpkg --print-foreign-architectures
                                              6⤵
                                              • Reads runtime system information
                                              PID:847
                                          • /usr/bin/apt-config
                                            apt-config shell GPGV Apt::Key::gpgvcommand
                                            5⤵
                                            • Reads runtime system information
                                            PID:849
                                            • /usr/bin/dpkg
                                              /usr/bin/dpkg --print-foreign-architectures
                                              6⤵
                                              • Reads runtime system information
                                              PID:850
                                          • /bin/mktemp
                                            mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
                                            5⤵
                                              PID:851
                                            • /bin/chmod
                                              chmod 700 /tmp/apt-key-gpghome.yRCO2eBOmJ
                                              5⤵
                                                PID:852
                                              • /bin/readlink
                                                readlink -f /tmp/apt-key-gpghome.yRCO2eBOmJ
                                                5⤵
                                                  PID:853
                                                • /bin/rm
                                                  rm -f /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg
                                                  5⤵
                                                    PID:854
                                                  • /usr/bin/touch
                                                    touch /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg
                                                    5⤵
                                                    • Writes file to tmp directory
                                                    PID:855
                                                  • /usr/bin/apt-config
                                                    apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
                                                    5⤵
                                                    • Reads runtime system information
                                                    PID:856
                                                    • /usr/bin/dpkg
                                                      /usr/bin/dpkg --print-foreign-architectures
                                                      6⤵
                                                      • Reads runtime system information
                                                      PID:857
                                                  • /bin/readlink
                                                    readlink -f /etc/apt/trusted.gpg.d/
                                                    5⤵
                                                      PID:858
                                                    • /usr/bin/find
                                                      find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
                                                      5⤵
                                                      • Reads runtime system information
                                                      PID:859
                                                    • /usr/bin/sort
                                                      sort
                                                      5⤵
                                                        PID:862
                                                      • /bin/cat
                                                        cat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
                                                        5⤵
                                                          PID:864
                                                        • /bin/cat
                                                          cat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
                                                          5⤵
                                                            PID:866
                                                          • /bin/cat
                                                            cat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
                                                            5⤵
                                                              PID:868
                                                            • /bin/cat
                                                              cat /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
                                                              5⤵
                                                                PID:870
                                                              • /bin/cat
                                                                cat /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
                                                                5⤵
                                                                  PID:872
                                                                • /bin/cat
                                                                  cat /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
                                                                  5⤵
                                                                    PID:874
                                                                  • /bin/cat
                                                                    cat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
                                                                    5⤵
                                                                      PID:876
                                                                    • /bin/cat
                                                                      cat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
                                                                      5⤵
                                                                        PID:878
                                                                      • /bin/cat
                                                                        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
                                                                        5⤵
                                                                          PID:880
                                                                        • /bin/cp
                                                                          cp -a /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.orig.gpg
                                                                          5⤵
                                                                          • Reads runtime system information
                                                                          • Writes file to tmp directory
                                                                          PID:881
                                                                        • /bin/sed
                                                                          sed -e "s#'#'\"'\"'#g"
                                                                          5⤵
                                                                          • Reads runtime system information
                                                                          PID:884
                                                                        • /bin/sed
                                                                          sed -e "s#'#'\"'\"'#g"
                                                                          5⤵
                                                                            PID:887
                                                                          • /usr/bin/gpgv
                                                                            gpgv --homedir /tmp/apt-key-gpghome.yRCO2eBOmJ --keyring /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.2rG6Tj /tmp/apt.data.SnhQTp
                                                                            5⤵
                                                                            • Reads runtime system information
                                                                            PID:888
                                                                          • /usr/bin/gpgconf
                                                                            gpgconf --kill gpg-agent
                                                                            5⤵
                                                                            • Reads runtime system information
                                                                            PID:889
                                                                            • /usr/bin/gpg-connect-agent
                                                                              gpg-connect-agent --no-autostart KILLAGENT
                                                                              6⤵
                                                                              • Reads runtime system information
                                                                              PID:890
                                                                          • /bin/rm
                                                                            rm -rf /tmp/apt-key-gpghome.yRCO2eBOmJ
                                                                            5⤵
                                                                              PID:891
                                                                          • /usr/bin/apt-key
                                                                            /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release.gpg /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release
                                                                            4⤵
                                                                            • Writes file to tmp directory
                                                                            PID:893
                                                                            • /usr/bin/apt-config
                                                                              apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
                                                                              5⤵
                                                                                PID:895
                                                                                • /usr/bin/dpkg
                                                                                  /usr/bin/dpkg --print-foreign-architectures
                                                                                  6⤵
                                                                                  • Reads runtime system information
                                                                                  PID:896
                                                                              • /usr/bin/apt-config
                                                                                apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
                                                                                5⤵
                                                                                  PID:897
                                                                                  • /usr/bin/dpkg
                                                                                    /usr/bin/dpkg --print-foreign-architectures
                                                                                    6⤵
