Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
boatnet.m68k.elf

Overview

General Information

Sample name:boatnet.m68k.elf
Analysis ID:1582572
MD5:8ad66e3035a668c00cde5231a738417a
SHA1:5d1faaf279304d1ac661f2099d8019652f16896e
SHA256:8da46ca88221933bf58fdf3df25c6cfd46c1f2139b43db00a5371ee9ec836bff
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1582572
Start date and time:2024-12-30 22:32:37 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 9s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:boatnet.m68k.elf
Detection:MAL
Classification:mal76.spre.troj.linELF@0/0@2/0

Warnings

  • VT rate limit hit for: boatnet.m68k.elf

Runtime Messages

Command:/tmp/boatnet.m68k.elf
PID:5535
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wrapper-2.0 (PID: 5547, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5548, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 5549, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 5550, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 5569, Parent: 5550, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 5551, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 5552, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 5568, Parent: 5567, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 5576, Parent: 2955)
  • xfce4-notifyd (PID: 5576, Parent: 2955, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
boatnet.m68k.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    boatnet.m68k.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xc1e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc1f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc20c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc220:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc234:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc25c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc34c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    boatnet.m68k.elfLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0xc735:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5539.1.00007fae8c001000.00007fae8c00f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5539.1.00007fae8c001000.00007fae8c00f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xc1e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc1f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc20c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc220:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc234:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc25c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc34c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5539.1.00007fae8c001000.00007fae8c00f000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
      • 0xc735:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
      5535.1.00007fae8c001000.00007fae8c00f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5535.1.00007fae8c001000.00007fae8c00f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0xc1e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc1f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc20c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc220:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc234:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc25c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc34c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        Click to see the 7 entries

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: boatnet.m68k.elfAvira: detected
        Multi AV Scanner detection for submitted file
        Source: boatnet.m68k.elfReversingLabs: Detection: 65%
        Source: global trafficTCP traffic: 192.168.2.14:50438 -> 104.168.45.33:3778
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: boatnet.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: boatnet.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5539.1.00007fae8c001000.00007fae8c00f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5539.1.00007fae8c001000.00007fae8c00f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5535.1.00007fae8c001000.00007fae8c00f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5535.1.00007fae8c001000.00007fae8c00f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: boatnet.m68k.elf PID: 5535, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: boatnet.m68k.elf PID: 5535, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: boatnet.m68k.elf PID: 5539, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: boatnet.m68k.elf PID: 5539, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Sample tries to kill multiple processes (SIGKILL)
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3129, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3184, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3187, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3188, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3189, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3190, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3193, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3207, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3215, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3235, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5547, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5548, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5549, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5550, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5551, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5552, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5568, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5576, result: successfulJump to behavior
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3129, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3184, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3187, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3188, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3189, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3190, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3193, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3207, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3215, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 3235, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5547, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5548, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5549, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5550, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5551, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5552, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5568, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)SIGKILL sent: pid: 5576, result: successfulJump to behavior
        Source: boatnet.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: boatnet.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5539.1.00007fae8c001000.00007fae8c00f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5539.1.00007fae8c001000.00007fae8c00f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5535.1.00007fae8c001000.00007fae8c00f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5535.1.00007fae8c001000.00007fae8c00f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.m68k.elf PID: 5535, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.m68k.elf PID: 5535, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.m68k.elf PID: 5539, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.m68k.elf PID: 5539, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: classification engineClassification label: mal76.spre.troj.linELF@0/0@2/0
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5547)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5548)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5568)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5568)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5568)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5568)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5576)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5576)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5576)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5576)Directory: /home/saturnino/.configJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/5541/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3760/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3761/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/2672/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1583/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3244/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3120/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3361/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3759/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3239/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1577/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1610/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/512/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1299/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3235/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/514/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3873/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/519/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/2946/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/917/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/5550/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/5551/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/5672/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/5552/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3134/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1593/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3011/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3094/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3406/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1589/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3129/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1588/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3402/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3125/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3246/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3245/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/767/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/800/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/888/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3762/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/801/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/769/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/803/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/5547/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/5548/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/5549/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/806/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/807/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/928/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/2956/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3420/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/490/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3142/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1635/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1633/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1599/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3139/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1873/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1630/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3412/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/657/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/658/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/659/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/418/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/419/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1639/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1638/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/5576/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3398/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1371/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3392/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/780/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/660/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/661/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/782/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1369/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3304/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3425/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/785/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1642/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/940/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/941/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1640/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3147/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3268/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1364/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/548/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/5568/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1647/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/2991/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1383/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1382/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1381/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/791/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/671/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/794/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1655/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/2986/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/795/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/674/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/1653/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/797/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/2983/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/3159/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5537)File opened: /proc/678/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5535)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5547)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5548)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5549)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5550)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5551)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5552)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5576)Queries kernel information via 'uname': Jump to behavior
        Source: boatnet.m68k.elf, 5535.1.00005628ccc10000.00005628ccc95000.rw-.sdmp, boatnet.m68k.elf, 5539.1.00005628ccc10000.00005628ccc95000.rw-.sdmpBinary or memory string: (V!/etc/qemu-binfmt/m68k
        Source: boatnet.m68k.elf, 5535.1.00007ffffe5ca000.00007ffffe5eb000.rw-.sdmp, boatnet.m68k.elf, 5539.1.00007ffffe5ca000.00007ffffe5eb000.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
        Source: boatnet.m68k.elf, 5535.1.00005628ccc10000.00005628ccc95000.rw-.sdmp, boatnet.m68k.elf, 5539.1.00005628ccc10000.00005628ccc95000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k
        Source: boatnet.m68k.elf, 5535.1.00007ffffe5ca000.00007ffffe5eb000.rw-.sdmp, boatnet.m68k.elf, 5539.1.00007ffffe5ca000.00007ffffe5eb000.rw-.sdmpBinary or memory string: 2x86_64/usr/bin/qemu-m68k/tmp/boatnet.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/boatnet.m68k.elf

