Edit tour

Linux Analysis Report
boatnet.arm7.elf

Overview

General Information

Sample name:	boatnet.arm7.elf
Analysis ID:	1583596
MD5:	b596061ea3f1d976a6314afe769a9c34
SHA1:	8853bfb626868c32a999a883fed4eb704fe28c11
SHA256:	b2f70bb7d7dac80bf956d563f6e97e65909e2b5e08e9e0022c1f621693f8ccbd
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Mirai

Sample is packed with UPX

Sample tries to kill multiple processes (SIGKILL)

Creates hidden files and/or directories

Detected TCP or UDP traffic on non-standard ports

ELF contains segments with high entropy indicating compressed/encrypted content

Enumerates processes within the "proc" file system

Sample contains only a LOAD segment without any section mappings

Sample tries to kill a process (SIGKILL)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583596
Start date and time:	2025-01-03 06:57:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	boatnet.arm7.elf
Detection:	MAL
Classification:	mal72.spre.troj.evad.linELF@0/51@2/0

Runtime Messages

Command:	/tmp/boatnet.arm7.elf
PID:	5425
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

boatnet.arm7.elf (PID: 5425, Parent: 5353, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/boatnet.arm7.elf

boatnet.arm7.elf New Fork (PID: 5430, Parent: 5425)

boatnet.arm7.elf New Fork (PID: 5432, Parent: 5425)

boatnet.arm7.elf New Fork (PID: 5434, Parent: 5425)

xfce4-panel New Fork (PID: 5441, Parent: 3147)

wrapper-2.0 (PID: 5441, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"

xfce4-panel New Fork (PID: 5442, Parent: 3147)

wrapper-2.0 (PID: 5442, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"

xfce4-panel New Fork (PID: 5443, Parent: 3147)

wrapper-2.0 (PID: 5443, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"

xfce4-panel New Fork (PID: 5444, Parent: 3147)

wrapper-2.0 (PID: 5444, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"

wrapper-2.0 New Fork (PID: 5461, Parent: 5444)

xfpm-power-backlight-helper (PID: 5461, Parent: 5444, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness

xfce4-panel New Fork (PID: 5445, Parent: 3147)

wrapper-2.0 (PID: 5445, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"

xfce4-panel New Fork (PID: 5446, Parent: 3147)

wrapper-2.0 (PID: 5446, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"

dbus-daemon New Fork (PID: 5463, Parent: 5462)

xfconfd (PID: 5463, Parent: 5462, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd

systemd New Fork (PID: 5470, Parent: 2935)

xfce4-notifyd (PID: 5470, Parent: 2935, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd

systemd New Fork (PID: 5566, Parent: 1)

logrotate (PID: 5566, Parent: 1, MD5: ff9f6831debb63e53a31ff8057143af6) Arguments: /usr/sbin/logrotate /etc/logrotate.conf

systemd New Fork (PID: 5571, Parent: 1)

install (PID: 5571, Parent: 1, MD5: 55e2520049dc6a62e8c94732e36cdd54) Arguments: /usr/bin/install -d -o man -g man -m 0755 /var/cache/man

systemd New Fork (PID: 5589, Parent: 1)

find (PID: 5589, Parent: 1, MD5: b68ef002f84cc54dd472238ba7df80ab) Arguments: /usr/bin/find /var/cache/man -type f -name *.gz -atime +6 -delete

systemd New Fork (PID: 5609, Parent: 1)

mandb (PID: 5609, Parent: 1, MD5: 1dda5ea0027ecf1c2db0f5a3de7e6941) Arguments: /usr/bin/mandb --quiet

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
5425.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5425.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x11dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5425.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x12344:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
5432.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5432.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x11dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5432.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x12344:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
5434.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5434.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x11dec:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e00:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e14:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e28:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e3c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e50:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e64:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e78:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11e8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ea0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11eb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ec8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11edc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ef0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5434.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x12344:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: boatnet.arm7.elf PID: 5425	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: boatnet.arm7.elf PID: 5425	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x113c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1150:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1164:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1178:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x118c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1204:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1218:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x122c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1240:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1254:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1268:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x127c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1290:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x12cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: boatnet.arm7.elf PID: 5425	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x15fa:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: boatnet.arm7.elf PID: 5432	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: boatnet.arm7.elf PID: 5432	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x3ac9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3add:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3af1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b05:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b19:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b2d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b41:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b55:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b69:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b7d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3b91:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3ba5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3bb9:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3bcd:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3be1:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3bf5:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c09:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c1d:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c31:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c45:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x3c59:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: boatnet.arm7.elf PID: 5432	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x3f87:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: boatnet.arm7.elf PID: 5434	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: boatnet.arm7.elf PID: 5434	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x119db:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x119ef:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11a03:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11a17:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11a2b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11a3f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11a53:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11a67:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11a7b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11a8f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11aa3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ab7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11acb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11adf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11af3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11b07:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11b1b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11b2f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11b43:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11b57:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11b6b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: boatnet.arm7.elf PID: 5434	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x11e99:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Click to see the 13 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: boatnet.arm7.elf

ReversingLabs: Detection: 55%

Source: global traffic

TCP traffic: 192.168.2.13:44050 -> 141.11.33.73:3778

Source: global traffic

TCP traffic: 192.168.2.13:48202 -> 185.125.190.26:443

Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 141.11.33.73
Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26
Source: unknown	TCP traffic detected without corresponding DNS query: 185.125.190.26

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

Source: boatnet.arm7.elf

String found in binary or memory: http://upx.sf.net

Source: unknown

Network traffic detected: HTTP traffic on port 48202 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: 5425.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5425.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5432.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5432.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5434.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5434.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: boatnet.arm7.elf PID: 5425, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: boatnet.arm7.elf PID: 5425, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: boatnet.arm7.elf PID: 5432, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: boatnet.arm7.elf PID: 5432, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: boatnet.arm7.elf PID: 5434, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: boatnet.arm7.elf PID: 5434, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3104, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3161, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3162, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3163, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3164, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3165, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3170, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3182, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3208, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3212, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5434, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5441, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5442, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5443, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5444, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5445, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5446, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5463, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5470, result: successful	Jump to behavior

Source: LOAD without section mappings

Program segment: 0x8000

Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3104, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3161, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3162, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3163, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3164, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3165, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3170, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3182, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3208, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 3212, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5434, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5441, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5442, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5443, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5444, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5445, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5446, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5463, result: successful	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	SIGKILL sent: pid: 5470, result: successful	Jump to behavior

Source: 5425.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5425.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5432.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5432.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5434.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5434.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: boatnet.arm7.elf PID: 5425, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: boatnet.arm7.elf PID: 5425, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: boatnet.arm7.elf PID: 5432, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: boatnet.arm7.elf PID: 5432, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: boatnet.arm7.elf PID: 5434, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: boatnet.arm7.elf PID: 5434, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16

Source: classification engine

Classification label: mal72.spre.troj.evad.linELF@0/51@2/0

Data Obfuscation

Sample is packed with UPX

Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample	String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5441)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /home/saturnino/.local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /home/saturnino/.fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/X11/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/cMap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/cmap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/opentype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/X11/Type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/X11/encodings/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/X11/misc/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/X11/util/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/opentype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/opentype/mathjax/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/opentype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/Gargi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/Nakula/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/Navilu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/Sarai/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/dejavu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/droid/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/freefont/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/kacst/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/lao/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/lato/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/liberation/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/liberation2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/openoffice/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/padauk/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/pagul/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/samyak/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/sinhala/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/tlwg/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/type1/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Directory: /usr/share/fonts/X11/encodings/large/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /home/saturnino/.local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /home/saturnino/.fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/X11/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/cMap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/cmap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/opentype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/X11/Type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/X11/encodings/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/X11/misc/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/X11/util/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/opentype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/opentype/mathjax/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/opentype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/Gargi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/Nakula/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/Navilu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/Sarai/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/dejavu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/droid/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/freefont/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/kacst/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/lao/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/lato/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/liberation/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/liberation2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/openoffice/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/padauk/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/pagul/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/samyak/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/sinhala/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/tlwg/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/type1/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Directory: /usr/share/fonts/X11/encodings/large/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /home/saturnino/.local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /home/saturnino/.fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/X11/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/cMap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/cmap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/opentype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/X11/Type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/X11/encodings/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/X11/misc/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/X11/util/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/opentype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/opentype/mathjax/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/opentype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/Gargi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/Nakula/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/Navilu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/Sarai/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/dejavu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/droid/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/freefont/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/kacst/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/lao/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/lato/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/liberation/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/liberation2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/openoffice/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/padauk/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/pagul/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/samyak/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/sinhala/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/tlwg/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/type1/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Directory: /usr/share/fonts/X11/encodings/large/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /home/saturnino/.local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /home/saturnino/.fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/X11/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/cMap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/cmap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/opentype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/X11/Type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/X11/encodings/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/X11/misc/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/X11/util/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/opentype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/opentype/mathjax/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/opentype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/Gargi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/Nakula/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/Navilu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/Sarai/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/dejavu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/droid/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/freefont/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/kacst/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/lao/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/lato/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/liberation/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/liberation2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/openoffice/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/padauk/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/pagul/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/samyak/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/sinhala/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/tlwg/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/type1/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /usr/share/fonts/X11/encodings/large/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /home/saturnino/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /home/saturnino/.local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /home/saturnino/.fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/X11/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/cMap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/cmap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/opentype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/X11/Type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/X11/encodings/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/X11/misc/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/X11/util/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/opentype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/opentype/mathjax/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/opentype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/Gargi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/Nakula/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/Navilu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/Sarai/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/dejavu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/droid/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/freefont/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/kacst/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/lao/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/lato/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/liberation/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/liberation2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/openoffice/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/padauk/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/pagul/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/samyak/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/sinhala/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/tlwg/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/type1/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Directory: /usr/share/fonts/X11/encodings/large/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5463)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5463)	Directory: /home/saturnino/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5463)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5463)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5470)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5470)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5470)	Directory: /home/saturnino/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5470)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/sbin/logrotate (PID: 5566)	Directory: //.	Jump to behavior
Source: /usr/bin/find (PID: 5589)	Directory: //.	Jump to behavior
Source: /usr/bin/mandb (PID: 5609)	Directory: /var/cache/man/.manpath	Jump to behavior

Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5268/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3122/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3117/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3114/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5413/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5414/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/914/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/518/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/519/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3756/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/917/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3134/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3375/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3132/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3095/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1745/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1866/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1588/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/884/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1982/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/765/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3246/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/767/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1906/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/802/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/803/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1748/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5441/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5442/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5443/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5444/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3420/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1482/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/490/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1480/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1755/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1238/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1875/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/2964/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3413/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1751/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1872/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/2961/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1475/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/656/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/778/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/657/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5434/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/658/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/659/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/418/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/936/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/419/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/816/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1879/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5570/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5572/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5573/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5574/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5576/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1891/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3310/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3153/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/780/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/660/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1921/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3704/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3705/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/783/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1765/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3706/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5609/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/2974/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3707/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1400/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1884/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3424/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/2972/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3147/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/2970/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1881/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3146/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3300/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5445/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5566/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5446/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5567/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5568/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1805/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5569/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1925/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1804/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1648/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/1922/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3429/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5580/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5581/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5582/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5463/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/5584/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3442/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3165/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3164/cmdline	Jump to behavior
Source: /tmp/boatnet.arm7.elf (PID: 5430)	File opened: /proc/3163/cmdline	Jump to behavior

Source: boatnet.arm7.elf

Submission file: segment LOAD with 7.9534 entropy (max. 8.0)

Source: /tmp/boatnet.arm7.elf (PID: 5425)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5441)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5442)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5443)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5444)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5445)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5446)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5470)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/find (PID: 5589)	Queries kernel information via 'uname':	Jump to behavior

