Overview
overview
10Static
static
10SparxSolve...64.exe
windows7-x64
7SparxSolve...64.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3LICENSES.c...m.html
windows7-x64
3LICENSES.c...m.html
windows10-2004-x64
3SparxMaths-Solver.exe
windows7-x64
1SparxMaths-Solver.exe
windows10-2004-x64
7d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1locales/uk.ps1
windows7-x64
3locales/uk.ps1
windows10-2004-x64
3resources/...ces.js
windows7-x64
3resources/...ces.js
windows10-2004-x64
3resources/...ps.exe
windows7-x64
1resources/...ps.exe
windows10-2004-x64
1resources/...ck.ps1
windows7-x64
3resources/...ck.ps1
windows10-2004-x64
3resources/...nux.sh
ubuntu-18.04-amd64
3resources/...nux.sh
debian-9-armhf
4resources/...nux.sh
debian-9-mips
3resources/...nux.sh
debian-9-mipsel
3resources/...mac.sh
ubuntu-18.04-amd64
1Analysis
-
max time kernel
113s -
max time network
151s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25-11-2024 20:04
Static task
static1
Behavioral task
behavioral1
Sample
SparxSolverSetup.1-2.win_64.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SparxSolverSetup.1-2.win_64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
LICENSES.chromium.html
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
LICENSES.chromium.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
SparxMaths-Solver.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
SparxMaths-Solver.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
d3dcompiler_47.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
ffmpeg.dll
Resource
win7-20240903-en
Behavioral task
behavioral17
Sample
ffmpeg.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral18
Sample
libEGL.dll
Resource
win7-20241010-en
Behavioral task
behavioral19
Sample
libEGL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral20
Sample
locales/uk.ps1
Resource
win7-20240729-en
Behavioral task
behavioral21
Sample
locales/uk.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral22
Sample
resources/app.asar.unpacked/node_modules/playwright-core/ThirdPartyNotices.js
Resource
win7-20240903-en
Behavioral task
behavioral23
Sample
resources/app.asar.unpacked/node_modules/playwright-core/ThirdPartyNotices.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral24
Sample
resources/app.asar.unpacked/node_modules/playwright-core/bin/PrintDeps.exe
Resource
win7-20240903-en
Behavioral task
behavioral25
Sample
resources/app.asar.unpacked/node_modules/playwright-core/bin/PrintDeps.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral26
Sample
resources/app.asar.unpacked/node_modules/playwright-core/bin/install_media_pack.ps1
Resource
win7-20241023-en
Behavioral task
behavioral27
Sample
resources/app.asar.unpacked/node_modules/playwright-core/bin/install_media_pack.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral28
Sample
resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral29
Sample
resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral30
Sample
resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral31
Sample
resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral32
Sample
resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_mac.sh
Resource
ubuntu1804-amd64-20240611-en
General
-
Target
resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
-
Size
1KB
-
MD5
cba6e6dfa77711fe4a65875b4a77c032
-
SHA1
66164fc6a7f678daa293570e05963555d418831e
-
SHA256
17d0c0361e8a66efc1db45004a75fad9cb33426d6c07b90db838929c4ae96a74
-
SHA512
7d30bb242d3deb0e7e3df8881103bfa868cddbd6ff01aaae6d64aa37eecaaf145785e21882e2fdf1c9e6aee2e05a1d888438a1fc780fb78c36e22e4ebd496842
Malware Config
Signatures
-
