Analysis

  • max time kernel
    134s
  • max time network
    159s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240611-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    25-11-2024 20:04

General

  • Target

    resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh

  • Size

    1KB

  • MD5

    cba6e6dfa77711fe4a65875b4a77c032

  • SHA1

    66164fc6a7f678daa293570e05963555d418831e

  • SHA256

    17d0c0361e8a66efc1db45004a75fad9cb33426d6c07b90db838929c4ae96a74

  • SHA512

    7d30bb242d3deb0e7e3df8881103bfa868cddbd6ff01aaae6d64aa37eecaaf145785e21882e2fdf1c9e6aee2e05a1d888438a1fc780fb78c36e22e4ebd496842

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 32 IoCs

    Malware often drops required files in the /tmp directory.

  • Software Deployment Tools 1 TTPs 4 IoCs

    Use software deployment tools to execute code.

Processes

  • /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
    /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
    1⤵
      PID:776
    • /usr/local/sbin/bash
      bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
      1⤵
        PID:776
      • /usr/local/bin/bash
        bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
        1⤵
          PID:776
        • /usr/sbin/bash
          bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
          1⤵
            PID:776
          • /usr/bin/bash
            bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
            1⤵
              PID:776
            • /sbin/bash
              bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
              1⤵
                PID:776
              • /bin/bash
                bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
                1⤵
                  PID:776
                  • /usr/bin/arch
                    arch
                    2⤵
                      PID:778
                    • /bin/bash
                      bash -c "source /etc/os-release && echo \$ID"
                      2⤵
                        PID:779
                      • /bin/grep
                        grep -q "^google-chrome-beta[[:space:]]*install\$"
                        2⤵
                          PID:783
                        • /usr/bin/dpkg
                          dpkg --get-selections
                          2⤵
                          • Reads runtime system information
                          • Software Deployment Tools
                          PID:782
                        • /usr/bin/apt-get
                          apt-get update
                          2⤵
                          • Reads runtime system information
                          • Writes file to tmp directory
                          • Software Deployment Tools
                          PID:784
                          • /usr/bin/dpkg
                            /usr/bin/dpkg --print-foreign-architectures
                            3⤵
                            • Reads runtime system information
                            PID:785
                          • /usr/lib/apt/methods/http
                            /usr/lib/apt/methods/http
                            3⤵
                              PID:786
                            • /usr/lib/apt/methods/https
                              /usr/lib/apt/methods/https
                              3⤵
                                PID:787
                              • /usr/lib/apt/methods/https
                                /usr/lib/apt/methods/https
                                3⤵
                                • Reads runtime system information
                                PID:788
                              • /usr/lib/apt/methods/http
                                /usr/lib/apt/methods/http
                                3⤵
                                  PID:789
                                • /usr/lib/apt/methods/gpgv
                                  /usr/lib/apt/methods/gpgv
                                  3⤵
                                    PID:794
                                  • /usr/lib/apt/methods/gpgv
                                    /usr/lib/apt/methods/gpgv
                                    3⤵
                                    • Writes file to tmp directory
                                    PID:795
                                    • /usr/bin/apt-key
                                      /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.8KW6Vz /tmp/apt.data.S3spYi
                                      4⤵
                                      • Writes file to tmp directory
                                      PID:797
                                      • /usr/bin/apt-config
                                        apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
                                        5⤵
                                          PID:799
                                          • /usr/bin/dpkg
                                            /usr/bin/dpkg --print-foreign-architectures
                                            6⤵
                                            • Reads runtime system information
                                            PID:800
                                        • /usr/bin/apt-config
                                          apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
                                          5⤵
                                          • Reads runtime system information
                                          PID:801
                                          • /usr/bin/dpkg
                                            /usr/bin/dpkg --print-foreign-architectures
                                            6⤵
                                            • Reads runtime system information
                                            PID:802
                                        • /usr/bin/apt-config
                                          apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
                                          5⤵
                                            PID:803
                                            • /usr/bin/dpkg
                                              /usr/bin/dpkg --print-foreign-architectures
                                              6⤵
                                              • Reads runtime system information
                                              PID:804
                                          • /usr/bin/apt-config
                                            apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
                                            5⤵
                                            • Reads runtime system information
                                            PID:805
                                            • /usr/bin/dpkg
                                              /usr/bin/dpkg --print-foreign-architectures
                                              6⤵
                                              • Reads runtime system information
                                              PID:808
                                          • /usr/bin/apt-config
                                            apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
                                            5⤵
                                            • Reads runtime system information
                                            PID:809
                                            • /usr/bin/dpkg
                                              /usr/bin/dpkg --print-foreign-architectures
                                              6⤵
                                              • Reads runtime system information
                                              PID:812
                                          • /usr/bin/apt-config
                                            apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
                                            5⤵
                                            • Reads runtime system information
                                            PID:813
                                            • /usr/bin/dpkg
                                              /usr/bin/dpkg --print-foreign-architectures
                                              6⤵
                                              • Reads runtime system information
                                              PID:816
                                          • /usr/bin/apt-config
                                            apt-config shell GPGV Apt::Key::gpgvcommand
                                            5⤵
                                            • Reads runtime system information
                                            PID:818
                                            • /usr/bin/dpkg
                                              /usr/bin/dpkg --print-foreign-architectures
                                              6⤵
                                              • Reads runtime system information
                                              PID:820
                                          • /bin/mktemp
                                            mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
                                            5⤵
                                              PID:822
                                            • /bin/chmod
                                              chmod 700 /tmp/apt-key-gpghome.kZ84SMtwTF
                                              5⤵
                                                PID:823
                                              • /bin/readlink
                                                readlink -f /tmp/apt-key-gpghome.kZ84SMtwTF
                                                5⤵
                                                  PID:824
                                                • /bin/rm
                                                  rm -f /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg
                                                  5⤵
                                                    PID:826
                                                  • /usr/bin/touch
                                                    touch /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg
                                                    5⤵
                                                    • Writes file to tmp directory
                                                    PID:828
                                                  • /usr/bin/apt-config
                                                    apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
                                                    5⤵
                                                    • Reads runtime system information
                                                    PID:829
                                                    • /usr/bin/dpkg
                                                      /usr/bin/dpkg --print-foreign-architectures
                                                      6⤵
                                                      • Reads runtime system information
                                                      PID:831
                                                  • /bin/readlink
                                                    readlink -f /etc/apt/trusted.gpg.d/
                                                    5⤵
                                                      PID:833
                                                    • /usr/bin/find
                                                      find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
                                                      5⤵
                                                      • Reads runtime system information
                                                      PID:834
                                                    • /usr/bin/sort
                                                      sort
                                                      5⤵
                                                        PID:838
                                                      • /bin/cat
                                                        cat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
                                                        5⤵
                                                          PID:840
                                                        • /bin/cat
                                                          cat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
                                                          5⤵
                                                            PID:843
                                                          • /bin/cat
                                                            cat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
                                                            5⤵
                                                              PID:845
                                                            • /bin/cat
                                                              cat /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
                                                              5⤵
                                                                PID:847
                                                              • /bin/cat
                                                                cat /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
                                                                5⤵
                                                                  PID:850
                                                                • /bin/cat
                                                                  cat /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