                                                                                    • Reads runtime system information
                                                                                    PID:898
                                                                                • /usr/bin/apt-config
                                                                                  apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
                                                                                  5⤵
                                                                                    PID:899
                                                                                    • /usr/bin/dpkg
                                                                                      /usr/bin/dpkg --print-foreign-architectures
                                                                                      6⤵
                                                                                      • Reads runtime system information
                                                                                      PID:900
                                                                                  • /usr/bin/apt-config
                                                                                    apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
                                                                                    5⤵
                                                                                    • Reads runtime system information
                                                                                    PID:901
                                                                                    • /usr/bin/dpkg
                                                                                      /usr/bin/dpkg --print-foreign-architectures
                                                                                      6⤵
                                                                                      • Reads runtime system information
                                                                                      PID:902
                                                                                  • /usr/bin/apt-config
                                                                                    apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
                                                                                    5⤵
                                                                                    • Reads runtime system information
                                                                                    PID:903
                                                                                    • /usr/bin/dpkg
                                                                                      /usr/bin/dpkg --print-foreign-architectures
                                                                                      6⤵
                                                                                        PID:904
                                                                                    • /usr/bin/apt-config
                                                                                      apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
                                                                                      5⤵
                                                                                      • Reads runtime system information
                                                                                      PID:905
                                                                                      • /usr/bin/dpkg
                                                                                        /usr/bin/dpkg --print-foreign-architectures
                                                                                        6⤵
                                                                                        • Reads runtime system information
                                                                                        PID:906
                                                                                    • /usr/bin/apt-config
                                                                                      apt-config shell GPGV Apt::Key::gpgvcommand
                                                                                      5⤵
                                                                                      • Reads runtime system information
                                                                                      PID:908
                                                                                      • /usr/bin/dpkg
                                                                                        /usr/bin/dpkg --print-foreign-architectures
                                                                                        6⤵
                                                                                          PID:909
                                                                                      • /bin/mktemp
                                                                                        mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
                                                                                        5⤵
                                                                                          PID:910
                                                                                        • /bin/chmod
                                                                                          chmod 700 /tmp/apt-key-gpghome.1H4subAFrZ
                                                                                          5⤵
                                                                                            PID:911
                                                                                          • /bin/readlink
                                                                                            readlink -f /tmp/apt-key-gpghome.1H4subAFrZ
                                                                                            5⤵
                                                                                              PID:912
                                                                                            • /bin/rm
                                                                                              rm -f /tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg
                                                                                              5⤵
                                                                                                PID:913
                                                                                              • /usr/bin/touch
                                                                                                touch /tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg
                                                                                                5⤵
                                                                                                • Writes file to tmp directory
                                                                                                PID:914
                                                                                              • /usr/bin/apt-config
                                                                                                apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
                                                                                                5⤵
                                                                                                • Reads runtime system information
                                                                                                PID:915
                                                                                                • /usr/bin/dpkg
                                                                                                  /usr/bin/dpkg --print-foreign-architectures
                                                                                                  6⤵
                                                                                                  • Reads runtime system information
                                                                                                  PID:916
                                                                                              • /bin/readlink
                                                                                                readlink -f /etc/apt/trusted.gpg.d/
                                                                                                5⤵
                                                                                                  PID:917
                                                                                                • /usr/bin/find
                                                                                                  find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
                                                                                                  5⤵
                                                                                                  • Reads runtime system information
                                                                                                  PID:918
                                                                                                • /usr/bin/sort
                                                                                                  sort
                                                                                                  5⤵
                                                                                                    PID:921
                                                                                                  • /bin/cat
                                                                                                    cat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
                                                                                                    5⤵
                                                                                                      PID:923
                                                                                                    • /bin/cat
                                                                                                      cat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
                                                                                                      5⤵
                                                                                                        PID:925
                                                                                                      • /bin/cat
                                                                                                        cat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
                                                                                                        5⤵
                                                                                                          PID:927
                                                                                                        • /bin/cat
                                                                                                          cat /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
                                                                                                          5⤵
                                                                                                            PID:929
                                                                                                          • /bin/cat
                                                                                                            cat /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
