Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
boatnet.m68k.elf

Overview

General Information

Sample name:boatnet.m68k.elf
Analysis ID:1587014
MD5:64ea5827475b29403a107918e774f979
SHA1:3a637721dcde2ef5729ca91a964d3d966d7bd7ac
SHA256:addac9fe0719319da726b5efaac976d0136282ce1668ef0fb9d6990dbe4b70ba
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1587014
Start date and time:2025-01-09 21:17:14 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 8s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:boatnet.m68k.elf
Detection:MAL
Classification:mal76.spre.troj.linELF@0/1@2/0
  • VT rate limit hit for: boatnet.m68k.elf

Runtime Messages

Command:/tmp/boatnet.m68k.elf
PID:5528
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wrapper-2.0 (PID: 5540, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5541, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 5542, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 5543, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 5560, Parent: 5543, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 5544, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 5545, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 5562, Parent: 5561, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 5571, Parent: 3044)
  • xfce4-notifyd (PID: 5571, Parent: 3044, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
boatnet.m68k.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    boatnet.m68k.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xc1e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc1f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc20c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc220:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc234:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc25c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc34c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    boatnet.m68k.elfLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0xc735:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5528.1.00007f5a30001000.00007f5a3000f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5528.1.00007f5a30001000.00007f5a3000f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xc1e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc1f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc20c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc220:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc234:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc25c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc34c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5528.1.00007f5a30001000.00007f5a3000f000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
      • 0xc735:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
      5531.1.00007f5a30001000.00007f5a3000f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5531.1.00007f5a30001000.00007f5a3000f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0xc1e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc1f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc20c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc220:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc234:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc25c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc34c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        Click to see the 7 entries

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        • AV Detection
        • Networking
        • System Summary
        • Persistence and Installation Behavior
        • Malware Analysis System Evasion
        • Stealing of Sensitive Information
        • Remote Access Functionality

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: boatnet.m68k.elfAvira: detected
        Source: boatnet.m68k.elfReversingLabs: Detection: 65%
        Source: global trafficTCP traffic: 192.168.2.15:35508 -> 45.95.169.133:3778
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: unknownTCP traffic detected without corresponding DNS query: 45.95.169.133
        Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