                                                                  5⤵
                                                                    PID:853
                                                                  • /bin/cat
                                                                    cat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
                                                                    5⤵
                                                                      PID:855
                                                                    • /bin/cat
                                                                      cat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
                                                                      5⤵
                                                                        PID:857
                                                                      • /bin/cat
                                                                        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
                                                                        5⤵
                                                                          PID:859
                                                                        • /bin/cp
                                                                          cp -a /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.orig.gpg
                                                                          5⤵
                                                                          • Writes file to tmp directory
                                                                          PID:861
                                                                        • /bin/sed
                                                                          sed -e "s#'#'\"'\"'#g"
                                                                          5⤵
                                                                          • Reads runtime system information
                                                                          PID:865
                                                                        • /bin/sed
                                                                          sed -e "s#'#'\"'\"'#g"
                                                                          5⤵
                                                                          • Reads runtime system information
                                                                          PID:868
                                                                        • /usr/bin/gpgv
                                                                          gpgv --homedir /tmp/apt-key-gpghome.kZ84SMtwTF --keyring /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.8KW6Vz /tmp/apt.data.S3spYi
                                                                          5⤵
                                                                          • Reads runtime system information
                                                                          PID:869
                                                                        • /usr/bin/gpgconf
                                                                          gpgconf --kill gpg-agent
                                                                          5⤵
                                                                          • Reads runtime system information
                                                                          PID:872
                                                                          • /usr/bin/gpg-connect-agent
                                                                            gpg-connect-agent --no-autostart KILLAGENT
                                                                            6⤵
                                                                              PID:874
                                                                          • /bin/rm
                                                                            rm -rf /tmp/apt-key-gpghome.kZ84SMtwTF
                                                                            5⤵
                                                                              PID:876
                                                                          • /usr/bin/apt-key
                                                                            /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release.gpg /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release
                                                                            4⤵
                                                                            • Writes file to tmp directory
                                                                            PID:878
                                                                            • /usr/bin/apt-config
                                                                              apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
                                                                              5⤵
                                                                              • Reads runtime system information
                                                                              PID:881
                                                                              • /usr/bin/dpkg
                                                                                /usr/bin/dpkg --print-foreign-architectures
                                                                                6⤵
                                                                                • Reads runtime system information
                                                                                PID:883
                                                                            • /usr/bin/apt-config
                                                                              apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
                                                                              5⤵
                                                                                PID:885
                                                                                • /usr/bin/dpkg
                                                                                  /usr/bin/dpkg --print-foreign-architectures
                                                                                  6⤵
                                                                                  • Reads runtime system information
                                                                                  PID:887
                                                                              • /usr/bin/apt-config
                                                                                apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
                                                                                5⤵
                                                                                • Reads runtime system information
                                                                                PID:889
                                                                                • /usr/bin/dpkg
                                                                                  /usr/bin/dpkg --print-foreign-architectures
                                                                                  6⤵
                                                                                  • Reads runtime system information
                                                                                  PID:891
                                                                              • /usr/bin/apt-config
                                                                                apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
                                                                                5⤵
                                                                                • Reads runtime system information
                                                                                PID:893
                                                                                • /usr/bin/dpkg
                                                                                  /usr/bin/dpkg --print-foreign-architectures
                                                                                  6⤵
                                                                                  • Reads runtime system information
                                                                                  PID:895
                                                                              • /usr/bin/apt-config
                                                                                apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
                                                                                5⤵
                                                                                • Reads runtime system information
                                                                                PID:896
                                                                                • /usr/bin/dpkg
                                                                                  /usr/bin/dpkg --print-foreign-architectures
                                                                                  6⤵
                                                                                  • Reads runtime system information
                                                                                  PID:897
                                                                              • /usr/bin/apt-config
                                                                                apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
                                                                                5⤵
                                                                                • Reads runtime system information
                                                                                PID:898
                                                                                • /usr/bin/dpkg
                                                                                  /usr/bin/dpkg --print-foreign-architectures
                                                                                  6⤵
                                                                                  • Reads runtime system information
                                                                                  PID:899
                                                                              • /usr/bin/apt-config
                                                                                apt-config shell GPGV Apt::Key::gpgvcommand
                                                                                5⤵
                                                                                • Reads runtime system information
                                                                                PID:901
                                                                                • /usr/bin/dpkg
                                                                                  /usr/bin/dpkg --print-foreign-architectures
                                                                                  6⤵
                                                                                  • Reads runtime system information
                                                                                  PID:902
                                                                              • /bin/mktemp
                                                                                mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
                                                                                5⤵
                                                                                  PID:903
                                                                                • /bin/chmod
                                                                                  chmod 700 /tmp/apt-key-gpghome.hN5QwScN1B
                                                                                  5⤵
                                                                                    PID:904
                                                                                  • /bin/readlink
                                                                                    readlink -f /tmp/apt-key-gpghome.hN5QwScN1B
                                                                                    5⤵
                                                                                      PID:905
                                                                                    • /bin/rm
                                                                                      rm -f /tmp/apt-key-gpghome.hN5QwScN1B/pubring.gpg
                                                                                      5⤵
                                                                                        PID:906
                                                                                      • /usr/bin/touch
                                                                                        touch /tmp/apt-key-gpghome.hN5QwScN1B/pubring.gpg
                                                                                        5⤵