Source: 5609.39.dr	Binary or memory string: -9915837702310A--gzvmware kernel module
Source: 5609.39.dr	Binary or memory string: -1116261022170A--gzQEMU User Emulator
Source: 5609.39.dr	Binary or memory string: qemu-or1k
Source: 5609.39.dr	Binary or memory string: qemu-riscv64
Source: 5609.39.dr	Binary or memory string: qemu-arm
Source: boatnet.arm7.elf, 5425.1.00007ffcc9053000.00007ffcc9074000.rw-.sdmp, boatnet.arm7.elf, 5432.1.00007ffcc9053000.00007ffcc9074000.rw-.sdmp, boatnet.arm7.elf, 5434.1.00007ffcc9053000.00007ffcc9074000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/boatnet.arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/boatnet.arm7.elf
Source: 5609.39.dr	Binary or memory string: (qemu
Source: 5609.39.dr	Binary or memory string: qemu-tilegx
Source: 5609.39.dr	Binary or memory string: qemu-hppa
Source: 5609.39.dr	Binary or memory string: q{rqemu%
Source: 5609.39.dr	Binary or memory string: )qemu
Source: 5609.39.dr	Binary or memory string: vmware-toolbox-cmd
Source: 5609.39.dr	Binary or memory string: qemu-ppc
Source: 5609.39.dr	Binary or memory string: Tqemu9
Source: 5609.39.dr	Binary or memory string: qemu-aarch64_be
Source: 5609.39.dr	Binary or memory string: 0qemu9
Source: 5609.39.dr	Binary or memory string: qemu-sparc64
Source: 5609.39.dr	Binary or memory string: qemu-mips64
Source: 5609.39.dr	Binary or memory string: vV:qemu9
Source: 5609.39.dr	Binary or memory string: <prezip-bin-1116269780060A--gzprefix zip delta word list compressor/decompressornameif-8815490444730A--gzname network interfaces based on MAC addressesxdg-user-dirs-update-1115483406210A--gzUpdate XDG user dir configurationip-link-8815816145190A--gznetwork device configurationhpsa-4415812813670A--gzHP Smart Array SCSI driverhd4-4415812813670A--gzMFM/IDE hard disk devicessane-canon630u-5516003468200A--gzSANE backend for the Canon 630u USB flatbed scannersg_copy_results-8815825816070A--gzsend SCSI RECEIVE COPY RESULTS command (XCOPY related)grub-macbless-8816214898500A--gzbless a mac file/directoryntfstruncate-8815568625640A-tgztruncate a file on an NTFS volumelessfile-1115936459130B--gz"input preprocessor" for less.sane-artec-5516003468200A--gzSANE backend for Artec flatbed scannersrmdir-1115676799200A--gzremove empty directoriessystemd-networkd-wait-online.service-8816268940210A--gzWait for network to come onlinemkfs.ntfs-8815568625640B-tgzcreate an NTFS file systemsg_inq-8815825816070A--gzissue SCSI INQUIRY command and/or decode its responseradattr.so-8815955079440Cpppd-radattr-gzc_rehash-1ssl116164130370B--gzCreate symbolic links to files named by the hash valuestc-htb-8815816145190A--gzHierarchy Token Bucketgvfs-open-1115868766090A--gzsg_rbuf-8815825816070A--gzreads data using SCSI READ BUFFER commandglib-compile-schemas-1116155671180A--gzGSettings schema compileropenssl-srp-1ssl116164130370B--gzmaintain SRP password fileopenssl-rehash-1ssl116164130370B--gzCreate symbolic links to files named by the hash valueslibvmtools-3315837702310A--gzvmware shared librarypasswd5-5515906478670A--gzthe password filenet::dbus::dumperNet::DBus::Dumper3pm315773746310A--gzStringify Net::DBus objects suitable for printingsane-hp4200-5516003468200A--gzSANE backend for Hewlett-Packard 4200 scannersposixoptions-7715812813670A--gzoptional parts of the POSIX standardnetworkmanager.confNetworkManager.conf5516002723180A--gzNetworkManager configuration fileownership-8815771238010A--gzCompaq ownership tag retrieveroakdecode-1115804162510A--gzDecode an OAKT printer stream into human readable form.gvfs-save-1115868766090A--gzmkfs.minix-8815953177680A--gzmake a Minix filesystemuri7-7715812813670A--gzuniform resource identifier (URI), including a URL or URNedit-1115714399500B--gzexecute programs via entries in the mailcap filegit-diff-files-1116148628880A--gzCompares files in the working tree and the index.ldaprc-5516136581350Cldap.conf-gzpactl-1116219586470A--gzControl a running PulseAudio sound servertempfile-1115756848240A--gzcreate a temporary file in a safe mannerhp-check-1115857238880A--gzDependency/Vers
Source: 5609.39.dr	Binary or memory string: qemu-ppc64le
Source: 5609.39.dr	Binary or memory string: <glib::param::uint64Glib::Param::UInt643pm315820097650A--gzWrapper for uint64 parameters in GLibx86_64-linux-gnu-ld.gold-1116112426130B--gzThe GNU ELF linkerprinter-profile-1115804162510A--gzProfile using X-Rite ColorMunki and Argyll CMSwhoami-1115676799200A--gzprint effective useridgrub-fstest-1116214898500A--gzdebug tool for GRUB filesystem driversxdg-user-dir-1115483406210A--gzFind an XDG user dirkmodsign-1115569251480A--gzKernel module signing toolsensible-editor-1115739932820A--gzsensible editing, paging, and web browsingminesMines6615854478170Cgnome-mines-gzinputattach-1115708189280A--gzattach a serial line to an input-layer devicegapplication-1116155671180A--gzD-Bus application launcherip-tunnel-8815816145190A--gztunnel configurationkoi8rxterm-1116140167530A--gzX terminal emulator for KOI8-R environmentsfoo2hiperc-wrapper-1115804162510A-tgzConvert Postscript into a HIPERC printer streamcryptsetup-reencrypt-8816002888050A--gztool for offline LUKS device re-encryptionsyndaemon-1115861716810A--gza program that monitors keyboard activity and disables the touchpad when the keyboard is being used.gslj-1115980290200B--gzFormat and print text for LaserJet printer using ghostscriptfile2brl-1115757179490A--gzTranslate an xml or a text file into an embosser-ready braille filexfdesktop-settings-1115793419820A--gzDesktop settings for Xfceua-1115856013570B--gzManage Ubuntu Advantage services from Canonicallatin4-7715812813670B--gzISO 8859-4 character set encoded in octal, decimal, and hexadecimalsane-genesys-5516003468200A--gzSANE backend for GL646, GL841, GL843, GL847 and GL124 based USB flatbed scannerspdftohtml-1115853266670A--gzprogram to convert PDF files into HTML, XML and PNG imagesbluetooth-sendto-1116015653360A--gzGTK application for transferring files over Bluetoothqemu-ppc64-1116261022170B--gzQEMU User Emulatorcache_metadata_size-8815811608350A--gzEstimate the size of the metadata device needed for a given configuration.net::dbus::exporterNet::DBus::Exporter3pm315773746310A--gzExport object methods and signals to the bussane-pint-5516003468200A--gzSANE backend for scanners that use the PINT device driverbpf-helpers7-7715812813670A--gzlist of eBPF helper functionsfull-4415812813670A--gzalways full devicelogin-1115906478670A--gzbegin session on the systemcups-snmp-8815877390340A--gzcups snmp backend (deprecated)ordchr-3am315728089600A--gzconvert characters to strings and vice versasosreport-1116092694050A--gzCollect and package diagnostic and support datatop-1115827827270A--gzdisplay Linux processesuri::_punycodeURI::_punycode3pm315811897880A--gzencodes Unicode string in Punycodettytty4tty1systemd-localed-881626894021
Source: 5609.39.dr	Binary or memory string: vmware
Source: 5609.39.dr	Binary or memory string: qemu-cris
Source: 5609.39.dr	Binary or memory string: libvmtools
Source: 5609.39.dr	Binary or memory string: qemu-m68k
Source: 5609.39.dr	Binary or memory string: qemu-xtensa
Source: 5609.39.dr	Binary or memory string: 9qemu
Source: 5609.39.dr	Binary or memory string: qemu-sh4
Source: 5609.39.dr	Binary or memory string: Vqemu m
Source: boatnet.arm7.elf, 5425.1.00005608dbcb2000.00005608dbe80000.rw-.sdmp, boatnet.arm7.elf, 5432.1.00005608dbcb2000.00005608dbe80000.rw-.sdmp, boatnet.arm7.elf, 5434.1.00005608dbcb2000.00005608dbe80000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: 5609.39.dr	Binary or memory string: .qemu{
Source: 5609.39.dr	Binary or memory string: qemu-ppc64abi32
Source: 5609.39.dr	Binary or memory string: qemu-ppc64
Source: 5609.39.dr	Binary or memory string: qemu-i386
Source: 5609.39.dr	Binary or memory string: qemu-x86_64
Source: 5609.39.dr	Binary or memory string: H~6\nqemu*q
Source: 5609.39.dr	Binary or memory string: @qemu
Source: 5609.39.dr	Binary or memory string: Fqqemu
Source: 5609.39.dr	Binary or memory string: N4qemu
Source: 5609.39.dr	Binary or memory string: ~6\nqemu*q
Source: 5609.39.dr	Binary or memory string: qemu-mips64el
Source: 5609.39.dr	Binary or memory string: &mqemu
Source: 5609.39.dr	Binary or memory string: $qemu
Source: 5609.39.dr	Binary or memory string: qemu-sparc
Source: 5609.39.dr	Binary or memory string: {cqemujC
Source: 5609.39.dr	Binary or memory string: qemu-microblaze
Source: 5609.39.dr	Binary or memory string: qemu-user
Source: 5609.39.dr	Binary or memory string: qemu-aarch64
Source: 5609.39.dr	Binary or memory string: qemu-sh4eb
Source: 5609.39.dr	Binary or memory string: iqemu
Source: 5609.39.dr	Binary or memory string: qemu-mipsel
Source: 5609.39.dr	Binary or memory string: qemuP`
Source: 5609.39.dr	Binary or memory string: hqemu)
Source: 5609.39.dr	Binary or memory string: qemu-alpha
Source: 5609.39.dr	Binary or memory string: qemu-microblazeel
Source: 5609.39.dr	Binary or memory string: \qemu
Source: 5609.39.dr	Binary or memory string: qemu-xtensaeb
Source: 5609.39.dr	Binary or memory string: qemu-mipsn32el
Source: 5609.39.dr	Binary or memory string: SAqemu
Source: 5609.39.dr	Binary or memory string: qemu-mipsn32
Source: 5609.39.dr	Binary or memory string: qemuAU
Source: 5609.39.dr	Binary or memory string: qemu-riscv32
Source: 5609.39.dr	Binary or memory string: qemu-sparc32plus
Source: 5609.39.dr	Binary or memory string: 7,qemu
Source: 5609.39.dr	Binary or memory string: qemu-s390x
Source: 5609.39.dr	Binary or memory string: vmware-checkvm
Source: 5609.39.dr	Binary or memory string: qemu-nios2
Source: 5609.39.dr	Binary or memory string: qemu-armeb
Source: 5609.39.dr	Binary or memory string: -4415868968400A--gzVMware SVGA video driver
Source: 5609.39.dr	Binary or memory string: 7xml::parser::style::streamXML::Parser::Style::Stream3pm315701248990A--gzStream style for XML::Parsersystemd-timedated-8816268940210B--gzTime and date bus mechanismxfce4-keyboard-settings-1115867081120A--gzKeyboard settings for Xfcepygettext2-1115841026830B--gzPython equivalent of xgettext(1)sudoedit-8816110660620B--gzexecute a command as another userintro7-7715812813670A--gzintroduction to overview and miscellany sectionsprof-1115812813670A--gzread and display shared object profiling datadhclient.conf-5516219398220A--gzDHCP client configuration filepam_group-8815953742440A--gzPAM module for group accesssystemd-ask-password-1116268940210A--gzQuery the user for a system passwordupdate-dictcommon-hunspell-8815422954860A--gzrebuild hunspell database and emacsen stuffqemu-nios2-1116261022170B--gzQEMU User Emulatorlwp::useragentLWP::UserAgent3pm315750405830A--gzWeb user agent classgpgcompose-1115838662460A--gzGenerate a stream of OpenPGP packetsecho-1115676799200A--gzdisplay a line of textio::socket::ssl::utilsIO::Socket::SSL::Utils3pm315817106800A--gz- loading, storing, creating certificates and keyscurl-1116268709580A--gztransfer a URLgetcap-8815819434600A--gzexamine file capabilitieszegrep-1115762517060B--gzsearch possibly compressed files for a regular expressiongrub-syslinux2cfg-1116214898500A--gztransform syslinux config into grub.cfgrtc-4415812813670A--gzreal-time clockglib::codegenGlib::CodeGen3pm315820097650A--gzcode generation utilities for Glib-based bindings.wpa_cli-8816146062790A--gzWPA command line clientiso_8859_3-7715812813670B--gzISO 8859-3 character set encoded in octal, decimal, and hexadecimaliso_8859-9-7715812813670A-tgzISO 8859-9 character set encoded in octal, decimal, and hexadecimallvextend-8815816289110A--gzAdd space to a logical volumeresolvectl-1116268940210A--gzResolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services; introspect and reconfigure the DNS resolverchgrp-1115676799200A--gzchange group ownershipsystemd-cgls-1116268940210A--gzRecursively show control group contentspygettext3.8-1113852085880A--gzPython equivalent of xgettext(1)ping4-8815804258830B--gzsend ICMP ECHO_REQUEST to network hostsidmapwb-8816000845410A--gzwinbind ID mapping plugin for cifs-utilsapturl-gtk-8815799493830B--gzgraphical apt-protocol interpreting package installersane-epsonds-5516003468200A--gzSANE backend for EPSON ESC/I-2 scannersgvfs-monitor-file-1115868766090A--gzrstart-1115829564830A--gza sample implementation of a Remote Start clientgit-stage-1116148628880A--gzAdd file contents to the staging areatc-pedit-8815816145190A--gzgeneric packet editor actioniptables-save-881582899
Source: 5609.39.dr	Binary or memory string: I_qemu
Source: boatnet.arm7.elf, 5425.1.00007ffcc9053000.00007ffcc9074000.rw-.sdmp, boatnet.arm7.elf, 5432.1.00007ffcc9053000.00007ffcc9074000.rw-.sdmp, boatnet.arm7.elf, 5434.1.00007ffcc9053000.00007ffcc9074000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: boatnet.arm7.elf, 5425.1.00005608dbcb2000.00005608dbe80000.rw-.sdmp, boatnet.arm7.elf, 5432.1.00005608dbcb2000.00005608dbe80000.rw-.sdmp, boatnet.arm7.elf, 5434.1.00005608dbcb2000.00005608dbe80000.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/arm
Source: 5609.39.dr	Binary or memory string: -1116261022170B--gzQEMU User Emulator
Source: 5609.39.dr	Binary or memory string: -3315837702310A--gzvmware shared library
Source: 5609.39.dr	Binary or memory string: qemu-mips
Source: 5609.39.dr	Binary or memory string: qemuj\
Source: 5609.39.dr	Binary or memory string: {qemuQ&
Source: 5609.39.dr	Binary or memory string: Wgnome-text-editor-111629209547491759146B--gztext editor for the GNOME Desktopx11::protocol::connection::filehandleX11::Protocol::Connection::FileHandle3pm314314075500A--gzPerl module base class for FileHandle-based X11 connectionshtbHTB8815816145190Ctc-htb-gzcifscreds-1116000845410A--gzmanage NTLM credentials in kernel keyringiwconfig-8815490049440A--gzconfigure a wireless network interfaceossl_store-file-7ssl716164130370A--gzThe store 'file' scheme loadertc-stab-8815816145190A--gzGeneric size table manipulationsnotifier-7715877390340A--gzcups notification interfaceqemu-arm-1116261022170B--gzQEMU User EmulatorgemfileGemfile5516263767190Cgemfile2.7-gzglib::object::subclassGlib::Object::Subclass3pm315820097650A--gzregister a perl class as a GObject classnetcat-111612200165426646725B--gzarbitrary TCP and UDP connections and listensdpkg::changelog::parseDpkg::Changelog::Parse3perl315849439740A--gzgeneric changelog parser for dpkg-parsechangelogmpris-proxy-1116243432320A--gzBluetooth mpris-proxybundle-pristine2.7-1116263767190A--gzRestores installed gems to their pristine conditionfsck.ext3-8815816604980B--gzcheck a Linux ext2/ext3/ext4 file systemvolname-1115625752510A--gzreturn volume nameiso-8859-9-7715812813670B--gzISO 8859-9 character set encoded in octal, decimal, and hexadecimalheadhead1HEAD1psd-4415812813670A--gzdriver for SCSI disk driveschrt-1115953177680A--gzmanipulate the real-time attributes of a processvcs-4415812813670A--gzvirtual console memorygit-upload-archive-1116148628880A--gzSend archive back to git-archivenet::dbus::binding::message::errorNet::DBus::Binding::Message::Error3pm315773746310A--gza message encoding a method call errorpkcs11.conf-5516097870510A--gzConfiguration files for PKCS#11 modulessfill-1115227593860A--gzsecure free disk and inode space wiper (secure_deletion toolkit)ldattach-8815953177680A--gzattach a line discipline to a serial linethin_restore-8815811608350A--gzrestore thin provisioning metadata file to device or file.phar.phar7.4-1116254980150B--gzPHAR (PHP archive) command line toolbundle-outdated2.7-1116263767190A--gzList installed gems with newer versions availablemail::addressMail::Address3pm315640244160A--gzparse mail addressesopenssl-ca-1ssl116164130370B--gzsample minimal CA applicationchardet3-1115765858900A--gzuniversal character encoding detectorerb2.7-1116263767190A--gzRuby Templatingchktrust-1115826667350A--gzCheck the trust of a PE executable.sg_raw-8815825816070A--gzsend arbitrary SCSI command to a devicegvfs-trash-1115868766090A--gzintro1-1115812813670A--gzintroduction to user commandsmailcap-5515714399500A--gzmetamail capabilities filegigoloGigolo1gig
Source: 5609.39.dr	Binary or memory string: vmware-xferlogs