                                                                                                            5⤵
                                                                                                              PID:931
                                                                                                            • /bin/cat
                                                                                                              cat /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
                                                                                                              5⤵
                                                                                                                PID:933
                                                                                                              • /bin/cat
                                                                                                                cat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
                                                                                                                5⤵
                                                                                                                  PID:935
                                                                                                                • /bin/cat
                                                                                                                  cat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
                                                                                                                  5⤵
                                                                                                                    PID:937
                                                                                                                  • /bin/cat
                                                                                                                    cat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
                                                                                                                    5⤵
                                                                                                                      PID:939
                                                                                                                    • /bin/cp
                                                                                                                      cp -a /tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg /tmp/apt-key-gpghome.1H4subAFrZ/pubring.orig.gpg
                                                                                                                      5⤵
                                                                                                                      • Reads runtime system information
                                                                                                                      • Writes file to tmp directory
                                                                                                                      PID:940
                                                                                                                    • /bin/sed
                                                                                                                      sed -e "s#'#'\"'\"'#g"
                                                                                                                      5⤵
                                                                                                                      • Reads runtime system information
                                                                                                                      PID:943
                                                                                                                    • /bin/sed
                                                                                                                      sed -e "s#'#'\"'\"'#g"
                                                                                                                      5⤵
                                                                                                                      • Reads runtime system information
                                                                                                                      PID:946
                                                                                                                    • /usr/bin/gpgv
                                                                                                                      gpgv --homedir /tmp/apt-key-gpghome.1H4subAFrZ --keyring /tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg --ignore-time-conflict --status-fd 3 /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release.gpg /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release
                                                                                                                      5⤵
                                                                                                                      • Reads runtime system information
                                                                                                                      PID:947
                                                                                                                    • /usr/bin/gpgconf
                                                                                                                      gpgconf --kill gpg-agent
                                                                                                                      5⤵
                                                                                                                      • Reads runtime system information
                                                                                                                      PID:948
                                                                                                                      • /usr/bin/gpg-connect-agent
                                                                                                                        gpg-connect-agent --no-autostart KILLAGENT
                                                                                                                        6⤵
                                                                                                                        • Reads runtime system information
                                                                                                                        PID:949
                                                                                                                    • /bin/rm
                                                                                                                      rm -rf /tmp/apt-key-gpghome.1H4subAFrZ
                                                                                                                      5⤵
                                                                                                                        PID:950
                                                                                                                    • /usr/bin/apt-key
                                                                                                                      /usr/bin/apt-key --quiet --readonly --keyring /etc/apt/keyrings/nodesource.gpg verify --status-fd 3 /tmp/apt.sig.GdNlX4 /tmp/apt.data.nkXzpx
                                                                                                                      4⤵
                                                                                                                      • Writes file to tmp directory
                                                                                                                      PID:952
                                                                                                                      • /usr/bin/apt-config
                                                                                                                        apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
                                                                                                                        5⤵
                                                                                                                        • Reads runtime system information
                                                                                                                        PID:954
                                                                                                                        • /usr/bin/dpkg
                                                                                                                          /usr/bin/dpkg --print-foreign-architectures
                                                                                                                          6⤵
                                                                                                                          • Reads runtime system information
                                                                                                                          PID:955
                                                                                                                      • /usr/bin/apt-config
                                                                                                                        apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
                                                                                                                        5⤵
                                                                                                                        • Reads runtime system information
                                                                                                                        PID:956
                                                                                                                        • /usr/bin/dpkg
                                                                                                                          /usr/bin/dpkg --print-foreign-architectures
                                                                                                                          6⤵
                                                                                                                          • Reads runtime system information
                                                                                                                          PID:957
                                                                                                                      • /usr/bin/apt-config
                                                                                                                        apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
                                                                                                                        5⤵
                                                                                                                        • Reads runtime system information
                                                                                                                        PID:958
                                                                                                                        • /usr/bin/dpkg
                                                                                                                          /usr/bin/dpkg --print-foreign-architectures
                                                                                                                          6⤵
                                                                                                                          • Reads runtime system information