                                                                                        • Writes file to tmp directory
                                                                                        PID:907
                                                                                      • /usr/bin/apt-config
                                                                                        apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
                                                                                        5⤵
                                                                                        • Reads runtime system information
                                                                                        PID:908
                                                                                        • /usr/bin/dpkg
                                                                                          /usr/bin/dpkg --print-foreign-architectures
                                                                                          6⤵
                                                                                          • Reads runtime system information
                                                                                          PID:909
                                                                                      • /bin/readlink
                                                                                        readlink -f /etc/apt/trusted.gpg.d/
                                                                                        5⤵
                                                                                          PID:910
                                                                                        • /usr/bin/find
                                                                                          find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
                                                                                          5⤵
                                                                                          • Reads runtime system information
                                                                                          PID:911
                                                                                        • /usr/bin/sort
                                                                                          sort
                                                                                          5⤵
                                                                                            PID:914
                                                                                          • /bin/cat
                                                                                            cat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
                                                                                            5⤵
                                                                                              PID:916
                                                                                            • /bin/cat
                                                                                              cat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
                                                                                              5⤵
                                                                                                PID:918
                                                                                              • /bin/cat
                                                                                                cat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
                                                                                                5⤵
                                                                                                  PID:920
                                                                                                • /bin/cat
                                                                                                  cat /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
                                                                                                  5⤵
                                                                                                    PID:922
                                                                                                  • /bin/cat
                                                                                                    cat /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
                                                                                                    5⤵
                                                                                                      PID:924
                                                                                                    • /bin/cat
                                                                                                      cat /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
                                                                                                      5⤵
                                                                                                        PID:926
                                                                                                      • /bin/cat
                                                                                                        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
                                                                                                        5⤵
                                                                                                          PID:928
                                                                                                        • /bin/cat
                                                                                                          cat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
                                                                                                          5⤵
                                                                                                            PID:930
                                                                                                          • /bin/cat
                                                                                                            cat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
                                                                                                            5⤵
                                                                                                              PID:932
                                                                                                            • /bin/cp
                                                                                                              cp -a /tmp/apt-key-gpghome.hN5QwScN1B/pubring.gpg /tmp/apt-key-gpghome.hN5QwScN1B/pubring.orig.gpg
                                                                                                              5⤵
                                                                                                              • Reads runtime system information
                                                                                                              • Writes file to tmp directory
                                                                                                              PID:933
                                                                                                            • /bin/sed
                                                                                                              sed -e "s#'#'\"'\"'#g"
                                                                                                              5⤵
                                                                                                                PID:936
                                                                                                              • /bin/sed
                                                                                                                sed -e "s#'#'\"'\"'#g"
                                                                                                                5⤵
                                                                                                                  PID:939
                                                                                                                • /usr/bin/gpgv
                                                                                                                  gpgv --homedir /tmp/apt-key-gpghome.hN5QwScN1B --keyring /tmp/apt-key-gpghome.hN5QwScN1B/pubring.gpg --ignore-time-conflict --status-fd 3 /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release.gpg /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release
                                                                                                                  5⤵
                                                                                                                  • Reads runtime system information
                                                                                                                  PID:940
                                                                                                                • /usr/bin/gpgconf
                                                                                                                  gpgconf --kill gpg-agent
                                                                                                                  5⤵
                                                                                                                  • Reads runtime system information
                                                                                                                  PID:941
                                                                                                                  • /usr/bin/gpg-connect-agent
                                                                                                                    gpg-connect-agent --no-autostart KILLAGENT
                                                                                                                    6⤵
                                                                                                                    • Reads runtime system information
                                                                                                                    PID:942
                                                                                                                • /bin/rm
                                                                                                                  rm -rf /tmp/apt-key-gpghome.hN5QwScN1B
                                                                                                                  5⤵
                                                                                                                    PID:943
                                                                                                                • /usr/bin/apt-key
                                                                                                                  /usr/bin/apt-key --quiet --readonly --keyring /etc/apt/keyrings/nodesource.gpg verify --status-fd 3 /tmp/apt.sig.UwfqX3 /tmp/apt.data.b4AaT0
                                                                                                                  4⤵
                                                                                                                  • Writes file to tmp directory
                                                                                                                  PID:945
                                                                                                                  • /usr/bin/apt-config
                                                                                                                    apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
                                                                                                                    5⤵
                                                                                                                      PID:947
                                                                                                                      • /usr/bin/dpkg
                                                                                                                        /usr/bin/dpkg --print-foreign-architectures
                                                                                                                        6⤵
                                                                                                                        • Reads runtime system information
                                                                                                                        PID:948
                                                                                                                    • /usr/bin/apt-config
                                                                                                                      apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