        Stealing of Sensitive Information

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: boatnet.m68k.elf, type: SAMPLE
        Source: Yara matchFile source: 5539.1.00007fae8c001000.00007fae8c00f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5535.1.00007fae8c001000.00007fae8c00f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: boatnet.m68k.elf PID: 5535, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.m68k.elf PID: 5539, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: boatnet.m68k.elf, type: SAMPLE
        Source: Yara matchFile source: 5539.1.00007fae8c001000.00007fae8c00f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5535.1.00007fae8c001000.00007fae8c00f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: boatnet.m68k.elf PID: 5535, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.m68k.elf PID: 5539, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
        Hidden Files and Directories        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Non-Standard Port        		Exfiltration Over Other Network Medium1
        Service Stop
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582572 Sample: boatnet.m68k.elf Startdate: 30/12/2024 Architecture: LINUX Score: 76 24 104.168.45.33, 3778, 50438, 50440 AS-COLOCROSSINGUS United States 2->24 26 daisy.ubuntu.com 2->26 28 Malicious sample detected (through community Yara rule) 2->28 30 Antivirus / Scanner detection for submitted sample 2->30 32 Multi AV Scanner detection for submitted file 2->32 34 Yara detected Mirai 2->34 7 boatnet.m68k.elf 2->7         started        9 xfce4-panel wrapper-2.0 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 6 other processes 2->13 signatures3 process4 process5 15 boatnet.m68k.elf 7->15         started        18 boatnet.m68k.elf 7->18         started        20 boatnet.m68k.elf 7->20         started        22 wrapper-2.0 xfpm-power-backlight-helper 9->22         started        signatures6 36 Sample tries to kill multiple processes (SIGKILL) 15->36

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        boatnet.m68k.elf66%ReversingLabsLinux.Trojan.Mirai
        boatnet.m68k.elf100%AviraEXP/ELF.Gafgyt.D

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        daisy.ubuntu.com
        		162.213.35.25
        		truefalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          104.168.45.33
          		unknownUnited States
          		36352AS-COLOCROSSINGUSfalse

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          104.168.45.33boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
            boatnet.arm.elfGet hashmaliciousMiraiBrowse
              boatnet.x86.elfGet hashmaliciousMiraiBrowse
                boatnet.mips.elfGet hashmaliciousMiraiBrowse

                  Domains

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  daisy.ubuntu.comboatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                  • 162.213.35.24
                  boatnet.arm.elfGet hashmaliciousMiraiBrowse
                  • 162.213.35.25
                  boatnet.mips.elfGet hashmaliciousMiraiBrowse
                  • 162.213.35.25
                  boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                  • 162.213.35.25
                  kwari.sh4.elfGet hashmaliciousUnknownBrowse
                  • 162.213.35.24
                  kwari.arm5.elfGet hashmaliciousUnknownBrowse
                  • 162.213.35.24
                  kwari.arm6.elfGet hashmaliciousUnknownBrowse
                  • 162.213.35.25
                  boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                  • 162.213.35.25
                  boatnet.mips.elfGet hashmaliciousMiraiBrowse
                  • 162.213.35.24
                  boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                  • 162.213.35.25