description ioc Process File opened for reading /proc/self/fd apt-config File opened for reading /proc/filesystems sed File opened for reading /proc/self/fd gpgconf File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/self/fd apt-config File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/self/fd apt-config File opened for reading /proc/self/fd apt-config File opened for reading /proc/filesystems find File opened for reading /proc/self/fd apt-get File opened for reading /proc/self/fd apt-config File opened for reading /proc/self/fd apt-config File opened for reading /proc/filesystems dpkg File opened for reading /proc/sys/crypto/fips_enabled gpgv File opened for reading /proc/self/fd apt-config File opened for reading /proc/filesystems dpkg File opened for reading /proc/self/fd apt-config File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/sys/kernel/ngroups_max apt-get File opened for reading /proc/self/fd apt-config File opened for reading /proc/self/fd apt-config File opened for reading /proc/self/fd apt-config File opened for reading /proc/sys/crypto/fips_enabled gpg-connect-agent File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/sys/crypto/fips_enabled gpg-connect-agent File opened for reading /proc/self/fd apt-get File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems find File opened for reading /proc/filesystems sed File opened for reading /proc/filesystems dpkg File opened for reading /proc/self/fd apt-config File opened for reading /proc/filesystems sed File opened for reading /proc/self/fd apt-config File opened for reading /proc/sys/crypto/fips_enabled gpgconf File opened for reading /proc/self/fd apt-config File opened for reading /proc/filesystems dpkg File opened for reading /proc/sys/crypto/fips_enabled gpgconf File opened for reading /proc/self/fd apt-config File opened for reading /proc/filesystems dpkg File opened for reading /proc/self/fd gpgv File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems cp File opened for reading /proc/sys/crypto/fips_enabled gpgv File opened for reading /proc/sys/crypto/fips_enabled https File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/self/fd apt-config File opened for reading /proc/sys/crypto/fips_enabled gpg-connect-agent File opened for reading /proc/filesystems dpkg File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/filesystems tar File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/sys/crypto/fips_enabled gpgconf File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems cp File opened for reading /proc/filesystems sed File opened for reading /proc/self/fd apt-config -
Writes file to tmp directory 32 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg touch File opened for modification /tmp/fileutl.message.jSBOVo apt-get File opened for modification /tmp/google-chrome-beta_current_amd64.deb curl File opened for modification /tmp/fileutl.message.07sklC apt-get File opened for modification /tmp/fileutl.message.60aqWL apt-get File opened for modification /tmp/fileutl.message.L4XXNs apt-get File opened for modification /tmp/apt.data.SnhQTp gpgv File opened for modification /tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg apt-key File opened for modification /tmp/apt.conf.VmmStC gpgv File opened for modification /tmp/fileutl.message.H7wFAu apt-get File opened for modification /tmp/fileutl.message.odx139 apt-get File opened for modification /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg apt-key File opened for modification /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.orig.gpg cp File opened for modification /tmp/fileutl.message.Sou5Ux apt-get File opened for modification /tmp/fileutl.message.9dcEHz apt-get File opened for modification /tmp/deb-file-google-chrome-beta_current_amd64.deb.gwVudj apt-get File opened for modification /tmp/fileutl.message.UpzIWx apt-get File opened for modification /tmp/fileutl.message.f0GHtP