                                                                                                                      5⤵
                                                                                                                      • Reads runtime system information
                                                                                                                      PID:949
                                                                                                                      • /usr/bin/dpkg
                                                                                                                        /usr/bin/dpkg --print-foreign-architectures
                                                                                                                        6⤵
                                                                                                                          PID:950
                                                                                                                      • /usr/bin/apt-config
                                                                                                                        apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
                                                                                                                        5⤵
                                                                                                                        • Reads runtime system information
                                                                                                                        PID:951
                                                                                                                        • /usr/bin/dpkg
                                                                                                                          /usr/bin/dpkg --print-foreign-architectures
                                                                                                                          6⤵
                                                                                                                          • Reads runtime system information
                                                                                                                          PID:952
                                                                                                                      • /usr/bin/apt-config
                                                                                                                        apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
                                                                                                                        5⤵
                                                                                                                          PID:953
                                                                                                                          • /usr/bin/dpkg
                                                                                                                            /usr/bin/dpkg --print-foreign-architectures
                                                                                                                            6⤵
                                                                                                                            • Reads runtime system information
                                                                                                                            PID:954
                                                                                                                        • /usr/bin/apt-config
                                                                                                                          apt-config shell GPGV Apt::Key::gpgvcommand
                                                                                                                          5⤵
                                                                                                                          • Reads runtime system information
                                                                                                                          PID:956
                                                                                                                          • /usr/bin/dpkg
                                                                                                                            /usr/bin/dpkg --print-foreign-architectures
                                                                                                                            6⤵
                                                                                                                            • Reads runtime system information
                                                                                                                            PID:957
                                                                                                                        • /bin/mktemp
                                                                                                                          mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
                                                                                                                          5⤵
                                                                                                                            PID:958
                                                                                                                          • /bin/chmod
                                                                                                                            chmod 700 /tmp/apt-key-gpghome.HIF1k3hIxH
                                                                                                                            5⤵
                                                                                                                              PID:959
                                                                                                                            • /bin/sed
                                                                                                                              sed -e "s#'#'\"'\"'#g"
                                                                                                                              5⤵
                                                                                                                                PID:963
                                                                                                                              • /bin/sed
                                                                                                                                sed -e "s#'#'\"'\"'#g"
                                                                                                                                5⤵
                                                                                                                                • Reads runtime system information
                                                                                                                                PID:966
                                                                                                                              • /usr/bin/gpgv
                                                                                                                                gpgv --homedir /tmp/apt-key-gpghome.HIF1k3hIxH --keyring /etc/apt/keyrings/nodesource.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.UwfqX3 /tmp/apt.data.b4AaT0
                                                                                                                                5⤵
                                                                                                                                • Reads runtime system information
                                                                                                                                PID:968
                                                                                                                              • /usr/bin/gpgconf
                                                                                                                                gpgconf --kill gpg-agent
                                                                                                                                5⤵
                                                                                                                                • Reads runtime system information
                                                                                                                                PID:969
                                                                                                                                • /usr/bin/gpg-connect-agent
                                                                                                                                  gpg-connect-agent --no-autostart KILLAGENT
                                                                                                                                  6⤵
                                                                                                                                  • Reads runtime system information
                                                                                                                                  PID:970
                                                                                                                              • /bin/rm
                                                                                                                                rm -rf /tmp/apt-key-gpghome.HIF1k3hIxH
                                                                                                                                5⤵
                                                                                                                                  PID:971
                                                                                                                            • /usr/bin/dpkg
                                                                                                                              /usr/bin/dpkg --print-foreign-architectures
                                                                                                                              3⤵
                                                                                                                              • Reads runtime system information
                                                                                                                              PID:972
                                                                                                                            • /usr/bin/dpkg
                                                                                                                              /usr/bin/dpkg --print-foreign-architectures
                                                                                                                              3⤵
                                                                                                                              • Reads runtime system information
                                                                                                                              PID:973
                                                                                                                          • /usr/bin/curl
                                                                                                                            curl -O https://dl.google.com/linux/direct/google-chrome-beta_current_amd64.deb
                                                                                                                            2⤵
                                                                                                                            • Reads runtime system information
                                                                                                                            • Writes file to tmp directory
                                                                                                                            PID:974
                                                                                                                          • /usr/bin/apt-get
                                                                                                                            apt-get install -y ./google-chrome-beta_current_amd64.deb
                                                                                                                            2⤵
                                                                                                                            • Reads runtime system information
                                                                                                                            • Writes file to tmp directory
                                                                                                                            • Software Deployment Tools
                                                                                                                            PID:976
                                                                                                                            • /usr/bin/dpkg