                                                                                                                          PID:959
                                                                                                                      • /usr/bin/apt-config
                                                                                                                        apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
                                                                                                                        5⤵
                                                                                                                        • Reads runtime system information
                                                                                                                        PID:960
                                                                                                                        • /usr/bin/dpkg
                                                                                                                          /usr/bin/dpkg --print-foreign-architectures
                                                                                                                          6⤵
                                                                                                                          • Reads runtime system information
                                                                                                                          PID:961
                                                                                                                      • /usr/bin/apt-config
                                                                                                                        apt-config shell GPGV Apt::Key::gpgvcommand
                                                                                                                        5⤵
                                                                                                                          PID:963
                                                                                                                          • /usr/bin/dpkg
                                                                                                                            /usr/bin/dpkg --print-foreign-architectures
                                                                                                                            6⤵
                                                                                                                            • Reads runtime system information
                                                                                                                            PID:964
                                                                                                                        • /bin/mktemp
                                                                                                                          mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
                                                                                                                          5⤵
                                                                                                                            PID:965
                                                                                                                          • /bin/chmod
                                                                                                                            chmod 700 /tmp/apt-key-gpghome.e7BP4e9eR1
                                                                                                                            5⤵
                                                                                                                              PID:966
                                                                                                                            • /bin/sed
                                                                                                                              sed -e "s#'#'\"'\"'#g"
                                                                                                                              5⤵
                                                                                                                              • Reads runtime system information
                                                                                                                              PID:970
                                                                                                                            • /bin/sed
                                                                                                                              sed -e "s#'#'\"'\"'#g"
                                                                                                                              5⤵
                                                                                                                                PID:973
                                                                                                                              • /usr/bin/gpgv
                                                                                                                                gpgv --homedir /tmp/apt-key-gpghome.e7BP4e9eR1 --keyring /etc/apt/keyrings/nodesource.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.GdNlX4 /tmp/apt.data.nkXzpx
                                                                                                                                5⤵
                                                                                                                                  PID:975
                                                                                                                                • /usr/bin/gpgconf
                                                                                                                                  gpgconf --kill gpg-agent
                                                                                                                                  5⤵
                                                                                                                                  • Reads runtime system information
                                                                                                                                  PID:976
                                                                                                                                  • /usr/bin/gpg-connect-agent
                                                                                                                                    gpg-connect-agent --no-autostart KILLAGENT
                                                                                                                                    6⤵
                                                                                                                                    • Reads runtime system information
                                                                                                                                    PID:977
                                                                                                                                • /bin/rm
                                                                                                                                  rm -rf /tmp/apt-key-gpghome.e7BP4e9eR1
                                                                                                                                  5⤵
                                                                                                                                    PID:978
                                                                                                                              • /usr/bin/dpkg
                                                                                                                                /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                3⤵
                                                                                                                                  PID:979
                                                                                                                                • /usr/bin/dpkg
                                                                                                                                  /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                  3⤵
                                                                                                                                  • Reads runtime system information
                                                                                                                                  PID:980
                                                                                                                              • /usr/bin/curl
                                                                                                                                curl -O https://dl.google.com/linux/direct/google-chrome-beta_current_amd64.deb
                                                                                                                                2⤵
                                                                                                                                • Reads runtime system information
                                                                                                                                • Writes file to tmp directory
                                                                                                                                PID:981
                                                                                                                              • /usr/bin/apt-get
                                                                                                                                apt-get install -y ./google-chrome-beta_current_amd64.deb
                                                                                                                                2⤵
                                                                                                                                • Reads runtime system information
                                                                                                                                • Writes file to tmp directory
                                                                                                                                • Software Deployment Tools
                                                                                                                                PID:983
                                                                                                                                • /usr/bin/dpkg
                                                                                                                                  /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                  3⤵
                                                                                                                                  • Reads runtime system information
                                                                                                                                  PID:984
                                                                                                                                • /usr/bin/dpkg
                                                                                                                                  /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                  3⤵
                                                                                                                                    PID:985
                                                                                                                                  • /usr/bin/dpkg