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  AS-COLOCROSSINGUSboatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                  • 104.168.45.33
                  boatnet.arm.elfGet hashmaliciousMiraiBrowse
                  • 104.168.45.33
                  boatnet.x86.elfGet hashmaliciousMiraiBrowse
                  • 104.168.45.33
                  boatnet.mips.elfGet hashmaliciousMiraiBrowse
                  • 104.168.45.33
                  rebirth.m68.elfGet hashmaliciousGafgytBrowse
                  • 23.95.72.235
                  rebirth.mips.elfGet hashmaliciousGafgytBrowse
                  • 23.95.72.235
                  rebirth.arm6.elfGet hashmaliciousGafgytBrowse
                  • 23.95.72.235
                  rebirth.ppc.elfGet hashmaliciousGafgytBrowse
                  • 23.95.72.235
                  rebirth.arm4t.elfGet hashmaliciousGafgytBrowse
                  • 23.95.72.235
                  rebirth.x86.elfGet hashmaliciousGafgytBrowse
                  • 23.95.72.235

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  No created / dropped files found

                  Static File Info

                  General

                  File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
                  Entropy (8bit):6.254985884708738
                  TrID:
                  • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                  File name:boatnet.m68k.elf
                  File size:54'932 bytes
                  MD5:8ad66e3035a668c00cde5231a738417a
                  SHA1:5d1faaf279304d1ac661f2099d8019652f16896e
                  SHA256:8da46ca88221933bf58fdf3df25c6cfd46c1f2139b43db00a5371ee9ec836bff
                  SHA512:4404c6436d9b9fcc96adeda66ff55b9f2aae6308c6518586cc987fb518d098804ddf7f2ff67b771a0a5a5f26b385c79388010755288ef12d8ef5dda85f299dd7
                  SSDEEP:768:gduPBFnHooqR8qOCKq2cH4Kg9e+TK806MMUVjzkfQXObHud2oGV:r/hqaJMDg9eqK806MHdkfQX6HuCV
                  TLSH:C133FA8EB8029D3CF91BE6BE54164E0DB93177C152830B2767BBFDA36C721945E02E85
                  File Content Preview:.ELF.......................D...4.........4. ...(.................................. ....................(.......... .dt.Q............................NV..a....da.....N^NuNV..J9....f>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X.........N^NuNV..N^NuN

                  Static ELF Info

                  ELF header

                  Class:ELF32
                  Data:2's complement, big endian
                  Version:1 (current)
                  Machine:MC68000
                  Version Number:0x1
                  Type:EXEC (Executable file)
                  OS/ABI:UNIX - System V
                  ABI Version:0
                  Entry Point Address:0x80000144
                  Flags:0x0
                  ELF Header Size:52
                  Program Header Offset:52
                  Program Header Size:32
                  Number of Program Headers:3
                  Section Header Offset:54532
                  Section Header Size:40
                  Number of Section Headers:10
                  Header String Table Index:9

                  Sections

                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                  NULL0x00x00x00x00x0000
                  .initPROGBITS0x800000940x940x140x00x6AX002
                  .textPROGBITS0x800000a80xa80xc12e0x00x6AX004
                  .finiPROGBITS0x8000c1d60xc1d60xe0x00x6AX002
                  .rodataPROGBITS0x8000c1e40xc1e40x10b20x00x2A002
                  .ctorsPROGBITS0x8000f29c0xd29c0x80x00x3WA004
                  .dtorsPROGBITS0x8000f2a40xd2a40x80x00x3WA004
                  .dataPROGBITS0x8000f2b00xd2b00x2140x00x3WA004
                  .bssNOBITS0x8000f4c40xd4c40x2a00x00x3WA004
                  .shstrtabSTRTAB0x00xd4c40x3e0x00x0001