                                                                                                                              /usr/bin/dpkg --print-foreign-architectures
                                                                                                                              3⤵
                                                                                                                                PID:977
                                                                                                                              • /usr/bin/dpkg
                                                                                                                                /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                3⤵
                                                                                                                                • Reads runtime system information
                                                                                                                                PID:978
                                                                                                                              • /usr/bin/dpkg
                                                                                                                                /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                3⤵
                                                                                                                                • Reads runtime system information
                                                                                                                                PID:979
                                                                                                                              • /usr/bin/dpkg
                                                                                                                                /usr/bin/dpkg -I /tmp/google-chrome-beta_current_amd64.deb control
                                                                                                                                3⤵
                                                                                                                                • Reads runtime system information
                                                                                                                                • Software Deployment Tools
                                                                                                                                PID:980
                                                                                                                              • /usr/local/sbin/dpkg-deb
                                                                                                                                dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
                                                                                                                                3⤵
                                                                                                                                  PID:980
                                                                                                                                • /usr/local/bin/dpkg-deb
                                                                                                                                  dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
                                                                                                                                  3⤵
                                                                                                                                    PID:980
                                                                                                                                  • /usr/sbin/dpkg-deb
                                                                                                                                    dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
                                                                                                                                    3⤵
                                                                                                                                      PID:980
                                                                                                                                    • /usr/bin/dpkg-deb
                                                                                                                                      dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
                                                                                                                                      3⤵
                                                                                                                                        PID:980
                                                                                                                                        • /usr/local/sbin/tar
                                                                                                                                          tar -x -m -f - "--warning=no-timestamp"
                                                                                                                                          4⤵
                                                                                                                                            PID:983
                                                                                                                                          • /usr/local/bin/tar
                                                                                                                                            tar -x -m -f - "--warning=no-timestamp"
                                                                                                                                            4⤵
                                                                                                                                              PID:983
                                                                                                                                            • /usr/sbin/tar
                                                                                                                                              tar -x -m -f - "--warning=no-timestamp"
                                                                                                                                              4⤵
                                                                                                                                                PID:983
                                                                                                                                              • /usr/bin/tar
                                                                                                                                                tar -x -m -f - "--warning=no-timestamp"
                                                                                                                                                4⤵
                                                                                                                                                  PID:983
                                                                                                                                                • /sbin/tar
                                                                                                                                                  tar -x -m -f - "--warning=no-timestamp"
                                                                                                                                                  4⤵
                                                                                                                                                    PID:983
                                                                                                                                                  • /bin/tar
                                                                                                                                                    tar -x -m -f - "--warning=no-timestamp"
                                                                                                                                                    4⤵
                                                                                                                                                    • Reads runtime system information
                                                                                                                                                    PID:983
                                                                                                                                                  • /usr/local/sbin/rm
                                                                                                                                                    rm -rf -- /tmp/dpkg-deb.BOTDrj
                                                                                                                                                    4⤵
                                                                                                                                                      PID:984
                                                                                                                                                    • /usr/local/bin/rm
                                                                                                                                                      rm -rf -- /tmp/dpkg-deb.BOTDrj
                                                                                                                                                      4⤵
                                                                                                                                                        PID:984
                                                                                                                                                      • /usr/sbin/rm
                                                                                                                                                        rm -rf -- /tmp/dpkg-deb.BOTDrj
                                                                                                                                                        4⤵
                                                                                                                                                          PID:984
                                                                                                                                                        • /usr/bin/rm
                                                                                                                                                          rm -rf -- /tmp/dpkg-deb.BOTDrj
                                                                                                                                                          4⤵
                                                                                                                                                            PID:984
                                                                                                                                                          • /sbin/rm
                                                                                                                                                            rm -rf -- /tmp/dpkg-deb.BOTDrj
                                                                                                                                                            4⤵
                                                                                                                                                              PID:984
                                                                                                                                                            • /bin/rm
                                                                                                                                                              rm -rf -- /tmp/dpkg-deb.BOTDrj
                                                                                                                                                              4⤵
                                                                                                                                                                PID:984
                                                                                                                                                            • /usr/bin/dpkg
                                                                                                                                                              /usr/bin/dpkg --print-foreign-architectures
                                                                                                                                                              3⤵
                                                                                                                                                              • Reads runtime system information
                                                                                                                                                              PID:985