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: 5425.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5432.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5434.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: boatnet.arm7.elf PID: 5425, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: boatnet.arm7.elf PID: 5432, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: boatnet.arm7.elf PID: 5434, type: MEMORYSTR

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: 5425.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5432.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5434.1.00007f57dc017000.00007f57dc02b000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: boatnet.arm7.elf PID: 5425, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: boatnet.arm7.elf PID: 5432, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: boatnet.arm7.elf PID: 5434, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Hidden Files and Directories	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	11 Obfuscated Files or Information	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
boatnet.arm7.elf	55%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.24	true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	boatnet.arm7.elf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
141.11.33.73	unknown	United Kingdom		553	BELWUEBelWue-KoordinationEU	false
185.125.190.26	unknown	United Kingdom		41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
141.11.33.73	141.11.33.73-boatnet.arm-2025-01-03T05_39_17.elf	Get hash	malicious	Mirai	Browse
185.125.190.26	wind.sh4.elf	Get hash	malicious	Mirai	Browse
	wind.arc.elf	Get hash	malicious	Mirai	Browse
	DEMONS.arm5.elf	Get hash	malicious	Unknown	Browse
	DEMONS.arm7.elf	Get hash	malicious	Mirai	Browse
	powerpc.elf	Get hash	malicious	Unknown	Browse
	gnjqwpc.elf	Get hash	malicious	Mirai	Browse
	bot.arm5.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse
	earm5.elf	Get hash	malicious	Unknown	Browse
	earm7.elf	Get hash	malicious	Unknown	Browse
	arm.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	X86_64.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	4.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	wind.sh4.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	Aqua.arm7.elf	Get hash	malicious	Mirai	Browse	162.213.35.25
	Aqua.mips.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	Aqua.mpsl.elf	Get hash	malicious	Unknown	Browse	162.213.35.25
	file-64bit.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	DEMONS.ppc.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	DEMONS.arm6.elf	Get hash	malicious	Unknown	Browse	162.213.35.24
	DEMONS.mpsl.elf	Get hash	malicious	Unknown	Browse	162.213.35.24

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
BELWUEBelWue-KoordinationEU	141.11.33.73-boatnet.arm-2025-01-03T05_39_17.elf	Get hash	malicious	Mirai	Browse	141.11.33.73
	Hilix.mips.elf	Get hash	malicious	Mirai	Browse	134.155.120.154
	armv5l.elf	Get hash	malicious	Unknown	Browse	141.79.218.248
	kwari.arm.elf	Get hash	malicious	Unknown	Browse	134.34.202.108
	kwari.arm7.elf	Get hash	malicious	Mirai	Browse	134.155.120.139
	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	141.79.120.12
	loligang.mips.elf	Get hash	malicious	Mirai	Browse	141.59.77.71
	armv5l.elf	Get hash	malicious	Mirai	Browse	134.63.70.100
	nabarm7.elf	Get hash	malicious	Unknown	Browse	141.18.101.35
	jklmpsl.elf	Get hash	malicious	Unknown	Browse	141.58.242.199
CANONICAL-ASGB	arm5.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	141.11.33.73-boatnet.arm-2025-01-03T05_39_17.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	arm5.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	i.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	mpsl.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	ARMV6L.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	MIPS.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	arm5.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	mips.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	MIPSEL.elf	Get hash	malicious	Unknown	Browse	91.189.91.42

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/var/cache/man/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	622592
Entropy (8bit):	4.657827884365303
Encrypted:	false
SSDEEP:	6144:2v7lWAmFtL5N80nuvUpC076nKM/H9pPoARzzMRfPE6CwwNZ:ExWAmHBCGaDb+8w
MD5:	FB18C3CA88FA7799736523B80D7D75C2
SHA1:	AF7E8F1A8C17E6439087AE7FDF1E4B1E6A1B6CF5
SHA-256:	7D453A1D99527A10F0626890893537BBCB800E0B6314B6BBA3363DFD8141F6D8
SHA-512:	141B4A676B06CCA2D8421ACD3FD3B9C64E4C0875E04B3347AC62020B4AD8E9D3845039BBAF8F4069803A3E21BA2BC2EFAD296DCF68E7915559A2C5781F39C7E1
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.W.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/cs/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	1.6070136442091312
Encrypted:	false
SSDEEP:	48:bhVGQeUzGLIsWUMZJ5CggJHtheYdiKNHTlJ8NK:bhVGaGLIWMZXZgxeYtzll
MD5:	D0CA2EBA9E7A17D4680AA9DDC5F88946
SHA1:	270F443EFF85209052AE8FFA86660AFB0FAAD39B
SHA-256:	9504DC65F8B4E057D0939FA3B2C640FC703D0290EE19381836BAA5EB3EFBADBD
SHA-512:	9F999B0467E396E78A91F0BFE56E191DB9D9AFA6DC47858F3427CB44A39D5A13A206542A471CE15C8851674A234B9A7A49AAB7E6D5AF8D080BBC99C2BA3C56D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/cs/index.db.ANlazk

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Reputation:	high, very likely benign file
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/da/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	2.24195239843379
Encrypted:	false
SSDEEP:	96:bhHY2DzMnpU0QMiloesQdUTn3WVE0UnknJfsWdv0SBpEVvsb6eZeGfRL+:dYKM+oagn3WW5nkniWdv0SAVE6eZee6
MD5:	4DF08004EE4C5384C02376841F2B50BC
SHA1:	C02E58212CA012913390B4C1CCD64DD3353009EE
SHA-256:	F4D6A62A734E2844B99F3AD0EB480373AFBE56B29C0CFC9C70D9DFDF19D95C02
SHA-512:	6146001CA7028F58595235F244AE8FC4ECAEA3E95C83276514FC704E91B7596678E74CDE9963D680F2493F9C04AFDEBC4DB5094E2AB7C1A949E9378307AE0116
Malicious:	false
Reputation:	high, very likely benign file
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/da/index.db.Lztk8j

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Reputation:	high, very likely benign file
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/de/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	4.162750646611179
Encrypted:	false
SSDEEP:	768:hKTynsA3KVtOOcm2MrTJDEmf5RUOrDVDhtq5:QTyncXT+grrV/q
MD5:	7CC72B999A5950FF9578FA1AC80FB4A7
SHA1:	3DB041A4F183D46E35B4BDDEAC7B0260210172DB
SHA-256:	F3ECDFAAEE9B8A7828E429E918F7ED56780844CA65F5F51C3EC0B0BF2CC4711E
SHA-512:	412BFD41DD09C51202E770AC1A723BE5667683B942CC109C825027AB89599AD42110ECE9D6D6B5072EC0F53E24719A22AEE42E0380934EDC5F660B4F8423D7C1
Malicious:	false
Preview:	.W.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/de/index.db.28ZzCl