        System Summary

        barindex
        Source: boatnet.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: boatnet.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5528.1.00007f5a30001000.00007f5a3000f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5528.1.00007f5a30001000.00007f5a3000f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5531.1.00007f5a30001000.00007f5a3000f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5531.1.00007f5a30001000.00007f5a3000f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: boatnet.m68k.elf PID: 5528, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: boatnet.m68k.elf PID: 5528, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: boatnet.m68k.elf PID: 5531, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: boatnet.m68k.elf PID: 5531, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3192, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3249, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3250, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3251, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3252, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3253, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3255, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3272, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3274, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3298, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5540, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5541, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5542, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5543, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5544, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5545, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5562, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5571, result: successfulJump to behavior
        Source: xfce4-panel.xml.new.31.drOLE indicator, VBA macros: true
        Source: xfce4-panel.xml.new.31.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3192, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3249, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3250, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3251, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3252, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3253, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3255, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3272, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3274, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 3298, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5540, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5541, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5542, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5543, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5544, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5545, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5562, result: successfulJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)SIGKILL sent: pid: 5571, result: successfulJump to behavior
        Source: boatnet.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: boatnet.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5528.1.00007f5a30001000.00007f5a3000f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5528.1.00007f5a30001000.00007f5a3000f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5531.1.00007f5a30001000.00007f5a3000f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5531.1.00007f5a30001000.00007f5a3000f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.m68k.elf PID: 5528, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.m68k.elf PID: 5528, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.m68k.elf PID: 5531, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.m68k.elf PID: 5531, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: classification engineClassification label: mal76.spre.troj.linELF@0/1@2/0
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5540)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5541)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5541)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5542)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5543)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5562)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5562)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5562)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5562)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5571)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5571)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5571)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5571)Directory: /home/saturnino/.configJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/5660/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/5540/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/5661/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/5541/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/5542/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/5543/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1185/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3241/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3483/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1732/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1730/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1333/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1695/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3235/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3234/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/911/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/515/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/5534/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/914/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1617/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1615/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/917/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3255/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3253/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1591/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3252/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3251/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3250/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1623/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1588/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3249/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/764/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3368/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1585/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3246/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3488/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/766/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/800/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/888/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/5544/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/5545/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/802/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1509/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/803/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/804/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3800/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3801/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1867/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3407/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/5562/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1484/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/490/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1514/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1634/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1479/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1875/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/654/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3379/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/655/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/656/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/777/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/931/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1595/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/657/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/812/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/779/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/658/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/933/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/418/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/419/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3419/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/5571/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3310/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3275/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3274/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3273/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3394/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3272/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/782/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3706/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3303/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1762/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3027/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1486/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/789/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1806/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1660/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3440/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/793/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/794/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3316/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/674/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/796/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/675/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/676/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1498/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1497/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1496/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3157/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3278/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3399/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3675/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3798/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/3799/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5530)File opened: /proc/1659/cmdlineJump to behavior
        Source: /tmp/boatnet.m68k.elf (PID: 5528)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5540)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5541)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5542)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5543)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5544)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5545)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5571)Queries kernel information via 'uname': Jump to behavior
        Source: boatnet.m68k.elf, 5528.1.0000562c2c619000.0000562c2c69e000.rw-.sdmp, boatnet.m68k.elf, 5531.1.0000562c2c619000.0000562c2c69e000.rw-.sdmpBinary or memory string: a,,V!/etc/qemu-binfmt/m68k
        Source: boatnet.m68k.elf, 5528.1.00007ffeefd81000.00007ffeefda2000.rw-.sdmp, boatnet.m68k.elf, 5531.1.00007ffeefd81000.00007ffeefda2000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-m68k/tmp/boatnet.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/boatnet.m68k.elf
        Source: boatnet.m68k.elf, 5528.1.00007ffeefd81000.00007ffeefda2000.rw-.sdmp, boatnet.m68k.elf, 5531.1.00007ffeefd81000.00007ffeefda2000.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
        Source: boatnet.m68k.elf, 5528.1.0000562c2c619000.0000562c2c69e000.rw-.sdmp, boatnet.m68k.elf, 5531.1.0000562c2c619000.0000562c2c69e000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: boatnet.m68k.elf, type: SAMPLE
        Source: Yara matchFile source: 5528.1.00007f5a30001000.00007f5a3000f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5531.1.00007f5a30001000.00007f5a3000f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: boatnet.m68k.elf PID: 5528, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.m68k.elf PID: 5531, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Source: Yara matchFile source: boatnet.m68k.elf, type: SAMPLE
        Source: Yara matchFile source: 5528.1.00007f5a30001000.00007f5a3000f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5531.1.00007f5a30001000.00007f5a3000f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: boatnet.m68k.elf PID: 5528, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.m68k.elf PID: 5531, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid AccountsWindows Management Instrumentation1
        Scripting        		Path Interception1
        Hidden Files and Directories        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Non-Standard Port        		Exfiltration Over Other Network Medium1
        Service Stop
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1587014 Sample: boatnet.m68k.elf Startdate: 09/01/2025 Architecture: LINUX Score: 76 24 45.95.169.133, 35508, 35510, 35512 GIGANET-HUGigaNetInternetServiceProviderCoHU Croatia (LOCAL Name: Hrvatska) 2->24 26 daisy.ubuntu.com 2->26 28 Malicious sample detected (through community Yara rule) 2->28 30 Antivirus / Scanner detection for submitted sample 2->30 32 Multi AV Scanner detection for submitted file 2->32 34 Yara detected Mirai 2->34 7 boatnet.m68k.elf 2->7         started        9 xfce4-panel wrapper-2.0 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 6 other processes 2->13 signatures3 process4 process5 15 boatnet.m68k.elf 7->15         started        18 boatnet.m68k.elf 7->18         started        20 boatnet.m68k.elf 7->20         started        22 wrapper-2.0 xfpm-power-backlight-helper 9->22         started        signatures6 36 Sample tries to kill multiple processes (SIGKILL) 15->36