                                                                                                                                                        Network

                                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                                        Replay Monitor

                                                                                                                                                        Loading Replay Monitor...

                                                                                                                                                        Downloads

                                                                                                                                                        • /tmp/apt-key-gpghome.HIF1k3hIxH/gpg.1.sh

                                                                                                                                                          Filesize

                                                                                                                                                          71B

                                                                                                                                                          MD5

                                                                                                                                                          4a502d34c9274bf20ac5781ec24f97d5

                                                                                                                                                          SHA1

                                                                                                                                                          524c16347caa1e4e4c89fe3a397248a4059be41c

                                                                                                                                                          SHA256

                                                                                                                                                          11f70f1f445376846199cd886a909f58a5eca110d2539720b1b938410836514d

                                                                                                                                                          SHA512

                                                                                                                                                          93ef1e10a3d08717b72b129dced28bd24adf1f94b86631b53ab15b5156b0c1b692962ce29c53f3ce9ef08b42a12db213927f1b1bca4a3f534de8f3ea7441a1bf

                                                                                                                                                        • /tmp/apt-key-gpghome.hN5QwScN1B/gpg.1.sh

                                                                                                                                                          Filesize

                                                                                                                                                          82B

                                                                                                                                                          MD5

                                                                                                                                                          386324828c18260ad0c088cf69dedd60

                                                                                                                                                          SHA1

                                                                                                                                                          be3030fe267c6bdbf8d2e99130d75daa77c67459

                                                                                                                                                          SHA256

                                                                                                                                                          78542cc5b8de8ea589d6741b057309b46dc98412c616d90f24254648642c0341

                                                                                                                                                          SHA512

                                                                                                                                                          4e67b2bca7462753803850df8117a649b1cc77fa041a439e5abb6b876c91ee44eb011229fac0ae3b2d4ea6aea7714f1b7c46a6a46ef21aba40ecba4158ccce89

                                                                                                                                                        • /tmp/apt-key-gpghome.kZ84SMtwTF/gpg.1.sh

                                                                                                                                                          Filesize

                                                                                                                                                          82B

                                                                                                                                                          MD5

                                                                                                                                                          bc71ac407d3e0f1229a28ba4670db458

                                                                                                                                                          SHA1

                                                                                                                                                          8f3e9d72c901cb34d5e274b79b1168d13fdbb103

                                                                                                                                                          SHA256

                                                                                                                                                          218051f45f50c527093dce861eacc84d5cf1b19233e43d58a0866d83a1c277fe

                                                                                                                                                          SHA512

                                                                                                                                                          90b367c42a13b96141ca0a26647e32367e85cd13c66bb269dc127073d35044ec784a9f2ded7dd3f04888631bf965cebf941f79699730c62058e357306cc84b91

                                                                                                                                                        • /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg

                                                                                                                                                          Filesize

                                                                                                                                                          15KB

                                                                                                                                                          MD5

                                                                                                                                                          2713b38b3d7345961d8b80f4463483b8

                                                                                                                                                          SHA1

                                                                                                                                                          e6ec76aaebfea6a82f7984b57e07522a20365201

                                                                                                                                                          SHA256

                                                                                                                                                          389d00b5cbd2f69f32065448000a0607aec056e39af958f62e89c4c7e6228248

                                                                                                                                                          SHA512

                                                                                                                                                          ecee7b3045f49f7fa7443a8658602817bb2c8d2d07ae930536e3f2daaa5854903bf339af6c2fd4b02f8627f050ce360d2feddcf40569b58d304cfc459f418978