apt-get File opened for modification /tmp/apt.conf.KvmZDA gpgv File opened for modification /tmp/apt-key-gpghome.1H4subAFrZ/gpg.1.sh apt-key File opened for modification /tmp/apt-key-gpghome.e7BP4e9eR1/gpg.1.sh apt-key File opened for modification /tmp/fileutl.message.65y83p apt-get File opened for modification /tmp/fileutl.message.CrqLlM apt-get File opened for modification /tmp/apt.sig.2rG6Tj gpgv File opened for modification /tmp/apt.sig.GdNlX4 gpgv File opened for modification /tmp/apt.data.nkXzpx gpgv File opened for modification /tmp/apt-key-gpghome.yRCO2eBOmJ/gpg.1.sh apt-key File opened for modification /tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg touch File opened for modification /tmp/apt-key-gpghome.1H4subAFrZ/pubring.orig.gpg cp File opened for modification /tmp/fileutl.message.6mzrSo apt-get File opened for modification /tmp/fileutl.message.vhjNd8 apt-get File opened for modification /tmp/apt.conf.Ugkmfd gpgv -
pid Process 824 apt-get 983 apt-get 987 dpkg 822 dpkg
Processes
-
/tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh/tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh1⤵PID:815
-
/usr/local/sbin/bashbash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh1⤵PID:815
-
/usr/local/bin/bashbash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh1⤵PID:815
-
/usr/sbin/bashbash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh1⤵PID:815
-
/usr/bin/bashbash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh1⤵PID:815
-
/sbin/bashbash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh1⤵PID:815
-
/bin/bashbash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh1⤵PID:815
-
/usr/bin/archarch2⤵PID:816
-
-
/bin/bashbash -c "source /etc/os-release && echo \$ID"2⤵PID:821
-
-
/usr/bin/dpkgdpkg --get-selections2⤵
- Reads runtime system information
- Software Deployment Tools
PID:822
-
-
/bin/grepgrep -q "^google-chrome-beta[[:space:]]*install\$"2⤵PID:823
-
-
/usr/bin/apt-getapt-get update2⤵
- Reads runtime system information
- Writes file to tmp directory
- Software Deployment Tools
PID:824 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:825
-
-
/usr/lib/apt/methods/http/usr/lib/apt/methods/http3⤵PID:826
-
-
/usr/lib/apt/methods/https/usr/lib/apt/methods/https3⤵PID:827
-
-
/usr/lib/apt/methods/https/usr/lib/apt/methods/https3⤵
- Reads runtime system information
PID:828
-
-
/usr/lib/apt/methods/http/usr/lib/apt/methods/http3⤵PID:829
-
-
/usr/lib/apt/methods/gpgv/usr/lib/apt/methods/gpgv3⤵PID:831
-
-
/usr/lib/apt/methods/gpgv/usr/lib/apt/methods/gpgv3⤵
- Reads runtime system information
- Writes file to tmp directory
PID:832 -
/usr/bin/apt-key/usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.2rG6Tj /tmp/apt.data.SnhQTp4⤵
- Writes file to tmp directory
PID:834 -
/usr/bin/apt-configapt-config shell MASTER_KEYRING APT::Key::MasterKeyring5⤵
- Reads runtime system information
PID:836 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:837
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring5⤵
- Reads runtime system information
PID:838 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:839
-
-
-
/usr/bin/apt-configapt-config shell REMOVED_KEYS APT::Key::RemovedKeys5⤵
- Reads runtime system information
PID:840 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:841
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI5⤵
- Reads runtime system information
PID:842 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:843
-
-
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring5⤵
- Reads runtime system information
PID:844 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵PID:845
-
-
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Dir::Etc::Trusted/f5⤵
- Reads runtime system information