        Screenshots

        Download Video

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        boatnet.m68k.elf66%ReversingLabsLinux.Trojan.Mirai
        boatnet.m68k.elf100%AviraEXP/ELF.Gafgyt.D

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Download Network PCAP: filteredfull

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        daisy.ubuntu.com
        		162.213.35.24
        		truefalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          45.95.169.133
          		unknownCroatia (LOCAL Name: Hrvatska)
          		42864GIGANET-HUGigaNetInternetServiceProviderCoHUfalse

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          45.95.169.133https://link.mail.beehiiv.com/ls/click?upn=u001.fl7hrKpqiw6rleMq0yETnMUZuFsAAwCeO-2BH5ERPYbcqsWCpxHbnR-2BAMni5gDH0KguWznuzJ8-2BPLnfO8gj2j9yQl2ivfAsJY4Ezg7DDw3zzKfSzxTK3e4dxMSvOfBS7t3jD7uyMdaZpLpYA-2FoIuXpkYxxl3nOzWBw62nOLKDtQmnHprAllAUT7JIYUOdWTCNc6huay-2BA-2FIfT2dnkFc6AmqA-3D-3DxUjQ_ALlq5-2F4R3mneNPhLNwp-2FSklL98Rffw61E2phJyJwq6p9ZGyzxGn1cEvL1cS-2FpYXg8QF3LQcVH6N3NvQgDELZv6iF7S8jW1KUDMp8-2BQMtNl9tkzcJNyX8lQ8goJivRSJ1rRDtRrMprAouHGu5blxfALgR7Dy3RcUTkIa9P9fzPowjq9zzgdGTCyOFs7uFwdqBdbRA0dgNynR-2B7yAoxS-2FBqGA-2F5DUOt7N3ksCGSpiDeOafLSSGRb3lCM-2FejLKZB1caBq-2BVS77p19cSK7ce7MMCKsUbNJM3WjT5y2hIW-2BU2KRnVsBRKjayQIu3Eoegvuf-2F4-2BO5eZgRdFML9H6U59SxyK76FhpMNa-2FGiv4uFwsBB2sysmbv0-2Frx-2BnQQJumR5LaNVWmqB2NU4epM800AHR8YJC4DZjZx1FvHMAKtZua35bl6MvjANzHsLEoDCNLFV06pC#bGFpbmkuc2NodWx0ekBnb2FhLm9yZw==Get hashmaliciousHTMLPhisherBrowse
            l3CSIdLHUX.elfGet hashmaliciousMiraiBrowse
              ObohesNIQPGet hashmaliciousMiraiBrowse
                E5AplG09UiGet hashmaliciousGafgyt MiraiBrowse
                  Mt4z5aD7mbGet hashmaliciousGafgyt MiraiBrowse
                    8c04DrlaKWGet hashmaliciousGafgyt MiraiBrowse
                      p83YE1DOnxGet hashmaliciousGafgyt MiraiBrowse
                        wofmOxWHfGGet hashmaliciousGafgyt MiraiBrowse
                          4Ii4J4DIxtGet hashmaliciousGafgyt MiraiBrowse
                            dPNmxIxa36Get hashmaliciousUnknownBrowse

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              daisy.ubuntu.comboatnet.arm6.elfGet hashmaliciousMiraiBrowse
                              • 162.213.35.24
                              wind.ppc.elfGet hashmaliciousMiraiBrowse
                              • 162.213.35.25
                              wind.arm.elfGet hashmaliciousMiraiBrowse
                              • 162.213.35.25
                              wind.mips.elfGet hashmaliciousMiraiBrowse
                              • 162.213.35.24
                              wind.m68k.elfGet hashmaliciousMiraiBrowse
                              • 162.213.35.25
                              wind.sh4.elfGet hashmaliciousMiraiBrowse
                              • 162.213.35.24
                              wind.arm7.elfGet hashmaliciousMiraiBrowse
                              • 162.213.35.24
                              Fantazy.sh4.elfGet hashmaliciousUnknownBrowse
                              • 162.213.35.25
                              Fantazy.ppc.elfGet hashmaliciousUnknownBrowse
                              • 162.213.35.24
                              Fantazy.mips.elfGet hashmaliciousUnknownBrowse
                              • 162.213.35.25