                                                                                                                                    /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                    3⤵
                                                                                                                                    • Reads runtime system information
                                                                                                                                    PID:986
                                                                                                                                  • /usr/bin/dpkg
                                                                                                                                    /usr/bin/dpkg -I /tmp/google-chrome-beta_current_amd64.deb control
                                                                                                                                    3⤵
                                                                                                                                    • Reads runtime system information
                                                                                                                                    • Software Deployment Tools
                                                                                                                                    PID:987
                                                                                                                                  • /usr/local/sbin/dpkg-deb
                                                                                                                                    dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
                                                                                                                                    3⤵
                                                                                                                                      PID:987
                                                                                                                                    • /usr/local/bin/dpkg-deb
                                                                                                                                      dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
                                                                                                                                      3⤵
                                                                                                                                        PID:987
                                                                                                                                      • /usr/sbin/dpkg-deb
                                                                                                                                        dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
                                                                                                                                        3⤵
                                                                                                                                          PID:987
                                                                                                                                        • /usr/bin/dpkg-deb
                                                                                                                                          dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
                                                                                                                                          3⤵
                                                                                                                                            PID:987
                                                                                                                                            • /usr/local/sbin/tar
                                                                                                                                              tar -x -m -f - "--warning=no-timestamp"
                                                                                                                                              4⤵
                                                                                                                                                PID:990
                                                                                                                                              • /usr/local/bin/tar
                                                                                                                                                tar -x -m -f - "--warning=no-timestamp"
                                                                                                                                                4⤵
                                                                                                                                                  PID:990
                                                                                                                                                • /usr/sbin/tar
                                                                                                                                                  tar -x -m -f - "--warning=no-timestamp"
                                                                                                                                                  4⤵
                                                                                                                                                    PID:990
                                                                                                                                                  • /usr/bin/tar
                                                                                                                                                    tar -x -m -f - "--warning=no-timestamp"
                                                                                                                                                    4⤵
                                                                                                                                                      PID:990
                                                                                                                                                    • /sbin/tar
                                                                                                                                                      tar -x -m -f - "--warning=no-timestamp"
                                                                                                                                                      4⤵
                                                                                                                                                        PID:990
                                                                                                                                                      • /bin/tar
                                                                                                                                                        tar -x -m -f - "--warning=no-timestamp"
                                                                                                                                                        4⤵
                                                                                                                                                        • Reads runtime system information
                                                                                                                                                        PID:990
                                                                                                                                                      • /usr/local/sbin/rm
                                                                                                                                                        rm -rf -- /tmp/dpkg-deb.kqgKI7
                                                                                                                                                        4⤵
                                                                                                                                                          PID:991
                                                                                                                                                        • /usr/local/bin/rm
                                                                                                                                                          rm -rf -- /tmp/dpkg-deb.kqgKI7
                                                                                                                                                          4⤵
                                                                                                                                                            PID:991
                                                                                                                                                          • /usr/sbin/rm
                                                                                                                                                            rm -rf -- /tmp/dpkg-deb.kqgKI7
                                                                                                                                                            4⤵
                                                                                                                                                              PID:991
                                                                                                                                                            • /usr/bin/rm
                                                                                                                                                              rm -rf -- /tmp/dpkg-deb.kqgKI7
                                                                                                                                                              4⤵
                                                                                                                                                                PID:991
                                                                                                                                                              • /sbin/rm
                                                                                                                                                                rm -rf -- /tmp/dpkg-deb.kqgKI7
                                                                                                                                                                4⤵
                                                                                                                                                                  PID:991
                                                                                                                                                                • /bin/rm
                                                                                                                                                                  rm -rf -- /tmp/dpkg-deb.kqgKI7
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:991
                                                                                                                                                                • /usr/bin/dpkg
                                                                                                                                                                  /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                                  3⤵
                                                                                                                                                                    PID:992