PID:846 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:847
-
-
-
/usr/bin/apt-configapt-config shell GPGV Apt::Key::gpgvcommand5⤵
- Reads runtime system information
PID:849 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:850
-
-
-
/bin/mktempmktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX5⤵PID:851
-
-
/bin/chmodchmod 700 /tmp/apt-key-gpghome.yRCO2eBOmJ5⤵PID:852
-
-
/bin/readlinkreadlink -f /tmp/apt-key-gpghome.yRCO2eBOmJ5⤵PID:853
-
-
/bin/rmrm -f /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg5⤵PID:854
-
-
/usr/bin/touchtouch /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg5⤵
- Writes file to tmp directory
PID:855
-
-
/usr/bin/apt-configapt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d5⤵
- Reads runtime system information
PID:856 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:857
-
-
-
/bin/readlinkreadlink -f /etc/apt/trusted.gpg.d/5⤵PID:858
-
-
/usr/bin/findfind /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"5⤵
- Reads runtime system information
PID:859
-
-
/usr/bin/sortsort5⤵PID:862
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg5⤵PID:864
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg5⤵PID:866
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg5⤵PID:868
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg5⤵PID:870
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg5⤵PID:872
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg5⤵PID:874
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg5⤵PID:876
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg5⤵PID:878
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg5⤵PID:880
-
-
/bin/cpcp -a /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.orig.gpg5⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/sedsed -e "s#'#'\"'\"'#g"5⤵
- Reads runtime system information
PID:884
-
-
/bin/sedsed -e "s#'#'\"'\"'#g"5⤵PID:887
-
-
/usr/bin/gpgvgpgv --homedir /tmp/apt-key-gpghome.yRCO2eBOmJ --keyring /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.2rG6Tj /tmp/apt.data.SnhQTp5⤵
- Reads runtime system information
PID:888
-
-
/usr/bin/gpgconfgpgconf --kill gpg-agent5⤵
- Reads runtime system information
PID:889 -
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart KILLAGENT6⤵
- Reads runtime system information
PID:890
-
-
-
/bin/rmrm -rf /tmp/apt-key-gpghome.yRCO2eBOmJ5⤵PID:891
-
-
-
/usr/bin/apt-key/usr/bin/apt-key --quiet --readonly verify --status-fd 3 /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release.gpg /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release4⤵
- Writes file to tmp directory
PID:893 -
/usr/bin/apt-configapt-config shell MASTER_KEYRING APT::Key::MasterKeyring5⤵PID:895
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:896
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring5⤵PID:897
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:898
-
-
-
/usr/bin/apt-configapt-config shell REMOVED_KEYS APT::Key::RemovedKeys5⤵PID:899
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:900
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI5⤵
- Reads runtime system information
PID:901 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:902
-
-
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring5⤵
- Reads runtime system information
PID:903 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵PID:904
-
-
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Dir::Etc::Trusted/f5⤵
- Reads runtime system information
PID:905 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:906
-
-
-
/usr/bin/apt-configapt-config shell GPGV Apt::Key::gpgvcommand5⤵
- Reads runtime system information
PID:908 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵PID:909
-
-
-
/bin/mktempmktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX5⤵PID:910
-
-