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              GIGANET-HUGigaNetInternetServiceProviderCoHUboatnet.m68k.elfGet hashmaliciousMiraiBrowse
                              • 45.95.169.129
                              boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                              • 45.95.169.129
                              boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                              • 45.95.169.129
                              boatnet.mips.elfGet hashmaliciousMiraiBrowse
                              • 45.95.169.129
                              boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                              • 45.95.169.129
                              boatnet.arm.elfGet hashmaliciousMiraiBrowse
                              • 45.95.169.129
                              boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                              • 45.95.169.129
                              boatnet.x86.elfGet hashmaliciousMiraiBrowse
                              • 45.95.169.129
                              wind.mpsl.elfGet hashmaliciousMiraiBrowse
                              • 45.95.169.120
                              wind.x86.elfGet hashmaliciousMiraiBrowse
                              • 45.95.169.120

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              Process:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                              File Type:XML 1.0 document, ASCII text
                              Category:dropped
                              Size (bytes):5128
                              Entropy (8bit):4.457618060812407
                              Encrypted:false
                              SSDEEP:96:R14GBdYLSNUH+ZAFQrSRR6dn0tWlTDFwIfM/vfzPpjT9I3jZ/qeH2Wg:74GnYLSNUH+ZAyrSRRYn0taTDKIfMPzv
                              MD5:2A2A7C34B585CDAE5E123F3C5100C253
                              SHA1:E814B1B1531B25581DB76CB813C85E53E1390BA4
                              SHA-256:BCA18B654D038B69B25ACDF84CFF99BF521A1B54F482F1DE2B54CE13AC219A04
                              SHA-512:CEC7A3A7A6AD6C2A6D101A3BF6D89A01EBDCEB0121AA3DE1CEA024268410B39E4E9188382439C7C3FD734C66764B66B13F1D277700B00A2FCB35CB67E31996DD
                              Malicious:false
                              Reputation:moderate, very likely benign file
                              Preview:<?xml version="1.0" encoding="UTF-8"?>..<channel name="xfce4-panel" version="1.0">. <property name="configver" type="int" value="2"/>. <property name="panels" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <property name="panel-1" type="empty">. <property name="position" type="string" value="p=6;x=0;y=0"/>. <property name="length" type="uint" value="100"/>. <property name="position-locked" type="bool" value="true"/>. <property name="icon-size" type="uint" value="16"/>. <property name="size" type="uint" value="26"/>. <property name="plugin-ids" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <value type="int" value="3"/>. <value type="int" value="4"/>. <value type="int" value="5"/>. <value type="int" value="6"/>. <value type="int" value="7"/>. <value type="int" value="8"/>. <value type="int" value="9"/>. <value type="in

                              Static File Info

                              General

                              File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
                              Entropy (8bit):6.2549686443313695
                              TrID:
                              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                              File name:boatnet.m68k.elf
                              File size:54'932 bytes
                              MD5:64ea5827475b29403a107918e774f979
                              SHA1:3a637721dcde2ef5729ca91a964d3d966d7bd7ac
                              SHA256:addac9fe0719319da726b5efaac976d0136282ce1668ef0fb9d6990dbe4b70ba
                              SHA512:0b9427f4e9057eebfae7ec71440adb380d83e202c9beb5087ff0f665d522d68104a44f6c78babc6b96e843515f69e55d4a66f39f6a0297964987d670d94e9ed0
                              SSDEEP:768:gduPBFnHooqR8qOCKq2cH4Kg9e+TK806MMUVjzkfQXObHud2oG4:r/hqaJMDg9eqK806MHdkfQX6HuC4
                              TLSH:7B330A8EB8029D3CF91BE6BE54164E0DB93177C152830B2767BBFDA36C721945E02E85
                              File Content Preview:.ELF.......................D...4.........4. ...(.................................. ....................(.......... .dt.Q............................NV..a....da.....N^NuNV..J9....f>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X.........N^NuNV..N^NuN