                  Program Segments

                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                  LOAD0x00x800000000x800000000xd2960xd2966.29060x5R E0x2000.init .text .fini .rodata
                  LOAD0xd29c0x8000f29c0x8000f29c0x2280x4c83.03460x6RW 0x2000.ctors .dtors .data .bss
                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Dec 30, 2024 22:33:36.526710987 CET504383778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:36.531631947 CET377850438104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:36.531730890 CET504383778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:36.572746038 CET504383778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:36.578282118 CET377850438104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:36.578326941 CET504383778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:36.583585024 CET377850438104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:37.005620003 CET377850438104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:37.005850077 CET504383778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:37.005935907 CET504383778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:37.006534100 CET504403778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:37.011403084 CET377850440104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:37.011501074 CET504403778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:37.012340069 CET504403778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:37.017143965 CET377850440104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:37.017240047 CET504403778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:37.022021055 CET377850440104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:38.144682884 CET377850440104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:38.144809961 CET377850440104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:38.144817114 CET377850440104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:38.144896984 CET504403778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.144896984 CET504403778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.144896984 CET504403778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.145045996 CET504403778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.145068884 CET377850440104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:38.145155907 CET504403778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.145620108 CET504423778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.150991917 CET377850442104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:38.151065111 CET504423778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.151735067 CET504423778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.157593966 CET377850442104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:38.157640934 CET504423778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.163218975 CET377850442104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:38.637866020 CET377850442104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:38.638044119 CET504423778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.638044119 CET504423778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.638674021 CET504443778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.643531084 CET377850444104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:38.643636942 CET504443778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.644464970 CET504443778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.649307966 CET377850444104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:38.649369955 CET504443778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:38.654210091 CET377850444104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:39.105587006 CET377850444104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:39.105755091 CET504443778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:39.105755091 CET504443778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:39.106213093 CET504463778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:39.111043930 CET377850446104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:39.111102104 CET504463778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:39.111809015 CET504463778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:39.116628885 CET377850446104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:39.116679907 CET504463778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:39.121478081 CET377850446104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:39.587238073 CET377850446104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:39.587465048 CET504463778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:39.587502003 CET504463778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:39.587985992 CET504483778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:39.592828989 CET377850448104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:39.592888117 CET504483778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:39.593585014 CET504483778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:39.598371029 CET377850448104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:39.598412991 CET504483778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:39.603281021 CET377850448104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:40.057605028 CET377850448104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:40.057832956 CET504483778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:40.057862997 CET504483778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:40.058410883 CET504503778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:40.063601971 CET377850450104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:40.063663006 CET504503778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:40.064400911 CET504503778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:40.069446087 CET377850450104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:40.069519043 CET504503778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:40.074882030 CET377850450104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:40.533806086 CET377850450104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:40.533951998 CET504503778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:40.533951998 CET504503778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:40.534434080 CET504523778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:40.539242983 CET377850452104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:40.539288998 CET504523778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:40.540163994 CET504523778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:40.544977903 CET377850452104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:40.545058966 CET504523778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:40.549870968 CET377850452104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:41.008397102 CET377850452104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:41.008503914 CET504523778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.008546114 CET504523778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.009085894 CET504543778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.013907909 CET377850454104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:41.014015913 CET504543778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.014678001 CET504543778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.019444942 CET377850454104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:41.019495010 CET504543778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.024246931 CET377850454104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:41.502959967 CET377850454104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:41.503012896 CET504543778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.503067017 CET504543778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.503393888 CET504563778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.508220911 CET377850456104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:41.508274078 CET504563778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.509265900 CET504563778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.514086962 CET377850456104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:41.514120102 CET504563778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.518920898 CET377850456104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:41.978727102 CET377850456104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:41.978791952 CET504563778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.978842020 CET504563778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.981208086 CET504583778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.986062050 CET377850458104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:41.986123085 CET504583778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.991513968 CET504583778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:41.996345997 CET377850458104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:41.996409893 CET504583778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:42.001560926 CET377850458104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:42.457084894 CET377850458104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:42.457154989 CET504583778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:42.457181931 CET504583778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:42.460113049 CET504603778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:42.464947939 CET377850460104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:42.465001106 CET504603778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:42.471474886 CET504603778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:42.476267099 CET377850460104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:42.476315975 CET504603778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:42.481113911 CET377850460104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:42.956583023 CET377850460104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:42.956634045 CET504603778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:42.956664085 CET504603778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:42.960102081 CET504623778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:42.964878082 CET377850462104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:42.964946032 