                                                                                                                                                        • /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg

                                                                                                                                                          Filesize

                                                                                                                                                          18KB

                                                                                                                                                          MD5

                                                                                                                                                          760d3ab91f417958475b9a6342a5b92e

                                                                                                                                                          SHA1

                                                                                                                                                          137a06aea4b5c9e9ca11f0f5f1225da1c275c334

                                                                                                                                                          SHA256

                                                                                                                                                          42b348802c4290af6f9f30f984513f22fdd342ac3561ccb82957561a6b7c291f

                                                                                                                                                          SHA512

                                                                                                                                                          6cefcfae1c95c94b66b46d9242e62ddf7d7c65bd8d9bc9dc4e4c6230443ba33668ed160e1882f48a0b5daf59a46ccca09240ebe666017f059bd55e02fb1f2db6

                                                                                                                                                        • /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg

                                                                                                                                                          Filesize

                                                                                                                                                          23KB

                                                                                                                                                          MD5

                                                                                                                                                          d63fbab9dfb826d53f7b3aaea45dbfb5

                                                                                                                                                          SHA1

                                                                                                                                                          59841d8e5423f788292af76d4350a948f4e25f53

                                                                                                                                                          SHA256

                                                                                                                                                          de329f1f48b751a7527f8ce3150452a4282ce69990e9318ab82d5b46b9f751ca

                                                                                                                                                          SHA512

                                                                                                                                                          20118f98c87eb60f0abafd5b4c2ffb4b1faf92777ee7402b98c0f5dc42d492c83f94d6903bdeee006187ac344a57afeaa84b54a973b483ff13e49773071d8198

                                                                                                                                                        • /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg

                                                                                                                                                          Filesize

                                                                                                                                                          47KB

                                                                                                                                                          MD5

                                                                                                                                                          a4dc094481f22304cab5550218e6e4de

                                                                                                                                                          SHA1

                                                                                                                                                          f5886a324c0c026d0168656f23d1d898a0e43bd6

                                                                                                                                                          SHA256

                                                                                                                                                          eef8c4d7d518a986e4f1cfeec729b55369b863ed6b62a23cbe9d88aa56de5391

                                                                                                                                                          SHA512

                                                                                                                                                          0f040c957db3d500ba18315db33cca6eb18f9c80d952710f839833a73dd89b72e2e01178084c17348e312a427a6b9150937199b4912e71dfd1a7e2dd43723f68

                                                                                                                                                        • /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg

                                                                                                                                                          Filesize

                                                                                                                                                          7KB

                                                                                                                                                          MD5

                                                                                                                                                          b53e6ca4ed295fc38621315853f623d0

                                                                                                                                                          SHA1

                                                                                                                                                          45a416f014809735ec88854a3540c8e9e89eb102

                                                                                                                                                          SHA256

                                                                                                                                                          6246307cc0130f6bd52510a477960f7c7be431b25979d7e20a88dc2fac58ac93

                                                                                                                                                          SHA512

                                                                                                                                                          30b5d2571840c2319a4af3907afda8ab00cf2879c83aaee1048ca972c0d3ddbf7995a167a31b19c45195b636ab46e73b0534459c6ee79c557fac8bfc01d857ac

                                                                                                                                                        • /tmp/apt.conf.0LMLmR

                                                                                                                                                          Filesize

                                                                                                                                                          7KB

                                                                                                                                                          MD5

                                                                                                                                                          2e865de2c92475d628dc9eee272c7dd5

                                                                                                                                                          SHA1

                                                                                                                                                          a3f656004db7bf9f7c72114b422d5938239dd768

                                                                                                                                                          SHA256

                                                                                                                                                          507d06a19be907e372fcf41b270e6296d5386db1ba5c996862a7dda75057bcfe

                                                                                                                                                          SHA512

                                                                                                                                                          25eeb2dcfc9838f0f1b6599d447c034f2eacf55534e5841f19183216ed65ce2d2855031b41bf2f2e9425072956c03356cafad13869777510cee720bc8d7ec51c

                                                                                                                                                        • /tmp/apt.data.S3spYi

                                                                                                                                                          Filesize

                                                                                                                                                          56KB

                                                                                                                                                          MD5

                                                                                                                                                          fd96c8ce5d0ef18d63bbe9ae17bb2659

                                                                                                                                                          SHA1

                                                                                                                                                          76b284743d95d3546df9d85c09712c830a30f614

                                                                                                                                                          SHA256

                                                                                                                                                          ffc8a7a283b61633aac383ddf8f863df3f39ef241a07a4127f51a2495ef674b3

                                                                                                                                                          SHA512

                                                                                                                                                          2486acdfc102f8f8498d8db2f205915115444dd118507369044202dc9a97109b4c738a2faf16c1f5ce5e4452ae0af17ae4691ac3bf5e7c5e2db271c0f40a4cb2

                                                                                                                                                        • /tmp/apt.sig.8KW6Vz

                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          70274ce622b0cc437ef7f0caddc9d232