                              Static ELF Info

                              ELF header

                              Class:ELF32
                              Data:2's complement, big endian
                              Version:1 (current)
                              Machine:MC68000
                              Version Number:0x1
                              Type:EXEC (Executable file)
                              OS/ABI:UNIX - System V
                              ABI Version:0
                              Entry Point Address:0x80000144
                              Flags:0x0
                              ELF Header Size:52
                              Program Header Offset:52
                              Program Header Size:32
                              Number of Program Headers:3
                              Section Header Offset:54532
                              Section Header Size:40
                              Number of Section Headers:10
                              Header String Table Index:9

                              Sections

                              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                              NULL0x00x00x00x00x0000
                              .initPROGBITS0x800000940x940x140x00x6AX002
                              .textPROGBITS0x800000a80xa80xc12e0x00x6AX004
                              .finiPROGBITS0x8000c1d60xc1d60xe0x00x6AX002
                              .rodataPROGBITS0x8000c1e40xc1e40x10b20x00x2A002
                              .ctorsPROGBITS0x8000f29c0xd29c0x80x00x3WA004
                              .dtorsPROGBITS0x8000f2a40xd2a40x80x00x3WA004
                              .dataPROGBITS0x8000f2b00xd2b00x2140x00x3WA004
                              .bssNOBITS0x8000f4c40xd4c40x2a00x00x3WA004
                              .shstrtabSTRTAB0x00xd4c40x3e0x00x0001

                              Program Segments

                              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                              LOAD0x00x800000000x800000000xd2960xd2966.29060x5R E0x2000.init .text .fini .rodata
                              LOAD0xd29c0x8000f29c0x8000f29c0x2280x4c83.03460x6RW 0x2000.ctors .dtors .data .bss
                              GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                              Network Behavior