CET504623778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:42.970959902 CET504623778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:42.975769997 CET377850462104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:42.975806952 CET504623778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:42.980644941 CET377850462104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:43.446785927 CET377850462104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:43.446842909 CET504623778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:43.446892023 CET504623778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:43.449356079 CET504643778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:43.454200029 CET377850464104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:43.454252958 CET504643778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:43.460102081 CET504643778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:43.464889050 CET377850464104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:43.464925051 CET504643778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:43.469739914 CET377850464104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:43.925163031 CET377850464104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:43.925210953 CET504643778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:43.925240993 CET504643778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:43.928277016 CET504663778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:43.933098078 CET377850466104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:43.933151007 CET504663778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:43.938991070 CET504663778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:43.943757057 CET377850466104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:43.943799019 CET504663778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:43.948590994 CET377850466104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:44.461592913 CET377850466104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:44.461654902 CET504663778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:44.461694002 CET504663778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:44.465325117 CET504683778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:44.470134020 CET377850468104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:44.470215082 CET504683778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:44.477041960 CET504683778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:44.481887102 CET377850468104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:44.481956005 CET504683778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:44.486768961 CET377850468104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:44.944011927 CET377850468104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:44.944209099 CET504683778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:44.944250107 CET504683778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:45.079807043 CET504703778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:45.084603071 CET377850470104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:45.084666014 CET504703778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:45.093729019 CET504703778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:45.098556042 CET377850470104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:45.098619938 CET504703778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:45.103414059 CET377850470104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:45.592006922 CET377850470104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:45.592066050 CET504703778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:45.592118979 CET504703778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:45.596179962 CET504723778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:45.600931883 CET377850472104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:45.601036072 CET504723778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:45.609961987 CET504723778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:45.614737988 CET377850472104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:45.614793062 CET504723778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:45.619573116 CET377850472104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:46.079421997 CET377850472104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:46.079498053 CET504723778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:46.079540014 CET504723778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:46.083645105 CET504743778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:46.088468075 CET377850474104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:46.088551044 CET504743778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:46.097265959 CET504743778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:46.102062941 CET377850474104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:46.102137089 CET504743778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:46.106977940 CET377850474104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:46.559041023 CET377850474104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:46.559140921 CET504743778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:46.559140921 CET504743778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:46.573458910 CET504763778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:46.578362942 CET377850476104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:46.578418016 CET504763778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:46.584353924 CET504763778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:46.589114904 CET377850476104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:46.589184046 CET504763778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:46.594017029 CET377850476104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:47.061500072 CET377850476104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:47.061549902 CET504763778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:47.061594963 CET504763778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:47.066660881 CET504783778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:47.071465969 CET377850478104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:47.071531057 CET504783778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:47.077088118 CET504783778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:47.081906080 CET377850478104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:47.085746050 CET504783778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:47.090516090 CET377850478104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:47.794914961 CET377850478104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:47.795007944 CET504783778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:47.795007944 CET504783778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:47.796845913 CET504803778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:47.801702976 CET377850480104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:47.801763058 CET504803778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:47.805543900 CET504803778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:47.810292959 CET377850480104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:47.810355902 CET504803778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:47.815151930 CET377850480104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:48.351288080 CET377850480104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:48.351381063 CET504803778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:48.351454020 CET504803778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:48.353440046 CET504823778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:48.358210087 CET377850482104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:48.358285904 CET504823778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:48.363054037 CET504823778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:48.367844105 CET377850482104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:48.367909908 CET504823778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:48.372720003 CET377850482104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:48.819504976 CET377850482104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:48.819614887 CET504823778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:48.819614887 CET504823778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:48.823452950 CET504843778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:48.828221083 CET377850484104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:48.828315020 CET504843778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:48.834173918 CET504843778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:48.838969946 CET377850484104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:48.839011908 CET504843778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:48.843775988 CET377850484104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:58.843940973 CET504843778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:33:58.848897934 CET377850484104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:58.958086967 CET377850484104.168.45.33192.168.2.14
                  Dec 30, 2024 22:33:58.958268881 CET504843778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:34:59.016591072 CET504843778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:34:59.021501064 CET377850484104.168.45.33192.168.2.14
                  Dec 30, 2024 22:34:59.129967928 CET377850484104.168.45.33192.168.2.14
                  Dec 30, 2024 22:34:59.130064964 CET504843778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:35:59.186235905 CET504843778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:35:59.191068888 CET377850484104.168.45.33192.168.2.14
                  Dec 30, 2024 22:35:59.309683084 CET377850484104.168.45.33192.168.2.14
                  Dec 30, 2024 22:35:59.309983969 CET504843778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:36:59.359246016 CET504843778192.168.2.14104.168.45.33
                  Dec 30, 2024 22:36:59.462845087 CET377850484104.168.45.33192.168.2.14
                  Dec 30, 2024 22:36:59.570820093 CET377850484104.168.45.33192.168.2.14
                  Dec 30, 2024 22:36:59.571050882 CET504843778192.168.2.14104.168.45.33