                                                                                                                                                          SHA1

                                                                                                                                                          124513a3ad2eb5aafa9be0920681e3bb8625979b

                                                                                                                                                          SHA256

                                                                                                                                                          4055d2ccc7c4be062ed390944548206ece5ed7613eae114b9e53ef15f3905230

                                                                                                                                                          SHA512

                                                                                                                                                          fed0054da258bb4a99e8adac359322d9ecc67caeee872309ea7d9863db6a1ec2a55497100e31538f42b43b9efc997e779e3774c8a0c6b0206254d7252d8699c8

                                                                                                                                                        • /tmp/deb-file-google-chrome-beta_current_amd64.deb.MAANb7

                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          d2243d917c693153285072570ebb2c44

                                                                                                                                                          SHA1

                                                                                                                                                          dbb431f2031f9b67b6f8dc2a41397b69fa6eabae

                                                                                                                                                          SHA256

                                                                                                                                                          e9c3f01dd52ccaf8a7b65696f23c4ae1eae581bd49652d29f6de96f678b34d07

                                                                                                                                                          SHA512

                                                                                                                                                          d825796e5de2dd7965e762cfc26dd24f418e478c4b6033ce907c586aff8f50408d7492029f0f713230ddd6570d80d4633c8f0807ad3d08e29cb6a6368d2eeb00

                                                                                                                                                        • /tmp/dpkg-deb.BOTDrj/control

                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          92902d303461b5c905c667bb82d55c65

                                                                                                                                                          SHA1

                                                                                                                                                          b623d1c8e9060eb426d19605cd810c9cf98d0b54

                                                                                                                                                          SHA256

                                                                                                                                                          66f6f543870d7e667bb870edceb9960ed67c3a972b36bbc69498e0f19430b7d8

                                                                                                                                                          SHA512

                                                                                                                                                          9fa1bcd0af361ba9a5c7537c5a6759455e95b7e089490b581d59ec8cb5d571c68c1dd38f4ebf557bd27a529035dbc9e25a45c2e1f7ba611565f75b87ff67144e

                                                                                                                                                        • /tmp/dpkg-deb.BOTDrj/postinst

                                                                                                                                                          Filesize

                                                                                                                                                          26KB

                                                                                                                                                          MD5

                                                                                                                                                          7a4c06a537cf3e4e7ea4f00cf08e3bc6

                                                                                                                                                          SHA1

                                                                                                                                                          08d30f017d78966e9041181e5e675b015dc14107

                                                                                                                                                          SHA256

                                                                                                                                                          038f43a8b161ef4827d0a63b750ec201ec67d9c987fb228e976f10263d326582

                                                                                                                                                          SHA512

                                                                                                                                                          b2b5711d89b617223dab45ae5d19547db33f3ed628df32b8a2a8cfd1491592d1ead93560d0b3814e0209d5079a4e6f3d4ec7841f5f5696ae785407c50d91dc62

                                                                                                                                                        • /tmp/dpkg-deb.BOTDrj/postrm

                                                                                                                                                          Filesize

                                                                                                                                                          21KB

                                                                                                                                                          MD5

                                                                                                                                                          e0b6dec9aa6ff430754e64445ade2317

                                                                                                                                                          SHA1

                                                                                                                                                          ad1ee754557676cac6a802fa740e005bf06c8470

                                                                                                                                                          SHA256

                                                                                                                                                          5135a12604f40aeb7df1ab660717bf4806d1188b89234e0453973c85ecb1f74c

                                                                                                                                                          SHA512

                                                                                                                                                          d1e626f7380bf9222b2c4dadc604f9b901678816f55ad6afa70fe252844b5b107d050ecede2156d4b229a092c96ff4f2237e8bee76dd401bf4dba4af620faf70

                                                                                                                                                        • /tmp/dpkg-deb.BOTDrj/prerm

                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          c48bb92ddb66eadecc16d75efdb9edc5

                                                                                                                                                          SHA1

                                                                                                                                                          c5ceefc1b8b90e7d2145cebc3fb9b2a74ffecc56

                                                                                                                                                          SHA256

                                                                                                                                                          f826c434426ec15fb67203fd51827c96a128305d6fce9019f904d3abdca733b7

                                                                                                                                                          SHA512

                                                                                                                                                          031c5df9169724d4426567b674234feb87845e23932b962f3adfbd859527e1a8a424f34322854bc1921f0402a19e669a0e7f146d10f1e34d9d20834359e75f93

                                                                                                                                                        • /tmp/google-chrome-beta_current_amd64.deb

                                                                                                                                                          Filesize

                                                                                                                                                          107.0MB

                                                                                                                                                          MD5

                                                                                                                                                          7ae80f77feab7290b2dcb968197be6d3

                                                                                                                                                          SHA1

                                                                                                                                                          0aab24fba6725a1cee39285c0ee90b1d4c51118d

                                                                                                                                                          SHA256

                                                                                                                                                          02425a21f70e7441af1c00714434c38a2598603d8cd6057d621732e31f17c815

                                                                                                                                                          SHA512

                                                                                                                                                          279919e05eeb64d10b0bddc8f825b23da0cf312254d96f58653bb6d5c3d183dd3a907769992a19cb229f0a69e0e6879ba71b3398e18401aa8e921d0f6c477869