/bin/chmodchmod 700 /tmp/apt-key-gpghome.1H4subAFrZ5⤵PID:911
-
-
/bin/readlinkreadlink -f /tmp/apt-key-gpghome.1H4subAFrZ5⤵PID:912
-
-
/bin/rmrm -f /tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg5⤵PID:913
-
-
/usr/bin/touchtouch /tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg5⤵
- Writes file to tmp directory
PID:914
-
-
/usr/bin/apt-configapt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d5⤵
- Reads runtime system information
PID:915 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:916
-
-
-
/bin/readlinkreadlink -f /etc/apt/trusted.gpg.d/5⤵PID:917
-
-
/usr/bin/findfind /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"5⤵
- Reads runtime system information
PID:918
-
-
/usr/bin/sortsort5⤵PID:921
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg5⤵PID:923
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg5⤵PID:925
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg5⤵PID:927
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg5⤵PID:929
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg5⤵PID:931
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg5⤵PID:933
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg5⤵PID:935
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg5⤵PID:937
-
-
/bin/catcat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg5⤵PID:939
-
-
/bin/cpcp -a /tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg /tmp/apt-key-gpghome.1H4subAFrZ/pubring.orig.gpg5⤵
- Reads runtime system information
- Writes file to tmp directory
PID:940
-
-
/bin/sedsed -e "s#'#'\"'\"'#g"5⤵
- Reads runtime system information
PID:943
-
-
/bin/sedsed -e "s#'#'\"'\"'#g"5⤵
- Reads runtime system information
PID:946
-
-
/usr/bin/gpgvgpgv --homedir /tmp/apt-key-gpghome.1H4subAFrZ --keyring /tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg --ignore-time-conflict --status-fd 3 /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release.gpg /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release5⤵
- Reads runtime system information
PID:947
-
-
/usr/bin/gpgconfgpgconf --kill gpg-agent5⤵
- Reads runtime system information
PID:948 -
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart KILLAGENT6⤵
- Reads runtime system information
PID:949
-
-
-
/bin/rmrm -rf /tmp/apt-key-gpghome.1H4subAFrZ5⤵PID:950
-
-
-
/usr/bin/apt-key/usr/bin/apt-key --quiet --readonly --keyring /etc/apt/keyrings/nodesource.gpg verify --status-fd 3 /tmp/apt.sig.GdNlX4 /tmp/apt.data.nkXzpx4⤵
- Writes file to tmp directory
PID:952 -
/usr/bin/apt-configapt-config shell MASTER_KEYRING APT::Key::MasterKeyring5⤵
- Reads runtime system information
PID:954 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:955
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring5⤵
- Reads runtime system information
PID:956 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:957
-
-
-
/usr/bin/apt-configapt-config shell REMOVED_KEYS APT::Key::RemovedKeys5⤵
- Reads runtime system information
PID:958 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:959
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI5⤵
- Reads runtime system information
PID:960 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:961
-
-
-
/usr/bin/apt-configapt-config shell GPGV Apt::Key::gpgvcommand5⤵PID:963
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures6⤵
- Reads runtime system information
PID:964
-
-
-
/bin/mktempmktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX5⤵PID:965
-
-
/bin/chmodchmod 700 /tmp/apt-key-gpghome.e7BP4e9eR15⤵PID:966
-
-
/bin/sedsed -e "s#'#'\"'\"'#g"5⤵
- Reads runtime system information
PID:970
-
-
/bin/sedsed -e "s#'#'\"'\"'#g"5⤵PID:973
-
-
/usr/bin/gpgvgpgv --homedir /tmp/apt-key-gpghome.e7BP4e9eR1 --keyring /etc/apt/keyrings/nodesource.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.GdNlX4 /tmp/apt.data.nkXzpx5⤵PID:975