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	0.20558603354177746
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	55880A8B73FD160B73198E09A21C83DB
SHA1:	5EB780702D2501747AF46F7525EF5C635EC5E64C
SHA-256:	66BD4C98AF40E2E208AC102ACD0F555A6C118E7258D91B833BE1D53EBFFB7BBB
SHA-512:	388924B8CAE80CCA6CA8E5109D0239A963A66CC0454450223EC7FB2A188F6F05E49632E535DC06E49DF6D007B221AA6B3D5F23C80203BCC861FF95EFA10AC1F9
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/es/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.469989054365123
Encrypted:	false
SSDEEP:	96:bh8fr5fT5pYUBUtKGGTaZ1n3zbHGc2WjAXGBCgfd6Dgzs30z8ztvpWFoDXst4:qD5w6xT6n3zbNBSw/fd6Oz8ztQiDXo
MD5:	25F69E721343453F17D650B66F6725FD
SHA1:	E412A004F93F579547210D0D0113ABB70CAE29E1
SHA-256:	A2392B2B025C45E6C136BBC6AA16ADB8A5260A7BC1E4B21366F32EC255D5C0B5
SHA-512:	C8BF7E610B758A9C19F792B630A972213FF6525E82A477521D5702869856C3A504EA591BDE8F50CDF2C3C9BDC356631F326B3923333B186F855114A1A124FAEE
Malicious:	false
Preview:	.W..............................P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/es/index.db.iVLtVj

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.3847690842836057
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	F0B902DEA5EF122A0B1F0F496DDC781B
SHA1:	90176D320A9C3601787D53CC346DC743367D53F1
SHA-256:	CFD64D42263C5D323AF423FC09CDB5DDB2F914114B87BAB6566EAB1020F15DE0
SHA-512:	3A5BC0E51D53A12E65441FB98E1201DC434C42DB389CFCA4C96FF65C2413CF9B06B29CC39A48BD3FDC61F4896396813E54B9C2CE404EF35AC33B35377E718874
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/fi/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.5882948808594274
Encrypted:	false
SSDEEP:	12:Ey20yaajjjjjjjjjjjjjjjjjjjjjjjjjjGjjjjjjjjjjjjjjjjjjjjjjjjjjjjjp:bhjz+9Ab
MD5:	09F6ED1A60B8A4203EA97CF5926C6AFF
SHA1:	C28F4E393D55AD057E3C7608741904B796F67076
SHA-256:	56664D61D0BB8BF34CCA28C73CB314CB73EA1C4FAC64D2208B43F63C009FC855
SHA-512:	476EAE37D827C8BB322213799AB52DBE8FA43274DB3447BC5FEDFED64ECCEAF2C11DA375FDA09B37977D03CA1910E22443B22A3EEA875CE6F3BC698F8ADCC0E2
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/fi/index.db.N0yT4l

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/fr.ISO8859-1/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.9312184489410064
Encrypted:	false
SSDEEP:	12:Ey20yIpyjjjjjjjjjjjjjjjjjjjjjjjjXjjjjjjjjjjjjjjjjjjjjjjjjjjjjGz7:bhbpFi043WmkN2GmGufUeDDx+yxrq3
MD5:	43ADE2E40B8B5A0DFA0A155FC9A02F7F
SHA1:	3D04BDFFD0E2A8433150C87D334014099336A5C5
SHA-256:	81E48EE4653A5E6F25C33133F24F045EB1EB2CC6724ECE0C5336612AB711273E
SHA-512:	C9C5C436A0E986A39CE3FA1CAF15A92D509F4450744BAE0283204B58CDD6FE9B8EEB8D3E2CAFB4B1ACB46729317FFAEFE86B0DD2D60472CAB30B204CC2003B03
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/fr.ISO8859-1/index.db.XvwF9k

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/fr.UTF-8/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.9312184489410064
Encrypted:	false
SSDEEP:	12:Ey20yIpyjjjjjjjjjjjjjjjjjjjjjjjjXjjjjjjjjjjjjjjjjjjjjjjjjjjjjGz7:bhbpFi043WmkN2GmGufUeDDx+yxrq3
MD5:	43ADE2E40B8B5A0DFA0A155FC9A02F7F
SHA1:	3D04BDFFD0E2A8433150C87D334014099336A5C5
SHA-256:	81E48EE4653A5E6F25C33133F24F045EB1EB2CC6724ECE0C5336612AB711273E
SHA-512:	C9C5C436A0E986A39CE3FA1CAF15A92D509F4450744BAE0283204B58CDD6FE9B8EEB8D3E2CAFB4B1ACB46729317FFAEFE86B0DD2D60472CAB30B204CC2003B03
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/fr.UTF-8/index.db.QjNIhj

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/fr/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	3.8429636529639932
Encrypted:	false
SSDEEP:	768:A4VX6Bd+dla5HmdT8qHl87BaIPay4uz8Hks2HnDNO:A4ROd+dStM83Pav2H5
MD5:	2EF0EADF15C17B789FAEDE7D1CE03252
SHA1:	D96900C23240E994D83DC42C2EC0E3144748409D
SHA-256:	1C46FCF95C64E2E609931E7B4CA011F79D642C4F201701B207FD81480F24E6A2
SHA-512:	1CB6CA818126AD52B27DDF5D11BE98FB706B8C8EA7C56ACBE7F228A7C428167DB91A3DA613ABE018428C19A5BF259C76C4473A90F3A02700BB238BE2F38DADD8
Malicious:	false
Preview:	.W.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/fr/index.db.OBxOoi

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.22208993462959856
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	425CB57CD9B42556C8089FE7A7A3E495
SHA1:	4F33F9A9897218FDED958FD8F8D7AF7CD8BC48F3
SHA-256:	85E01EFF2AC0C83C827E118D5CE2CD1E1A19E059688B6E0D09CB3CC131F065D3
SHA-512:	8C7D4DACF5C5C5C4B78775048427AF99ED8057590AA3A69FD5B3F875B6DDD249A6DB0AF3A51BB96A7F629D1017B272317583A8DFF89FB3968FFE2F246F040F33
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/hu/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.9419610786280751
Encrypted:	false
SSDEEP:	24:bh04IR9rYz9kvNQFl46MdnqfPE9eTuF0Ce:bhXIHakVQmnqXqeT/Ce
MD5:	18F02B57872A97DE1E82FF5348A5AF1B
SHA1:	52F332343B120B1C950AC02B3C923556C70DC62A
SHA-256:	5C605DE68B3E05754698485F73413F4052AEA8C3AAE6012AC6416B3B6B056DF7
SHA-512:	E33A8412F52D26BDE55E4D72E0D9D09EB777F4B882F5BB1C4625AB392EE321D6ACD8795001BF50CCDACFAC131A1263B1398F208799F753554C43349136EB8BEC
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/hu/index.db.sVn1zl

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/id/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	1.309811236154278
Encrypted:	false
SSDEEP:	48:bhESUeDVrWTVd5ekRv/KSmGWqR0VouC4btU8IzTC74ExJKGtII:bhEVeBqTVdAcn3Iowl4UBtx
MD5:	3AFDA1B0F729816929FF7A6628D776D5
SHA1:	5982940A5782F11AEB5BF859C055DE3FEFBDF5DB
SHA-256:	77809D5F38F6D96A2E8BA9BE0DFBB16C10B6B1FF7D2BA1DD5FB9437F73C47E7F
SHA-512:	6D4CE03475C68EDC0AE928E7F65BB8C06198721146A1266F55455AF3D5E24F44A569E007C0DC44BC7745C1573DBC7F02B8C4094F9BD97FAF6A0B5894BE0E07E5
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/id/index.db.QhR92k

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/index.db.cBQZ2k

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	622592
Entropy (8bit):	0.022159377425242585
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	2E442DBA85DEDFDCB07090FDF9DE90D0
SHA1:	02658086E93854D13D82B1F0D80F4B78D26DCA51
SHA-256:	62406BFE7657964E490DE65A0007F7C1D59B62B2B9AD35BA55BA219673378848
SHA-512:	FDBBA0DEF310CF7DBF448CFB6E5C9CDCEFBF6A0CAEB26CA3AFA91A388FBA10A9E77BCC27CA9B0AEA2A7B67F964849E147FB44862C7394C2C7CDCB572C06FCB05
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/it/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	3.3621193886235408
Encrypted:	false
SSDEEP:	384:Jtp0q5d98n3SaMfhtxfmbMy+HseeNwoMbHf:JDd9QSBf
MD5:	B228DE097081AF360D337CF8C8FF2C6F
SHA1:	7DD2C4640925B225F98014566F73C35F4E960940
SHA-256:	1056CECADA78542B173EE469C9BEAF61F81298EBBD21B54EA6EE449028E18B3F
SHA-512:	F61D7F9040E452C4B1B77F3657BE4252475C3BF23D78EED903A5E55FA97BA0571BA3AD90DBA7F77C334DF5B721F909B12720515034421A4AAB0450D1D43B32E4
Malicious:	false
Preview:	.W..............................P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/it/index.db.zI3nEl

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.3847690842836057
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	F0B902DEA5EF122A0B1F0F496DDC781B
SHA1:	90176D320A9C3601787D53CC346DC743367D53F1
SHA-256:	CFD64D42263C5D323AF423FC09CDB5DDB2F914114B87BAB6566EAB1020F15DE0
SHA-512:	3A5BC0E51D53A12E65441FB98E1201DC434C42DB389CFCA4C96FF65C2413CF9B06B29CC39A48BD3FDC61F4896396813E54B9C2CE404EF35AC33B35377E718874
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/ja/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	3.667488020062395
Encrypted:	false
SSDEEP:	192:CF4pPRfAgFn35FF1veUMjGiEGBuPhiB0PUKwA+U:5PRfAgFn35MSeAPUjN
MD5:	D3CD7D67F8155491493BB7235FB9AA57
SHA1:	5A7AE62A7AFE50EFCCED06CBD56AE2A0A284EFF3
SHA-256:	6958349ECA637F99AABC419B5E402CFB50BC5B8867F31BCB67F064F47A209929
SHA-512:	1168BF697CDE563F7D82A71EAE1CD496EA81D178B26F87EAAF2EDEED13274B1E3500CE1C981647717598495EBE1FF8F8AC54AD33547506E566C925D7002F5CFF
Malicious:	false
Preview:	.W..............................P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/ja/index.db.0VyAsl