                                                                                                                                                              Network

                                                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                                                              Replay Monitor

                                                                                                                                                              Loading Replay Monitor...

                                                                                                                                                              Downloads

                                                                                                                                                              • /tmp/apt-key-gpghome.1H4subAFrZ/gpg.1.sh

                                                                                                                                                                Filesize

                                                                                                                                                                82B

                                                                                                                                                                MD5

                                                                                                                                                                05c3778dc9407fd30b8979bc17d2601d

                                                                                                                                                                SHA1

                                                                                                                                                                7d1449d480f5ecd392f58eff3d143c93f54a21e4

                                                                                                                                                                SHA256

                                                                                                                                                                05602dcd1e5c07bbfeb2115ff2b5683e2a2b1cb12ebf05d364ed6ca2e529417e

                                                                                                                                                                SHA512

                                                                                                                                                                8612d09db07110ae13f62c93bc5d44fc4451da6805ff3bf4988cbc0e55e984ecff54285670b6dee18815ef508ca4dc3aba83537c2805ce87012f6b406c74ab66

                                                                                                                                                              • /tmp/apt-key-gpghome.e7BP4e9eR1/gpg.1.sh

                                                                                                                                                                Filesize

                                                                                                                                                                71B

                                                                                                                                                                MD5

                                                                                                                                                                4a502d34c9274bf20ac5781ec24f97d5

                                                                                                                                                                SHA1

                                                                                                                                                                524c16347caa1e4e4c89fe3a397248a4059be41c

                                                                                                                                                                SHA256

                                                                                                                                                                11f70f1f445376846199cd886a909f58a5eca110d2539720b1b938410836514d

                                                                                                                                                                SHA512

                                                                                                                                                                93ef1e10a3d08717b72b129dced28bd24adf1f94b86631b53ab15b5156b0c1b692962ce29c53f3ce9ef08b42a12db213927f1b1bca4a3f534de8f3ea7441a1bf

                                                                                                                                                              • /tmp/apt-key-gpghome.yRCO2eBOmJ/gpg.1.sh

                                                                                                                                                                Filesize

                                                                                                                                                                82B

                                                                                                                                                                MD5

                                                                                                                                                                753ebce1fe66fbe706f12a47a36c3acf

                                                                                                                                                                SHA1

                                                                                                                                                                f51333a188bf519afc3c15b71fca5352a5996f01

                                                                                                                                                                SHA256

                                                                                                                                                                359f95f02d3b5a982116c34f571a266b34ee014a00af0ccd93832113a5351017

                                                                                                                                                                SHA512

                                                                                                                                                                b349e62013249604feb138dba2cc6c30039037f19804a30445c013dc9a70fd9f054bcdd3fd48484d3d363fbd1cf43b8ebd8a87d72e4943947a3641d4fe5eded4

                                                                                                                                                              • /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg

                                                                                                                                                                Filesize

                                                                                                                                                                15KB

                                                                                                                                                                MD5

                                                                                                                                                                2713b38b3d7345961d8b80f4463483b8

                                                                                                                                                                SHA1

                                                                                                                                                                e6ec76aaebfea6a82f7984b57e07522a20365201

                                                                                                                                                                SHA256

                                                                                                                                                                389d00b5cbd2f69f32065448000a0607aec056e39af958f62e89c4c7e6228248

                                                                                                                                                                SHA512

                                                                                                                                                                ecee7b3045f49f7fa7443a8658602817bb2c8d2d07ae930536e3f2daaa5854903bf339af6c2fd4b02f8627f050ce360d2feddcf40569b58d304cfc459f418978

                                                                                                                                                              • /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg

                                                                                                                                                                Filesize

                                                                                                                                                                18KB

                                                                                                                                                                MD5

                                                                                                                                                                760d3ab91f417958475b9a6342a5b92e

                                                                                                                                                                SHA1

                                                                                                                                                                137a06aea4b5c9e9ca11f0f5f1225da1c275c334

                                                                                                                                                                SHA256

                                                                                                                                                                42b348802c4290af6f9f30f984513f22fdd342ac3561ccb82957561a6b7c291f

                                                                                                                                                                SHA512

                                                                                                                                                                6cefcfae1c95c94b66b46d9242e62ddf7d7c65bd8d9bc9dc4e4c6230443ba33668ed160e1882f48a0b5daf59a46ccca09240ebe666017f059bd55e02fb1f2db6

                                                                                                                                                              • /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg

                                                                                                                                                                Filesize

                                                                                                                                                                23KB

                                                                                                                                                                MD5

                                                                                                                                                                d63fbab9dfb826d53f7b3aaea45dbfb5

                                                                                                                                                                SHA1

                                                                                                                                                                59841d8e5423f788292af76d4350a948f4e25f53

                                                                                                                                                                SHA256

                                                                                                                                                                de329f1f48b751a7527f8ce3150452a4282ce69990e9318ab82d5b46b9f751ca

                                                                                                                                                                SHA512

                                                                                                                                                                20118f98c87eb60f0abafd5b4c2ffb4b1faf92777ee7402b98c0f5dc42d492c83f94d6903bdeee006187ac344a57afeaa84b54a973b483ff13e49773071d8198