-
-
/usr/bin/gpgconfgpgconf --kill gpg-agent5⤵
- Reads runtime system information
PID:976 -
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart KILLAGENT6⤵
- Reads runtime system information
PID:977
-
-
-
/bin/rmrm -rf /tmp/apt-key-gpghome.e7BP4e9eR15⤵PID:978
-
-
-
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:979
-
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:980
-
-
-
/usr/bin/curlcurl -O https://dl.google.com/linux/direct/google-chrome-beta_current_amd64.deb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:981
-
-
/usr/bin/apt-getapt-get install -y ./google-chrome-beta_current_amd64.deb2⤵
- Reads runtime system information
- Writes file to tmp directory
- Software Deployment Tools
PID:983 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:984
-
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:985
-
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:986
-
-
/usr/bin/dpkg/usr/bin/dpkg -I /tmp/google-chrome-beta_current_amd64.deb control3⤵
- Reads runtime system information
- Software Deployment Tools
PID:987
-
-
/usr/local/sbin/dpkg-debdpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control3⤵PID:987
-
-
/usr/local/bin/dpkg-debdpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control3⤵PID:987
-
-
/usr/sbin/dpkg-debdpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control3⤵PID:987
-
-
/usr/bin/dpkg-debdpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control3⤵PID:987
-
/usr/local/sbin/tartar -x -m -f - "--warning=no-timestamp"4⤵PID:990
-
-
/usr/local/bin/tartar -x -m -f - "--warning=no-timestamp"4⤵PID:990
-
-
/usr/sbin/tartar -x -m -f - "--warning=no-timestamp"4⤵PID:990
-
-
/usr/bin/tartar -x -m -f - "--warning=no-timestamp"4⤵PID:990
-
-
/sbin/tartar -x -m -f - "--warning=no-timestamp"4⤵PID:990
-
-
/bin/tartar -x -m -f - "--warning=no-timestamp"4⤵
- Reads runtime system information
PID:990
-
-
/usr/local/sbin/rmrm -rf -- /tmp/dpkg-deb.kqgKI74⤵PID:991
-
-
/usr/local/bin/rmrm -rf -- /tmp/dpkg-deb.kqgKI74⤵PID:991
-
-
/usr/sbin/rmrm -rf -- /tmp/dpkg-deb.kqgKI74⤵PID:991
-
-
/usr/bin/rmrm -rf -- /tmp/dpkg-deb.kqgKI74⤵PID:991
-
-
/sbin/rmrm -rf -- /tmp/dpkg-deb.kqgKI74⤵PID:991
-
-
/bin/rmrm -rf -- /tmp/dpkg-deb.kqgKI74⤵PID:991
-
-
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵PID:992
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82B
MD505c3778dc9407fd30b8979bc17d2601d
SHA17d1449d480f5ecd392f58eff3d143c93f54a21e4
SHA25605602dcd1e5c07bbfeb2115ff2b5683e2a2b1cb12ebf05d364ed6ca2e529417e
SHA5128612d09db07110ae13f62c93bc5d44fc4451da6805ff3bf4988cbc0e55e984ecff54285670b6dee18815ef508ca4dc3aba83537c2805ce87012f6b406c74ab66
-
Filesize
71B
MD54a502d34c9274bf20ac5781ec24f97d5
SHA1524c16347caa1e4e4c89fe3a397248a4059be41c
SHA25611f70f1f445376846199cd886a909f58a5eca110d2539720b1b938410836514d
SHA51293ef1e10a3d08717b72b129dced28bd24adf1f94b86631b53ab15b5156b0c1b692962ce29c53f3ce9ef08b42a12db213927f1b1bca4a3f534de8f3ea7441a1bf
-
Filesize
82B
MD5753ebce1fe66fbe706f12a47a36c3acf
SHA1f51333a188bf519afc3c15b71fca5352a5996f01
SHA256359f95f02d3b5a982116c34f571a266b34ee014a00af0ccd93832113a5351017
SHA512b349e62013249604feb138dba2cc6c30039037f19804a30445c013dc9a70fd9f054bcdd3fd48484d3d363fbd1cf43b8ebd8a87d72e4943947a3641d4fe5eded4
-
Filesize
15KB
MD52713b38b3d7345961d8b80f4463483b8
SHA1e6ec76aaebfea6a82f7984b57e07522a20365201
SHA256389d00b5cbd2f69f32065448000a0607aec056e39af958f62e89c4c7e6228248
SHA512ecee7b3045f49f7fa7443a8658602817bb2c8d2d07ae930536e3f2daaa5854903bf339af6c2fd4b02f8627f050ce360d2feddcf40569b58d304cfc459f418978
-
Filesize
18KB
MD5760d3ab91f417958475b9a6342a5b92e
SHA1137a06aea4b5c9e9ca11f0f5f1225da1c275c334
SHA25642b348802c4290af6f9f30f984513f22fdd342ac3561ccb82957561a6b7c291f