                              Download Network PCAP: filteredfull

                              Network Port Distribution

                              • Total Packets: 130
                              • 3778 undefined
                              • 53 (DNS)
                              TimestampSource PortDest PortSource IPDest IP
                              Jan 9, 2025 21:18:03.029918909 CET355083778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:03.034987926 CET37783550845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:03.035054922 CET355083778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:03.080641985 CET355083778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:03.085483074 CET37783550845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:03.085535049 CET355083778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:03.090884924 CET37783550845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:03.715467930 CET37783550845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:03.715758085 CET355083778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:03.715758085 CET355083778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:03.717426062 CET355103778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:03.723170042 CET37783551045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:03.723336935 CET355103778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:03.724581957 CET355103778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:03.730236053 CET37783551045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:03.730284929 CET355103778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:03.735980988 CET37783551045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:04.562505960 CET37783551045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:04.562714100 CET37783551045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:04.562724113 CET37783551045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:04.562766075 CET355103778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:04.562766075 CET355103778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:04.562777042 CET355103778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:04.562812090 CET355103778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:04.563728094 CET355123778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:04.569488049 CET37783551245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:04.569612026 CET355123778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:04.570544004 CET355123778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:04.576071978 CET37783551245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:04.576122999 CET355123778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:04.581796885 CET37783551245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:05.238944054 CET37783551245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:05.239069939 CET355123778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:05.239152908 CET355123778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:05.240046978 CET355143778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:05.244852066 CET37783551445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:05.244909048 CET355143778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:05.245661974 CET355143778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:05.250428915 CET37783551445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:05.250477076 CET355143778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:05.255230904 CET37783551445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:05.898382902 CET37783551445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:05.898677111 CET355143778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:05.898818016 CET355143778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:05.901251078 CET355163778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:05.906119108 CET37783551645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:05.906213999 CET355163778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:05.907236099 CET355163778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:05.912412882 CET37783551645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:05.912468910 CET355163778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:05.917373896 CET37783551645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:06.557465076 CET37783551645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:06.557634115 CET355163778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:06.557729006 CET355163778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:06.558504105 CET355183778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:06.563335896 CET37783551845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:06.563409090 CET355183778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:06.564439058 CET355183778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:06.570523024 CET37783551845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:06.570583105 CET355183778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:06.575357914 CET37783551845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:07.244087934 CET37783551845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:07.244302988 CET355183778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:07.244302988 CET355183778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:07.245075941 CET355203778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:07.249883890 CET37783552045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:07.249944925 CET355203778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:07.250745058 CET355203778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:07.255599022 CET37783552045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:07.255665064 CET355203778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:07.260436058 CET37783552045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:07.907437086 CET37783552045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:07.907640934 CET355203778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:07.907746077 CET355203778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:07.908267021 CET355223778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:07.913330078 CET37783552245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:07.913444996 CET355223778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:07.914407015 CET355223778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:07.919182062 CET37783552245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:07.919233084 CET355223778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:07.923996925 CET37783552245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:08.566855907 CET37783552245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:08.566898108 CET355223778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:08.566943884 CET355223778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:08.567678928 CET355243778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:08.574971914 CET37783552445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:08.575108051 CET355243778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:08.577644110 CET355243778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:08.584350109 CET37783552445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:08.584393024 CET355243778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:08.589127064 CET37783552445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:09.253142118 CET37783552445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:09.253230095 CET355243778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:09.253230095 CET355243778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:09.255441904 CET355263778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:09.260277033 CET37783552645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:09.260353088 CET355263778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:09.265295029 CET355263778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:09.270116091 CET37783552645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:09.270199060 CET355263778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:09.274955034 CET37783552645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:09.915523052 CET37783552645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:09.915595055 CET355263778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:09.915664911 CET355263778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:09.918025017 CET355283778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:09.922841072 CET37783552845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:09.922910929 CET355283778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:09.928286076 CET355283778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:09.933065891 CET37783552845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:09.933111906 CET355283778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:09.937879086 CET37783552845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:10.606470108 CET37783552845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:10.606518984 CET355283778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:10.606564045 CET355283778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:10.610409021 CET355303778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:10.616022110 CET37783553045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:10.616091013 CET355303778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:10.633645058 CET355303778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:10.638427973 CET37783553045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:10.638472080 CET355303778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:10.643241882 CET37783553045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:11.276129007 CET37783553045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:11.276307106 CET355303778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:11.276307106 CET355303778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:11.280688047 CET355323778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:11.285557985 CET37783553245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:11.285631895 CET355323778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:11.304330111 CET355323778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:11.310081959 CET37783553245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:11.310204029 CET355323778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:11.315819025 CET37783553245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:11.945866108 CET37783553245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:11.945955992 CET355323778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:11.945955992 CET355323778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:11.948813915 CET355343778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:11.953692913 CET37783553445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:11.953743935 CET355343778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:11.959039927 CET355343778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:11.965167046 CET37783553445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:11.965229988 CET355343778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:11.970099926 CET37783553445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:12.616188049 CET37783553445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:12.616266012 CET355343778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:12.616317034 CET355343778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:12.621786118 CET355363778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:12.626606941 CET37783553645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:12.626734018 CET355363778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:12.641661882 CET355363778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:12.646800995 CET37783553645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:12.646846056 CET355363778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:12.651788950 CET37783553645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:13.287257910 CET37783553645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:13.287328959 CET355363778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:13.287391901 CET355363778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:13.293553114 CET355383778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:13.298458099 CET37783553845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:13.298513889 CET355383778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:13.308573961 CET355383778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:13.313349009 CET37783553845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:13.313416004 CET355383778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:13.318165064 CET37783553845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:13.978241920 CET37783553845.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:13.978313923 CET355383778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:13.978348970 CET355383778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:13.981317997 CET355403778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:13.986733913 CET37783554045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:13.986819983 CET355403778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:13.992737055 CET355403778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:13.997925997 CET37783554045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:13.997976065 CET355403778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:14.003282070 CET37783554045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:14.649157047 CET37783554045.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:14.649224043 CET355403778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:14.649293900 CET355403778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:14.658821106 CET355423778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:14.663636923 CET37783554245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:14.663691044 CET355423778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:14.671732903 CET355423778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:14.676522970 CET37783554245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:14.676578045 CET355423778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:14.681407928 CET37783554245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:15.335479021 CET37783554245.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:15.335700989 CET355423778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:15.335700989 CET355423778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:15.340322018 CET355443778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:15.345182896 CET37783554445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:15.345254898 CET355443778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:15.352649927 CET355443778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:15.357491970 CET37783554445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:15.357564926 CET355443778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:15.362359047 CET37783554445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:16.018980980 CET37783554445.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:16.019059896 CET355443778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:16.019059896 CET355443778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:16.039446115 CET355463778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:16.046422005 CET37783554645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:16.046475887 CET355463778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:16.079807043 CET355463778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:16.086426020 CET37783554645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:16.086472034 CET355463778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:16.093396902 CET37783554645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:26.082454920 CET355463778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:18:26.087347031 CET37783554645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:26.279638052 CET37783554645.95.169.133192.168.2.15
                              Jan 9, 2025 21:18:26.279750109 CET355463778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:19:26.333472013 CET355463778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:19:26.338586092 CET37783554645.95.169.133192.168.2.15
                              Jan 9, 2025 21:19:26.531873941 CET37783554645.95.169.133192.168.2.15
                              Jan 9, 2025 21:19:26.532004118 CET355463778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:20:26.574331045 CET355463778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:20:26.579582930 CET37783554645.95.169.133192.168.2.15
                              Jan 9, 2025 21:20:26.771740913 CET37783554645.95.169.133192.168.2.15
                              Jan 9, 2025 21:20:26.771969080 CET355463778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:21:26.830996990 CET355463778192.168.2.1545.95.169.133
                              Jan 9, 2025 21:21:26.836199999 CET37783554645.95.169.133192.168.2.15
                              Jan 9, 2025 21:21:27.028585911 CET37783554645.95.169.133192.168.2.15
                              Jan 9, 2025 21:21:27.028712034 CET355463778192.168.2.1545.95.169.133
                              TimestampSource PortDest PortSource IPDest IP
                              Jan 9, 2025 21:20:47.861762047 CET3402253192.168.2.158.8.8.8
                              Jan 9, 2025 21:20:47.861814022 CET4059553192.168.2.158.8.8.8
                              Jan 9, 2025 21:20:47.868388891 CET53340228.8.8.8192.168.2.15
                              Jan 9, 2025 21:20:47.868534088 CET53405958.8.8.8192.168.2.15