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Dec 30, 2024 22:36:23.000782967 CET3976753192.168.2.148.8.8.8
                  Dec 30, 2024 22:36:23.000830889 CET5820353192.168.2.148.8.8.8
                  Dec 30, 2024 22:36:23.007625103 CET53582038.8.8.8192.168.2.14
                  Dec 30, 2024 22:36:23.008526087 CET53397678.8.8.8192.168.2.14

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Dec 30, 2024 22:36:23.000782967 CET192.168.2.148.8.8.80x7081Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                  Dec 30, 2024 22:36:23.000830889 CET192.168.2.148.8.8.80x4734Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Dec 30, 2024 22:36:23.008526087 CET8.8.8.8192.168.2.140x7081No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                  Dec 30, 2024 22:36:23.008526087 CET8.8.8.8192.168.2.140x7081No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

                  System Behavior

                  General

                  Start time (UTC):21:33:35
                  Start date (UTC):30/12/2024
                  Path:/tmp/boatnet.m68k.elf
                  Arguments:/tmp/boatnet.m68k.elf
                  File size:4463432 bytes
                  MD5 hash:cd177594338c77b895ae27c33f8f86cc

                  Chronological Activities


                  General

                  Start time (UTC):21:33:35
                  Start date (UTC):30/12/2024
                  Path:/tmp/boatnet.m68k.elf
                  Arguments:-
                  File size:4463432 bytes
                  MD5 hash:cd177594338c77b895ae27c33f8f86cc

                  Chronological Activities


                  General

                  Start time (UTC):21:33:35
                  Start date (UTC):30/12/2024
                  Path:/tmp/boatnet.m68k.elf
                  Arguments:-
                  File size:4463432 bytes
                  MD5 hash:cd177594338c77b895ae27c33f8f86cc

                  Chronological Activities


                  General

                  Start time (UTC):21:33:35
                  Start date (UTC):30/12/2024
                  Path:/tmp/boatnet.m68k.elf
                  Arguments:-
                  File size:4463432 bytes
                  MD5 hash:cd177594338c77b895ae27c33f8f86cc

                  Chronological Activities


                  General

                  Start time (UTC):21:33:40
                  Start date (UTC):30/12/2024
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):21:33:40
                  Start date (UTC):30/12/2024
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):21:33:40
                  Start date (UTC):30/12/2024
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):21:33:40
                  Start date (UTC):30/12/2024
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):21:33:40
                  Start date (UTC):30/12/2024
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):21:33:40
                  Start date (UTC):30/12/2024
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):21:33:40
                  Start date (UTC):30/12/2024
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):21:33:40
                  Start date (UTC):30/12/2024
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):21:33:45
                  Start date (UTC):30/12/2024
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:-
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):21:33:45
                  Start date (UTC):30/12/2024
                  Path:/usr/sbin/xfpm-power-backlight-helper
                  Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
                  File size:14656 bytes
                  MD5 hash:3d221ad23f28ca3259f599b1664e2427

                  Chronological Activities


                  General

                  Start time (UTC):21:33:40
                  Start date (UTC):30/12/2024
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):21:33:40
                  Start date (UTC):30/12/2024
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):21:33:40
                  Start date (UTC):30/12/2024
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):21:33:40
                  Start date (UTC):30/12/2024
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):21:33:45
                  Start date (UTC):30/12/2024
                  Path:/usr/bin/dbus-daemon
                  Arguments:-
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Chronological Activities


                  General

                  Start time (UTC):21:33:45
                  Start date (UTC):30/12/2024
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                  File size:112880 bytes
                  MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                  Chronological Activities


                  General

                  Start time (UTC):21:33:48
                  Start date (UTC):30/12/2024
                  Path:/usr/lib/systemd/systemd
                  Arguments:-
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Chronological Activities


                  General

                  Start time (UTC):21:33:48
                  Start date (UTC):30/12/2024
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                  File size:112872 bytes
                  MD5 hash:eee956f1b227c1d5031f9c61223255d1

                  Chronological Activities