SHA5126cefcfae1c95c94b66b46d9242e62ddf7d7c65bd8d9bc9dc4e4c6230443ba33668ed160e1882f48a0b5daf59a46ccca09240ebe666017f059bd55e02fb1f2db6
-
Filesize
23KB
MD5d63fbab9dfb826d53f7b3aaea45dbfb5
SHA159841d8e5423f788292af76d4350a948f4e25f53
SHA256de329f1f48b751a7527f8ce3150452a4282ce69990e9318ab82d5b46b9f751ca
SHA51220118f98c87eb60f0abafd5b4c2ffb4b1faf92777ee7402b98c0f5dc42d492c83f94d6903bdeee006187ac344a57afeaa84b54a973b483ff13e49773071d8198
-
Filesize
47KB
MD5a4dc094481f22304cab5550218e6e4de
SHA1f5886a324c0c026d0168656f23d1d898a0e43bd6
SHA256eef8c4d7d518a986e4f1cfeec729b55369b863ed6b62a23cbe9d88aa56de5391
SHA5120f040c957db3d500ba18315db33cca6eb18f9c80d952710f839833a73dd89b72e2e01178084c17348e312a427a6b9150937199b4912e71dfd1a7e2dd43723f68
-
Filesize
7KB
MD5b53e6ca4ed295fc38621315853f623d0
SHA145a416f014809735ec88854a3540c8e9e89eb102
SHA2566246307cc0130f6bd52510a477960f7c7be431b25979d7e20a88dc2fac58ac93
SHA51230b5d2571840c2319a4af3907afda8ab00cf2879c83aaee1048ca972c0d3ddbf7995a167a31b19c45195b636ab46e73b0534459c6ee79c557fac8bfc01d857ac
-
Filesize
7KB
MD5888b69612f796e76004b6312f7c07c5a
SHA18473a4114b60f4f93150e08c44f6908069943b43
SHA256b84b8be5406657e163fd2333afc00de1b91df4837563bfe330f34e30402456e2
SHA51276e05e08200975efbac0b1ebbc232135d35ad6b16bbe8b0238f01b6f9acf712a2479bf309aa81eb8eacfc3ee823a531b4e9b89cbf1364b1bf84c04abb90122bd
-
Filesize
56KB
MD5fd96c8ce5d0ef18d63bbe9ae17bb2659
SHA176b284743d95d3546df9d85c09712c830a30f614
SHA256ffc8a7a283b61633aac383ddf8f863df3f39ef241a07a4127f51a2495ef674b3
SHA5122486acdfc102f8f8498d8db2f205915115444dd118507369044202dc9a97109b4c738a2faf16c1f5ce5e4452ae0af17ae4691ac3bf5e7c5e2db271c0f40a4cb2
-
Filesize
1KB
MD570274ce622b0cc437ef7f0caddc9d232
SHA1124513a3ad2eb5aafa9be0920681e3bb8625979b
SHA2564055d2ccc7c4be062ed390944548206ece5ed7613eae114b9e53ef15f3905230
SHA512fed0054da258bb4a99e8adac359322d9ecc67caeee872309ea7d9863db6a1ec2a55497100e31538f42b43b9efc997e779e3774c8a0c6b0206254d7252d8699c8
-
Filesize
1KB
MD5d2243d917c693153285072570ebb2c44
SHA1dbb431f2031f9b67b6f8dc2a41397b69fa6eabae
SHA256e9c3f01dd52ccaf8a7b65696f23c4ae1eae581bd49652d29f6de96f678b34d07
SHA512d825796e5de2dd7965e762cfc26dd24f418e478c4b6033ce907c586aff8f50408d7492029f0f713230ddd6570d80d4633c8f0807ad3d08e29cb6a6368d2eeb00
-
Filesize
1KB
MD592902d303461b5c905c667bb82d55c65
SHA1b623d1c8e9060eb426d19605cd810c9cf98d0b54
SHA25666f6f543870d7e667bb870edceb9960ed67c3a972b36bbc69498e0f19430b7d8
SHA5129fa1bcd0af361ba9a5c7537c5a6759455e95b7e089490b581d59ec8cb5d571c68c1dd38f4ebf557bd27a529035dbc9e25a45c2e1f7ba611565f75b87ff67144e
-
Filesize
26KB
MD57a4c06a537cf3e4e7ea4f00cf08e3bc6
SHA108d30f017d78966e9041181e5e675b015dc14107
SHA256038f43a8b161ef4827d0a63b750ec201ec67d9c987fb228e976f10263d326582
SHA512b2b5711d89b617223dab45ae5d19547db33f3ed628df32b8a2a8cfd1491592d1ead93560d0b3814e0209d5079a4e6f3d4ec7841f5f5696ae785407c50d91dc62
-
Filesize
21KB
MD5e0b6dec9aa6ff430754e64445ade2317
SHA1ad1ee754557676cac6a802fa740e005bf06c8470
SHA2565135a12604f40aeb7df1ab660717bf4806d1188b89234e0453973c85ecb1f74c
SHA512d1e626f7380bf9222b2c4dadc604f9b901678816f55ad6afa70fe252844b5b107d050ecede2156d4b229a092c96ff4f2237e8bee76dd401bf4dba4af620faf70
-
Filesize
1KB
MD5c48bb92ddb66eadecc16d75efdb9edc5
SHA1c5ceefc1b8b90e7d2145cebc3fb9b2a74ffecc56
SHA256f826c434426ec15fb67203fd51827c96a128305d6fce9019f904d3abdca733b7
SHA512031c5df9169724d4426567b674234feb87845e23932b962f3adfbd859527e1a8a424f34322854bc1921f0402a19e669a0e7f146d10f1e34d9d20834359e75f93
-
Filesize
107.0MB
MD5cb9cdad386cb15429e9d5428a3045d3c
SHA10b90aab042df7bbe50bb3316a6aa1b8061dc3d13
SHA2561104a0635e1c00e63a58da09f795c3b66a5ddb4d8a77b32768fd1911c11f59f2
SHA5125d865b22efa7989323c875902e7fcbcd8712ce1717fb7362160d1b521ae861f6649daf83e2e696688386f418862493c5113227c5c19ac4eb6b38ffd576ad10d1