                                                                                                                                                              • /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg

                                                                                                                                                                Filesize

                                                                                                                                                                47KB

                                                                                                                                                                MD5

                                                                                                                                                                a4dc094481f22304cab5550218e6e4de

                                                                                                                                                                SHA1

                                                                                                                                                                f5886a324c0c026d0168656f23d1d898a0e43bd6

                                                                                                                                                                SHA256

                                                                                                                                                                eef8c4d7d518a986e4f1cfeec729b55369b863ed6b62a23cbe9d88aa56de5391

                                                                                                                                                                SHA512

                                                                                                                                                                0f040c957db3d500ba18315db33cca6eb18f9c80d952710f839833a73dd89b72e2e01178084c17348e312a427a6b9150937199b4912e71dfd1a7e2dd43723f68

                                                                                                                                                              • /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg

                                                                                                                                                                Filesize

                                                                                                                                                                7KB

                                                                                                                                                                MD5

                                                                                                                                                                b53e6ca4ed295fc38621315853f623d0

                                                                                                                                                                SHA1

                                                                                                                                                                45a416f014809735ec88854a3540c8e9e89eb102

                                                                                                                                                                SHA256

                                                                                                                                                                6246307cc0130f6bd52510a477960f7c7be431b25979d7e20a88dc2fac58ac93

                                                                                                                                                                SHA512

                                                                                                                                                                30b5d2571840c2319a4af3907afda8ab00cf2879c83aaee1048ca972c0d3ddbf7995a167a31b19c45195b636ab46e73b0534459c6ee79c557fac8bfc01d857ac

                                                                                                                                                              • /tmp/apt.conf.Ugkmfd

                                                                                                                                                                Filesize

                                                                                                                                                                7KB

                                                                                                                                                                MD5

                                                                                                                                                                888b69612f796e76004b6312f7c07c5a

                                                                                                                                                                SHA1

                                                                                                                                                                8473a4114b60f4f93150e08c44f6908069943b43

                                                                                                                                                                SHA256

                                                                                                                                                                b84b8be5406657e163fd2333afc00de1b91df4837563bfe330f34e30402456e2

                                                                                                                                                                SHA512

                                                                                                                                                                76e05e08200975efbac0b1ebbc232135d35ad6b16bbe8b0238f01b6f9acf712a2479bf309aa81eb8eacfc3ee823a531b4e9b89cbf1364b1bf84c04abb90122bd

                                                                                                                                                              • /tmp/apt.data.SnhQTp

                                                                                                                                                                Filesize

                                                                                                                                                                56KB

                                                                                                                                                                MD5

                                                                                                                                                                fd96c8ce5d0ef18d63bbe9ae17bb2659

                                                                                                                                                                SHA1

                                                                                                                                                                76b284743d95d3546df9d85c09712c830a30f614

                                                                                                                                                                SHA256

                                                                                                                                                                ffc8a7a283b61633aac383ddf8f863df3f39ef241a07a4127f51a2495ef674b3

                                                                                                                                                                SHA512

                                                                                                                                                                2486acdfc102f8f8498d8db2f205915115444dd118507369044202dc9a97109b4c738a2faf16c1f5ce5e4452ae0af17ae4691ac3bf5e7c5e2db271c0f40a4cb2

                                                                                                                                                              • /tmp/apt.sig.2rG6Tj

                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                70274ce622b0cc437ef7f0caddc9d232

                                                                                                                                                                SHA1

                                                                                                                                                                124513a3ad2eb5aafa9be0920681e3bb8625979b

                                                                                                                                                                SHA256

                                                                                                                                                                4055d2ccc7c4be062ed390944548206ece5ed7613eae114b9e53ef15f3905230

                                                                                                                                                                SHA512

                                                                                                                                                                fed0054da258bb4a99e8adac359322d9ecc67caeee872309ea7d9863db6a1ec2a55497100e31538f42b43b9efc997e779e3774c8a0c6b0206254d7252d8699c8

                                                                                                                                                              • /tmp/deb-file-google-chrome-beta_current_amd64.deb.gwVudj

                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                d2243d917c693153285072570ebb2c44

                                                                                                                                                                SHA1

                                                                                                                                                                dbb431f2031f9b67b6f8dc2a41397b69fa6eabae

                                                                                                                                                                SHA256

                                                                                                                                                                e9c3f01dd52ccaf8a7b65696f23c4ae1eae581bd49652d29f6de96f678b34d07

                                                                                                                                                                SHA512

                                                                                                                                                                d825796e5de2dd7965e762cfc26dd24f418e478c4b6033ce907c586aff8f50408d7492029f0f713230ddd6570d80d4633c8f0807ad3d08e29cb6a6368d2eeb00