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Jan 9, 2025 21:20:47.861762047 CET192.168.2.158.8.8.80xe952Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                              Jan 9, 2025 21:20:47.861814022 CET192.168.2.158.8.8.80x735Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Jan 9, 2025 21:20:47.868388891 CET8.8.8.8192.168.2.150xe952No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                              Jan 9, 2025 21:20:47.868388891 CET8.8.8.8192.168.2.150xe952No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                              System Behavior

                              General

                              Start time (UTC):20:18:02
                              Start date (UTC):09/01/2025
                              Path:/tmp/boatnet.m68k.elf
                              Arguments:/tmp/boatnet.m68k.elf
                              File size:4463432 bytes
                              MD5 hash:cd177594338c77b895ae27c33f8f86cc

                              File Activities

                              Process Activities

                              System Activities

                              Network Activities


                              General

                              Start time (UTC):20:18:02
                              Start date (UTC):09/01/2025
                              Path:/tmp/boatnet.m68k.elf
                              Arguments:-
                              File size:4463432 bytes
                              MD5 hash:cd177594338c77b895ae27c33f8f86cc

                              File Activities

                              Process Activities


                              General

                              Start time (UTC):20:18:02
                              Start date (UTC):09/01/2025
                              Path:/tmp/boatnet.m68k.elf
                              Arguments:-
                              File size:4463432 bytes
                              MD5 hash:cd177594338c77b895ae27c33f8f86cc

                              File Activities

                              Process Activities


                              General

                              Start time (UTC):20:18:02
                              Start date (UTC):09/01/2025
                              Path:/tmp/boatnet.m68k.elf
                              Arguments:-
                              File size:4463432 bytes
                              MD5 hash:cd177594338c77b895ae27c33f8f86cc