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.3847690842836057
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	F0B902DEA5EF122A0B1F0F496DDC781B
SHA1:	90176D320A9C3601787D53CC346DC743367D53F1
SHA-256:	CFD64D42263C5D323AF423FC09CDB5DDB2F914114B87BAB6566EAB1020F15DE0
SHA-512:	3A5BC0E51D53A12E65441FB98E1201DC434C42DB389CFCA4C96FF65C2413CF9B06B29CC39A48BD3FDC61F4896396813E54B9C2CE404EF35AC33B35377E718874
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/ko/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.7847786157292606
Encrypted:	false
SSDEEP:	12:Ey20yYn0jjjjjjjjjjjjjjjjjjjjjjjjjjGjjjjjjjjjjjjjjjjjjjjjjjjjmjj7:bhXYznMk31RFe6f
MD5:	FBA25855E1C99D8F87E8AC13E2E2ECB1
SHA1:	D99351AC40D6CC4C9BE54E0E018C44A9A88983D7
SHA-256:	C0E18ED1CEFF427FD4D57D1B79CE1AF7320AC8453BAF8A0349C08267464C4D71
SHA-512:	0969DF6506E083A4995A18518BC3C4472157E7790EEC26C08221B0FC6DE9C7DA0ADB11CF92C56BC35B89BC60447F3D991F935E352552B58FB9BD1D4B2579FBB0
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/ko/index.db.wHwBbm

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/nl/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	2.554204221242331
Encrypted:	false
SSDEEP:	192:H8Y5a2oquB2aCYn3lvu3whjXVobdbs7dq1KJGbtf0Hoa:hoquYaCYn3Q8jXqbdbs7dGbKHoa
MD5:	27FED1CA8EB0101C459D9A617C833293
SHA1:	503B2A3E33FE79FF2CD58F831ED33DB358849BEA
SHA-256:	C3033C4F7CF0D6108611EF5A62CA893F98EE6463DDCFF7100D3BAFDEB0036D9E
SHA-512:	7BD630F5E0C5A91C34D2E48D0053923C9F2F5BAA07D21FDA79E60F3AFDF759E594E6639562C1F3EE68DD080D417009DC3AFB7DA534E3B8C29FF7B10438C3FD4E
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/nl/index.db.Pg0Mji

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/pl/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.880948418505059
Encrypted:	false
SSDEEP:	192:7Sf8026LXqn3ZTV6pXAmA44BRqvc3X3GVAjvAk/AvdWjWftxA:E802uXqn3/6pxARqr8kdWjW1
MD5:	37CEBCD3F5BF6322785FFF568EE33131
SHA1:	201298C827C77C60CD314BF721DC4C27EF95BD64
SHA-256:	012C5597C5DD8654EB14432AFCEFD9B131F2CE75AD21488991A5A688929AAEA6
SHA-512:	CCC8A8CCF4ACA332CAF610155DE9E7C4A12D1C45C98D20766B86098A3D2EF332189F159E3956944CD302DF652FE7A6F0D07CA39CBE7DF4A655D3211452487582
Malicious:	false
Preview:	.W..............................P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/pl/index.db.rEkhwl

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.3847690842836057
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	F0B902DEA5EF122A0B1F0F496DDC781B
SHA1:	90176D320A9C3601787D53CC346DC743367D53F1
SHA-256:	CFD64D42263C5D323AF423FC09CDB5DDB2F914114B87BAB6566EAB1020F15DE0
SHA-512:	3A5BC0E51D53A12E65441FB98E1201DC434C42DB389CFCA4C96FF65C2413CF9B06B29CC39A48BD3FDC61F4896396813E54B9C2CE404EF35AC33B35377E718874
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/pt/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.413200731126695
Encrypted:	false
SSDEEP:	192:KqFPMGn35+0+eo8TAnBW4VppKP8qtRuI:xPHn35+peo8T8V/fq6I
MD5:	10C8D94B4EB46E7CF59FDBBDB64C3E44
SHA1:	09A0C09834B1D84F5E24E7602182A5B90BB0F9B6
SHA-256:	F08266CEE0E60565B4F81D2D3D276B47FAF27A774278694F2E83F440016689CD
SHA-512:	7E8673703CB8BC9DEBEC1ACC297898BC0690704FC5613FAECF4AA2946E46556703952E11CC90DC2A8133A84628FD5674349B6911111A69AFE65618CE8F7FA5C8
Malicious:	false
Preview:	.W..............................P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/pt/index.db.la5aYi

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.3847690842836057
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	F0B902DEA5EF122A0B1F0F496DDC781B
SHA1:	90176D320A9C3601787D53CC346DC743367D53F1
SHA-256:	CFD64D42263C5D323AF423FC09CDB5DDB2F914114B87BAB6566EAB1020F15DE0
SHA-512:	3A5BC0E51D53A12E65441FB98E1201DC434C42DB389CFCA4C96FF65C2413CF9B06B29CC39A48BD3FDC61F4896396813E54B9C2CE404EF35AC33B35377E718874
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/pt_BR/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	1.7510008687365202
Encrypted:	false
SSDEEP:	48:bhX6G+IwvnUZe4Gv/KSmGROqAQAuSe0dDOfInYbmucrm3QEAvJBFIz:bhq5bnUY4Gn3P+/Z1tvJDQ
MD5:	A11F5E85A2A07AF84255570AE29318FB
SHA1:	D06BF25E5FD4A17BCF7C5BD77ACD747F0FE181E8
SHA-256:	8FFA8BC408B254217275A622D054853CB72B08409A11AA49C4C664C0DABFB62F
SHA-512:	059F3CBC93750B68942D88EDD4AD2531B2291CEC421EB903280B9105010D1C8AD70F9F3CFA1B1A50D5110DCBFDB807A6E7A3F9EBC9A48AC8C3A49DEC4B6B3899
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/pt_BR/index.db.xhnmll

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/ru/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	3.440634655325007
Encrypted:	false
SSDEEP:	384:SpjHrhEon3PRekEF3PS6y13Vi6w5TlmmcOB:Q3hNEk23MuxrB
MD5:	DF5C1114538C5D8EA1EE929FFAC24E3C
SHA1:	B6331AF77566B63EA8204BE85F5DC99FAF51479E
SHA-256:	F238C75DAD82E10AB011A9BF79775B2A5F5889644A5A06835933340845A08555
SHA-512:	9514A424CC2A9290F749F527F515B35E45C6A829CB3930DBFB39DC9D70A684640A31686EC77258FF285FE89B6DD44BB01A478848FF9B3EBD764741A6F7856704
Malicious:	false
Preview:	.W..............................`......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/ru/index.db.3b8wnl

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	0.3337394253577246
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	5B66CE03BFE548DEE335E0518E4E0554
SHA1:	65397845DC679AA972454B0FF237A513C0F490CB
SHA-256:	C38BB21B1D92166794DC09807C9A55B67B0A760C684FEEDD0C931F8415DD6D29
SHA-512:	A31C3D23F25607333250443490F0EE295BB702B46A636905FD413E8AEAA8ED23AAB42106868D2938718555C9DEEFB69FB416CAF5228A422F64D6CA8DB438FEE8
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/sl/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.8558400366712392
Encrypted:	false
SSDEEP:	12:Ey20y8jjjjjjjjjjjjjjjjjjjjjjjjjjGjjjKuV0jjjjjjjjjjjjjjjjjjjjjjje:bhaVZjx6ot7m13SmZQs
MD5:	67697BEA7C23E4805A82FE9755BB3CAE
SHA1:	14ACAFF0BECBDB116E4C0BC329E59DEF68CF46D1
SHA-256:	553DA7FF76999B7CCC4450498B11E6BD98B3B1E5FF81D82A53568F84B0D270D5
SHA-512:	D966DD6430003E708C6EE10764DC072A1ED0A252E6E1C822CBD28271A2EDD4B1F61C7F9AA7D1D442D6175791A104A365DE25B9C2598500AE705C9250C8BA46A1
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/sl/index.db.LIiLrk

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/sr/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	1.3868484511023333
Encrypted:	false
SSDEEP:	48:bhLSUCt/WFekRv/KSmGWqApnEVyfNsu+tBNGg2PgULLE2vRy2QwfoQEDiR2e3iRj:bhLVC48cn3Vu2FtBv7AtboQIqb3qwK
MD5:	0DD75ECC81E4E564EA56A57FF32A24D3
SHA1:	859C0FE5F86A2C5A32BAD7920787BE845F34C4FB
SHA-256:	DB778B175D19DEFA4180D0B12D675AD0B8B22CC4BB77702D9EC8510F894EB3B1
SHA-512:	7B0C56A76797383527509F8036EB4911F8925E7ACC005CDC3269F0A43231479E3A0A9887BF4D2979F05CBFE18324997DEF715FDA6921EEF827B385C9D902C708
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/sr/index.db.IXnEOl