                                                                                                                                                              • /tmp/dpkg-deb.kqgKI7/control

                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                92902d303461b5c905c667bb82d55c65

                                                                                                                                                                SHA1

                                                                                                                                                                b623d1c8e9060eb426d19605cd810c9cf98d0b54

                                                                                                                                                                SHA256

                                                                                                                                                                66f6f543870d7e667bb870edceb9960ed67c3a972b36bbc69498e0f19430b7d8

                                                                                                                                                                SHA512

                                                                                                                                                                9fa1bcd0af361ba9a5c7537c5a6759455e95b7e089490b581d59ec8cb5d571c68c1dd38f4ebf557bd27a529035dbc9e25a45c2e1f7ba611565f75b87ff67144e

                                                                                                                                                              • /tmp/dpkg-deb.kqgKI7/postinst

                                                                                                                                                                Filesize

                                                                                                                                                                26KB

                                                                                                                                                                MD5

                                                                                                                                                                7a4c06a537cf3e4e7ea4f00cf08e3bc6

                                                                                                                                                                SHA1

                                                                                                                                                                08d30f017d78966e9041181e5e675b015dc14107

                                                                                                                                                                SHA256

                                                                                                                                                                038f43a8b161ef4827d0a63b750ec201ec67d9c987fb228e976f10263d326582

                                                                                                                                                                SHA512

                                                                                                                                                                b2b5711d89b617223dab45ae5d19547db33f3ed628df32b8a2a8cfd1491592d1ead93560d0b3814e0209d5079a4e6f3d4ec7841f5f5696ae785407c50d91dc62

                                                                                                                                                              • /tmp/dpkg-deb.kqgKI7/postrm

                                                                                                                                                                Filesize

                                                                                                                                                                21KB

                                                                                                                                                                MD5

                                                                                                                                                                e0b6dec9aa6ff430754e64445ade2317

                                                                                                                                                                SHA1

                                                                                                                                                                ad1ee754557676cac6a802fa740e005bf06c8470

                                                                                                                                                                SHA256

                                                                                                                                                                5135a12604f40aeb7df1ab660717bf4806d1188b89234e0453973c85ecb1f74c

                                                                                                                                                                SHA512

                                                                                                                                                                d1e626f7380bf9222b2c4dadc604f9b901678816f55ad6afa70fe252844b5b107d050ecede2156d4b229a092c96ff4f2237e8bee76dd401bf4dba4af620faf70

                                                                                                                                                              • /tmp/dpkg-deb.kqgKI7/prerm

                                                                                                                                                                Filesize

                                                                                                                                                                1KB

                                                                                                                                                                MD5

                                                                                                                                                                c48bb92ddb66eadecc16d75efdb9edc5

                                                                                                                                                                SHA1

                                                                                                                                                                c5ceefc1b8b90e7d2145cebc3fb9b2a74ffecc56

                                                                                                                                                                SHA256

                                                                                                                                                                f826c434426ec15fb67203fd51827c96a128305d6fce9019f904d3abdca733b7

                                                                                                                                                                SHA512

                                                                                                                                                                031c5df9169724d4426567b674234feb87845e23932b962f3adfbd859527e1a8a424f34322854bc1921f0402a19e669a0e7f146d10f1e34d9d20834359e75f93

                                                                                                                                                              • /tmp/google-chrome-beta_current_amd64.deb

                                                                                                                                                                Filesize

                                                                                                                                                                107.0MB

                                                                                                                                                                MD5

                                                                                                                                                                cb9cdad386cb15429e9d5428a3045d3c

                                                                                                                                                                SHA1

                                                                                                                                                                0b90aab042df7bbe50bb3316a6aa1b8061dc3d13

                                                                                                                                                                SHA256

                                                                                                                                                                1104a0635e1c00e63a58da09f795c3b66a5ddb4d8a77b32768fd1911c11f59f2

                                                                                                                                                                SHA512

                                                                                                                                                                5d865b22efa7989323c875902e7fcbcd8712ce1717fb7362160d1b521ae861f6649daf83e2e696688386f418862493c5113227c5c19ac4eb6b38ffd576ad10d1