                              Process Activities

                              Network Activities


                              General

                              Start time (UTC):20:18:07
                              Start date (UTC):09/01/2025
                              Path:/usr/bin/xfce4-panel
                              Arguments:-
                              File size:375768 bytes
                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                              Process Activities


                              General

                              Start time (UTC):20:18:07
                              Start date (UTC):09/01/2025
                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                              File size:35136 bytes
                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                              File Activities

                              Process Activities

                              System Activities

                              Network Activities


                              General

                              Start time (UTC):20:18:07
                              Start date (UTC):09/01/2025
                              Path:/usr/bin/xfce4-panel
                              Arguments:-
                              File size:375768 bytes
                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                              Process Activities


                              General

                              Start time (UTC):20:18:07
                              Start date (UTC):09/01/2025
                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                              File size:35136 bytes
                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                              File Activities

                              Process Activities

                              System Activities

                              Network Activities


                              General

                              Start time (UTC):20:18:07
                              Start date (UTC):09/01/2025
                              Path:/usr/bin/xfce4-panel
                              Arguments:-
                              File size:375768 bytes
                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                              Process Activities


                              General

                              Start time (UTC):20:18:07
                              Start date (UTC):09/01/2025
                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                              File size:35136 bytes
                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                              File Activities

                              Process Activities

                              System Activities

                              Network Activities


                              General

                              Start time (UTC):20:18:07
                              Start date (UTC):09/01/2025
                              Path:/usr/bin/xfce4-panel
                              Arguments:-
                              File size:375768 bytes
                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                              Process Activities


                              General

                              Start time (UTC):20:18:07
                              Start date (UTC):09/01/2025
                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                              File size:35136 bytes
                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                              File Activities

                              Process Activities

                              System Activities

                              Network Activities


                              General

                              Start time (UTC):20:18:13
                              Start date (UTC):09/01/2025
                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                              Arguments:-
                              File size:35136 bytes
                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                              File Activities

                              Process Activities


                              General

                              Start time (UTC):20:18:13
                              Start date (UTC):09/01/2025
                              Path:/usr/sbin/xfpm-power-backlight-helper
                              Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
                              File size:14656 bytes
                              MD5 hash:3d221ad23f28ca3259f599b1664e2427

                              File Activities


                              General

                              Start time (UTC):20:18:07
                              Start date (UTC):09/01/2025
                              Path:/usr/bin/xfce4-panel
                              Arguments:-
                              File size:375768 bytes
                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                              Process Activities


                              General

                              Start time (UTC):20:18:07
                              Start date (UTC):09/01/2025
                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                              File size:35136 bytes
                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                              File Activities

                              Process Activities

                              System Activities

                              Network Activities


                              General

                              Start time (UTC):20:18:07
                              Start date (UTC):09/01/2025
                              Path:/usr/bin/xfce4-panel
                              Arguments:-
                              File size:375768 bytes
                              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                              Process Activities


                              General

                              Start time (UTC):20:18:07
                              Start date (UTC):09/01/2025
                              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
                              File size:35136 bytes
                              MD5 hash:ac0b8a906f359a8ae102244738682e76

                              File Activities

                              Process Activities

                              System Activities

                              Network Activities


                              General

                              Start time (UTC):20:18:13
                              Start date (UTC):09/01/2025
                              Path:/usr/bin/dbus-daemon
                              Arguments:-
                              File size:249032 bytes
                              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                              Process Activities


                              General

                              Start time (UTC):20:18:13
                              Start date (UTC):09/01/2025
                              Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                              File size:112880 bytes
                              MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                              File Activities

                              Process Activities

                              Network Activities


                              General

                              Start time (UTC):20:18:18
                              Start date (UTC):09/01/2025
                              Path:/usr/lib/systemd/systemd
                              Arguments:-
                              File size:1620224 bytes
                              MD5 hash:9b2bec7092a40488108543f9334aab75

                              Process Activities


                              General

                              Start time (UTC):20:18:18
                              Start date (UTC):09/01/2025
                              Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                              File size:112872 bytes
                              MD5 hash:eee956f1b227c1d5031f9c61223255d1

                              File Activities

                              Process Activities

                              System Activities

                              Network Activities