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/sv/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	2.5432558448090097
Encrypted:	false
SSDEEP:	96:bhk/+fz7b9ldxbe2Vn3iwkVJIB0D6c6aZ4+1Wrzbxpl4/tMe1:imrn9lHbe2Vn3iwKhD6cvTAbl4/tMe
MD5:	D97454D6B1F39F39966A809BCA3D9647
SHA1:	276931CED8F34B7651C1BDFC8522FF0560E2C377
SHA-256:	DCB8CE7F4F21595D851100F315C56B717541DB898AEB9ED9C0CCC9FF217A5801
SHA-512:	3E014F3EA8EEE79B87726EDA6291AC2D0BD9B22803EE848F61CA2AAD39D5FB87704410C57C648EE4AF8A1B78EFB0D766524F6DB750208C9BAC346079FD8EE69E
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/sv/index.db.gyvjSj

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/tr/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	1.7558188637474321
Encrypted:	false
SSDEEP:	96:bhWV1OIM7cn3UZiPU1wywyoEpJmz6W2Mzgg:YDOL4n3fPvywrzgMU
MD5:	5F905B930E7310E72BC3DF5C50F8E579
SHA1:	50B1AD3115F095C743CB26F87ECCE406FAC3523B
SHA-256:	1DB72BA77CA01F25CA9768999825D8F97F5ED4D00E17C9130D6F7CDE34130270
SHA-512:	A6066F4DF4097DB93673CD156BBE5F910C3F64D01E1671E481BC9FBDD720DBD6F8CEF337E20404F7C6AE97B2FA1F5E67088041ACBB6EA85D6758924D5740D06C
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/tr/index.db.8iUhxk

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/zh_CN/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	2.6210042560348144
Encrypted:	false
SSDEEP:	48:bh5roGafX8XKu5YIoBHtF2YekDsv/KSmGWNmA/y0uJNI/oyjaOUUfEHKn9nnjoEJ:bhdoLfX8N9oBNF2XFn3UD/9FZiy0aoN
MD5:	39398A15564A55EB7BFE895D7668A5A3
SHA1:	28DA677435B87176E08AFABBF8B51F7B93E22948
SHA-256:	A4C0216476E357ED3A23E71333DBE7DE91E04370EF049032EE8E47BB1EDBD83B
SHA-512:	B4E69212338C742F8C83194552078A86E4BED59375D82563C0B4059B7E0D6A58D6317151AB1F2A6FB20D2FF6DB7C550DF6A6984B2BB873A111D58AF9AEB7D95E
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/zh_CN/index.db.Z0g2Vk

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/zh_TW/5609

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	1.0170167917961734
Encrypted:	false
SSDEEP:	24:bhAvIZuF4ptmpzf50dhOv8WvxjMMhFmMKxevOfOots+:bhDi4p+ahOhFFKxewj
MD5:	1FC5F2B98E5BC25B10373353D91B86B1
SHA1:	D848DA35B0731328195D59C1E996B95C4952F1F9
SHA-256:	509FAD18B4454CD70D974755F6156D4A5FA9B960AB9FF468D1FC350F0B64F379
SHA-512:	95BC2E289EDE5D9A3F56C9D8AE9DD13D9379BE2ABF8927CDABBE92B9F57A8EB667E9C08E4DFD82BF9F1F57118CE6E495722ADA2668AFF4FA0540F46C0A6D5138
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/cache/man/zh_TW/index.db.lSGpOi

Download File

Process:	/usr/bin/mandb
File Type:	GNU dbm 1.x or ndbm database, little endian, 64-bit
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.45676214072558463
Encrypted:	false
SSDEEP:	12:Ey20ypjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj3:bh
MD5:	EE429C7E8B222AFF73C611A8C358B661
SHA1:	DA353E80DCF1195F259CCBC32D39F5923710453F
SHA-256:	BDAAC26D90701E063943763B7CBD9204B6F0007C6F1BCA3C7B4FE3B09CDF6091
SHA-512:	DC651AF7AEB4A64C63986100E416A7DA4782678497B73F1CE42536DE02DB9E4115748881A56B86EC5B12E34C9FDF829BD194BEA7790FDCA7B2F5178A24930809
Malicious:	false
Preview:	.W..............................@......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/var/lib/logrotate/status.tmp

Download File

Process:	/usr/sbin/logrotate
File Type:	ASCII text
Category:	dropped
Size (bytes):	1561
Entropy (8bit):	4.810048593381877
Encrypted:	false
SSDEEP:	48:U9WjPWqJcdcW07WnKYd+Wq4IdhodcsSdUydndA5/W5x9W0dq45dDN4dU1+d3o9Nu:wOHeO57mkH4IsQuyd2/oZQ45d2uooBHC
MD5:	ABBBB69F72D6532B522DA41BDEDD9CB8
SHA1:	05059B526765B22361FB21E904A94DF54ECAC6D3
SHA-256:	229F798DF822E378D92F4127B8FCE4FF255516419D888C7FF188B4230DA63219
SHA-512:	9B8E0136CC9DB98855575E20337FBFF018CF7C9277C2BE4E43C57014B5BA867E965F1F876882C803C1759262C39C661D6CB69B79782D1D14FA612E080FDA6B87
Malicious:	false
Preview:	logrotate state -- version 2."/var/log/syslog" 2025-1-3-5:56:55."/var/log/dpkg.log" 2023-7-31-11:2:47."/var/log/unattended-upgrades/unattended-upgrades.log" 2025-1-3-5:56:55."/var/log/speech-dispatcher/debug-flite" 2025-1-3-5:0:0."/var/log/unattended-upgrades/unattended-upgrades-shutdown.log" 2025-1-3-5:56:55."/var/log/auth.log" 2025-1-3-5:56:55."/var/log/apt/term.log" 2023-7-31-11:2:47."/var/log/ppp-connect-errors" 2025-1-3-5:0:0."/var/log/apport.log" 2025-1-3-5:56:55."/var/log/speech-dispatcher/speech-dispatcher-protocol.log" 2025-1-3-5:0:0."/var/log/apt/history.log" 2023-7-31-11:2:47."/var/log/boot.log" 2025-1-3-5:0:0."/var/log/alternatives.log" 2021-9-17-9:23:29."/var/log/lightdm/*.log" 2025-1-3-5:0:0."/var/log/mail.log" 2025-1-3-5:0:0."/var/log/debug" 2025-1-3-5:0:0."/var/log/kern.log" 2025-1-3-5:56:55."/var/log/cups/access_log" 2025-1-3-5:56:55."/var/log/ufw.log" 2025-1-3-5:0:0."/var/log/speech-dispatcher/speech-dispatcher.log" 2025-1-3-5:0:0."/var/log/wtmp" 2021-8-20-13:0:0."/va

Static File Info

General

File type:	ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, no section header
Entropy (8bit):	7.974772577337644
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	boatnet.arm7.elf
File size:	46'624 bytes
MD5:	b596061ea3f1d976a6314afe769a9c34
SHA1:	8853bfb626868c32a999a883fed4eb704fe28c11
SHA256:	b2f70bb7d7dac80bf956d563f6e97e65909e2b5e08e9e0022c1f621693f8ccbd
SHA512:	647f02d5e52e7a0ca155ed989dd564d721d332767236c7e2cab55847e613e1dd104fbdca6fe5f2fa70d3e5a33b1492152cbe48e477a3221ad1aabe3328f7b0df
SSDEEP:	768:g/TYCoIxdEk+AxoTZAZHFeq8b3THP9q3UELbUXfi6nVMQHI4vcGpv+:gECFd+A6YHAxTeLRQZ+
TLSH:	21230271880EDDB125303C76DB95E3937AE12AB2C6673023D6280A3C6F65A131E57E4A
File Content Preview:	.ELF..............(.....H...4...........4. ...(.....................5{..5{..............dd..dd..dd..................Q.td...............................OUPX!....................h..........?.E.h;....#..$...o...xm...o.c.....W..8YG_^.q..._.2,..i........)^....

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - Linux
ABI Version:	0
Entry Point Address:	0xe948
Flags:	0x4000002
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	0
Section Header Size:	40
Number of Section Headers:	0
Header String Table Index:	0

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align
LOAD	0x0	0x8000	0x8000	0x7b35	0x7b35	7.9534	0x5	R E	0x8000
LOAD	0x6464	0x26464	0x26464	0x0	0x0	0.0000	0x6	RW	0x8000
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2025 06:57:43.047446012 CET	44050	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:43.052406073 CET	3778	44050	141.11.33.73	192.168.2.13
Jan 3, 2025 06:57:43.052469969 CET	44050	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:43.085232019 CET	44050	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:43.090048075 CET	3778	44050	141.11.33.73	192.168.2.13
Jan 3, 2025 06:57:43.090085983 CET	44050	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:43.094894886 CET	3778	44050	141.11.33.73	192.168.2.13
Jan 3, 2025 06:57:45.885879040 CET	3778	44050	141.11.33.73	192.168.2.13
Jan 3, 2025 06:57:45.886080980 CET	44050	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:45.886179924 CET	44050	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:45.886622906 CET	44052	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:45.891415119 CET	3778	44052	141.11.33.73	192.168.2.13
Jan 3, 2025 06:57:45.891573906 CET	44052	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:45.892263889 CET	44052	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:45.897047043 CET	3778	44052	141.11.33.73	192.168.2.13
Jan 3, 2025 06:57:45.897113085 CET	44052	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:45.901895046 CET	3778	44052	141.11.33.73	192.168.2.13
Jan 3, 2025 06:57:47.021261930 CET	3778	44052	141.11.33.73	192.168.2.13
Jan 3, 2025 06:57:47.021495104 CET	44052	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:47.021495104 CET	44052	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:47.022053957 CET	44054	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:47.026891947 CET	3778	44054	141.11.33.73	192.168.2.13
Jan 3, 2025 06:57:47.026951075 CET	44054	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:47.027663946 CET	44054	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:47.032418966 CET	3778	44054	141.11.33.73	192.168.2.13
Jan 3, 2025 06:57:47.032466888 CET	44054	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:47.037235975 CET	3778	44054	141.11.33.73	192.168.2.13
Jan 3, 2025 06:57:48.525464058 CET	44054	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:48.530788898 CET	3778	44054	141.11.33.73	192.168.2.13
Jan 3, 2025 06:57:48.530836105 CET	44054	3778	192.168.2.13	141.11.33.73
Jan 3, 2025 06:57:55.977935076 CET	48202	443	192.168.2.13	185.125.190.26
Jan 3, 2025 06:58:27.210000038 CET	48202	443	192.168.2.13	185.125.190.26

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2025 07:00:31.009248972 CET	37594	53	192.168.2.13	8.8.8.8
Jan 3, 2025 07:00:31.009248972 CET	43988	53	192.168.2.13	8.8.8.8
Jan 3, 2025 07:00:31.015855074 CET	53	37594	8.8.8.8	192.168.2.13
Jan 3, 2025 07:00:31.015877962 CET	53	43988	8.8.8.8	192.168.2.13

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 3, 2025 07:00:31.009248972 CET	192.168.2.13	8.8.8.8	0x72d6	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Jan 3, 2025 07:00:31.009248972 CET	192.168.2.13	8.8.8.8	0xd848	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 3, 2025 07:00:31.015855074 CET	8.8.8.8	192.168.2.13	0x72d6	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false
Jan 3, 2025 07:00:31.015855074 CET	8.8.8.8	192.168.2.13	0x72d6	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: boatnet.arm7.elf PID: 5425, Parent PID: 5353

General

Start time (UTC):	05:57:41
Start date (UTC):	03/01/2025
Path:	/tmp/boatnet.arm7.elf
Arguments:	/tmp/boatnet.arm7.elf
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: boatnet.arm7.elf PID: 5430, Parent PID: 5425

General

Start time (UTC):	05:57:42
Start date (UTC):	03/01/2025
Path:	/tmp/boatnet.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: boatnet.arm7.elf PID: 5432, Parent PID: 5425

General

Start time (UTC):	05:57:42
Start date (UTC):	03/01/2025
Path:	/tmp/boatnet.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: boatnet.arm7.elf PID: 5434, Parent PID: 5425

General

Start time (UTC):	05:57:42
Start date (UTC):	03/01/2025
Path:	/tmp/boatnet.arm7.elf
Arguments:	-
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Chronological Activities

Analysis Process: xfce4-panel PID: 5441, Parent PID: 3147

General

Start time (UTC):	05:57:47
Start date (UTC):	03/01/2025
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 5441, Parent PID: 3147

General

Start time (UTC):	05:57:47
Start date (UTC):	03/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: xfce4-panel PID: 5442, Parent PID: 3147

General

Start time (UTC):	05:57:47
Start date (UTC):	03/01/2025
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 5442, Parent PID: 3147

General

Start time (UTC):	05:57:47
Start date (UTC):	03/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: xfce4-panel PID: 5443, Parent PID: 3147

General

Start time (UTC):	05:57:47
Start date (UTC):	03/01/2025
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 5443, Parent PID: 3147

General

Start time (UTC):	05:57:47
Start date (UTC):	03/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: xfce4-panel PID: 5444, Parent PID: 3147

General

Start time (UTC):	05:57:47
Start date (UTC):	03/01/2025
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 5444, Parent PID: 3147

General

Start time (UTC):	05:57:47
Start date (UTC):	03/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: wrapper-2.0 PID: 5461, Parent PID: 5444

General

Start time (UTC):	05:57:52
Start date (UTC):	03/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	-
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: xfpm-power-backlight-helper PID: 5461, Parent PID: 5444

General

Start time (UTC):	05:57:52
Start date (UTC):	03/01/2025
Path:	/usr/sbin/xfpm-power-backlight-helper
Arguments:	/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
File size:	14656 bytes
MD5 hash:	3d221ad23f28ca3259f599b1664e2427

Chronological Activities

Analysis Process: xfce4-panel PID: 5445, Parent PID: 3147

General

Start time (UTC):	05:57:47
Start date (UTC):	03/01/2025
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 5445, Parent PID: 3147

General

Start time (UTC):	05:57:47
Start date (UTC):	03/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: xfce4-panel PID: 5446, Parent PID: 3147

General

Start time (UTC):	05:57:47
Start date (UTC):	03/01/2025
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 5446, Parent PID: 3147

General

Start time (UTC):	05:57:47
Start date (UTC):	03/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: dbus-daemon PID: 5463, Parent PID: 5462

General

Start time (UTC):	05:57:52
Start date (UTC):	03/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: xfconfd PID: 5463, Parent PID: 5462

General

Start time (UTC):	05:57:52
Start date (UTC):	03/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
File size:	112880 bytes
MD5 hash:	4c7a0d6d258bb970905b19b84abcd8e9

Chronological Activities

Analysis Process: systemd PID: 5470, Parent PID: 2935

General

Start time (UTC):	05:57:55
Start date (UTC):	03/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: xfce4-notifyd PID: 5470, Parent PID: 2935

General

Start time (UTC):	05:57:55
Start date (UTC):	03/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
File size:	112872 bytes
MD5 hash:	eee956f1b227c1d5031f9c61223255d1

Chronological Activities

Analysis Process: systemd PID: 5566, Parent PID: 1

General

Start time (UTC):	06:00:28
Start date (UTC):	03/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: logrotate PID: 5566, Parent PID: 1

General

Start time (UTC):	06:00:28
Start date (UTC):	03/01/2025
Path:	/usr/sbin/logrotate
Arguments:	/usr/sbin/logrotate /etc/logrotate.conf
File size:	84056 bytes
MD5 hash:	ff9f6831debb63e53a31ff8057143af6

Chronological Activities

Analysis Process: systemd PID: 5571, Parent PID: 1

General

Start time (UTC):	06:00:28
Start date (UTC):	03/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: install PID: 5571, Parent PID: 1

General

Start time (UTC):	06:00:28
Start date (UTC):	03/01/2025
Path:	/usr/bin/install
Arguments:	/usr/bin/install -d -o man -g man -m 0755 /var/cache/man
File size:	158112 bytes
MD5 hash:	55e2520049dc6a62e8c94732e36cdd54

Chronological Activities

Analysis Process: systemd PID: 5589, Parent PID: 1

General

Start time (UTC):	06:00:28
Start date (UTC):	03/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: find PID: 5589, Parent PID: 1

General

Start time (UTC):	06:00:28
Start date (UTC):	03/01/2025
Path:	/usr/bin/find
Arguments:	/usr/bin/find /var/cache/man -type f -name *.gz -atime +6 -delete
File size:	320160 bytes
MD5 hash:	b68ef002f84cc54dd472238ba7df80ab

Chronological Activities

Analysis Process: systemd PID: 5609, Parent PID: 1

General

Start time (UTC):	06:00:28
Start date (UTC):	03/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: mandb PID: 5609, Parent PID: 1

General

Start time (UTC):	06:00:28
Start date (UTC):	03/01/2025
Path:	/usr/bin/mandb
Arguments:	/usr/bin/mandb --quiet
File size:	142432 bytes
MD5 hash:	1dda5ea0027ecf1c2db0f5a3de7e6941

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report boatnet.arm7.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/var/cache/man/5609

/var/cache/man/cs/5609

/var/cache/man/cs/index.db.ANlazk

/var/cache/man/da/5609

/var/cache/man/da/index.db.Lztk8j

/var/cache/man/de/5609

/var/cache/man/de/index.db.28ZzCl

/var/cache/man/es/5609

/var/cache/man/es/index.db.iVLtVj

/var/cache/man/fi/5609

/var/cache/man/fi/index.db.N0yT4l

/var/cache/man/fr.ISO8859-1/5609

/var/cache/man/fr.ISO8859-1/index.db.XvwF9k

/var/cache/man/fr.UTF-8/5609

/var/cache/man/fr.UTF-8/index.db.QjNIhj

/var/cache/man/fr/5609

/var/cache/man/fr/index.db.OBxOoi

/var/cache/man/hu/5609

/var/cache/man/hu/index.db.sVn1zl

/var/cache/man/id/5609

/var/cache/man/id/index.db.QhR92k

/var/cache/man/index.db.cBQZ2k

/var/cache/man/it/5609

/var/cache/man/it/index.db.zI3nEl

/var/cache/man/ja/5609

/var/cache/man/ja/index.db.0VyAsl

/var/cache/man/ko/5609

/var/cache/man/ko/index.db.wHwBbm

Linux Analysis Report
boatnet.arm7.elf