Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
wind.m68k.elf

Overview

General Information

Sample name:wind.m68k.elf
Analysis ID:1587068
MD5:daafe94588ed91c3f7ab5b8b78092ea1
SHA1:b74391bad5cf27a4d245f34c1731ac1c2a1c91b3
SHA256:74debe1d1279d8e6d8f226c7484583af8d99b46ba5b8aebc2f6be34b50865f98
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:84
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1587068
Start date and time:2025-01-09 22:32:09 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 6s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:wind.m68k.elf
Detection:MAL
Classification:mal84.spre.troj.linELF@0/1@2/0

Warnings

  • VT rate limit hit for: wind.m68k.elf

Runtime Messages

Command:/tmp/wind.m68k.elf
PID:5474
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wrapper-2.0 (PID: 5491, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5492, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 5493, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 5494, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 5513, Parent: 5494, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 5495, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 5496, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 5512, Parent: 5511, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 5522, Parent: 2935)
  • xfce4-notifyd (PID: 5522, Parent: 2935, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
wind.m68k.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    wind.m68k.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xe60f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe623:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe637:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe64b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe65f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe673:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe687:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe69b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe6af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe6c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe6d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe6eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe6ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe713:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe727:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe73b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe74f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe763:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe777:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe78b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xe79f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    wind.m68k.elfLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0xeb60:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5477.1.00007f8508001000.00007f8508011000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5477.1.00007f8508001000.00007f8508011000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xe60f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe623:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe637:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe64b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe65f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe673:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe687:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe69b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe6af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe6c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe6d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe6eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe6ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe713:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe727:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe73b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe74f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe763:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe777:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe78b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xe79f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5477.1.00007f8508001000.00007f8508011000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
      • 0xeb60:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
      5474.1.00007f8508001000.00007f8508011000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5474.1.00007f8508001000.00007f8508011000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0xe60f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe623:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe637:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe64b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe65f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe673:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe687:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe69b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe6af:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe6c3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe6d7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe6eb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe6ff:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe713:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe727:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe73b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe74f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe763:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe777:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe78b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xe79f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        Click to see the 9 entries

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: wind.m68k.elfAvira: detected
        Multi AV Scanner detection for submitted file
        Source: wind.m68k.elfReversingLabs: Detection: 65%
        Source: global trafficTCP traffic: 192.168.2.13:51292 -> 154.216.16.103:3778
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: unknownTCP traffic detected without corresponding DNS query: 154.216.16.103
        Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: wind.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: wind.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5477.1.00007f8508001000.00007f8508011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5477.1.00007f8508001000.00007f8508011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5474.1.00007f8508001000.00007f8508011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5474.1.00007f8508001000.00007f8508011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: wind.m68k.elf PID: 5474, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: wind.m68k.elf PID: 5474, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: wind.m68k.elf PID: 5477, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: wind.m68k.elf PID: 5477, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Sample tries to kill multiple processes (SIGKILL)
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3104, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3161, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3162, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3163, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3164, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3165, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3170, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3182, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3208, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3212, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5491, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5492, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5493, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5494, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5495, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5496, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5512, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5522, result: successfulJump to behavior
        Source: xfce4-panel.xml.new.29.drOLE indicator, VBA macros: true
        Source: xfce4-panel.xml.new.29.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3104, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3161, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3162, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3163, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3164, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3165, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3170, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3182, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3208, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 3212, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5491, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5492, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5493, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5494, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5495, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5496, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5512, result: successfulJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)SIGKILL sent: pid: 5522, result: successfulJump to behavior
        Source: wind.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: wind.m68k.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5477.1.00007f8508001000.00007f8508011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5477.1.00007f8508001000.00007f8508011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5474.1.00007f8508001000.00007f8508011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5474.1.00007f8508001000.00007f8508011000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: wind.m68k.elf PID: 5474, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: wind.m68k.elf PID: 5474, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: wind.m68k.elf PID: 5477, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: wind.m68k.elf PID: 5477, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: classification engineClassification label: mal84.spre.troj.linELF@0/1@2/0
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5491)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5493)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5494)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5494)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5494)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5494)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5494)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5494)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5494)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5494)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5512)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5512)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5512)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5512)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5522)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5522)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5522)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5522)Directory: /home/saturnino/.configJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/5421/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3122/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3117/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3114/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/914/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/518/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/519/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/917/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3134/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3375/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3132/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3095/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1745/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1866/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1588/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/884/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1982/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/765/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3246/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/767/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/800/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1906/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/802/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/803/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3645/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1748/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3420/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1482/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/490/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1480/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1755/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1238/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1875/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/2964/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3413/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1751/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1872/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/2961/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1475/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/656/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/778/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/657/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/658/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/659/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/418/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/5316/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/936/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/419/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/816/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1879/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1891/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3310/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3153/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/780/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/660/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1921/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/783/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1765/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3706/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/2974/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3707/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1400/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1884/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3424/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3708/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/2972/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3709/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3147/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/2970/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1881/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3146/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3300/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1805/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1925/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1804/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1648/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1922/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3429/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3442/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3165/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3164/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3163/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3162/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/790/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3161/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/792/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/793/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/672/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1930/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/795/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/674/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3315/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1411/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/2984/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/1410/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/797/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/676/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3434/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3158/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/678/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/679/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/3795/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/5457/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/5459/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5476)File opened: /proc/5616/cmdlineJump to behavior
        Source: /tmp/wind.m68k.elf (PID: 5474)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5491)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5492)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5493)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5494)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5495)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5496)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5522)Queries kernel information via 'uname': Jump to behavior
        Source: wind.m68k.elf, 5474.1.00007ffeb2be2000.00007ffeb2c03000.rw-.sdmp, wind.m68k.elf, 5477.1.00007ffeb2be2000.00007ffeb2c03000.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
        Source: wind.m68k.elf, 5474.1.00007ffeb2be2000.00007ffeb2c03000.rw-.sdmp, wind.m68k.elf, 5477.1.00007ffeb2be2000.00007ffeb2c03000.rw-.sdmpBinary or memory string: tBSx86_64/usr/bin/qemu-m68k/tmp/wind.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/wind.m68k.elf
        Source: wind.m68k.elf, 5474.1.0000561df7e58000.0000561df7edd000.rw-.sdmp, wind.m68k.elf, 5477.1.0000561df7e58000.0000561df7edd000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k
        Source: wind.m68k.elf, 5474.1.0000561df7e58000.0000561df7edd000.rw-.sdmp, wind.m68k.elf, 5477.1.0000561df7e58000.0000561df7edd000.rw-.sdmpBinary or memory string: V!/etc/qemu-binfmt/m68k

        Stealing of Sensitive Information

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: Process Memory Space: wind.m68k.elf PID: 5474, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: wind.m68k.elf PID: 5477, type: MEMORYSTR
        Source: Yara matchFile source: wind.m68k.elf, type: SAMPLE
        Source: Yara matchFile source: 5477.1.00007f8508001000.00007f8508011000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5474.1.00007f8508001000.00007f8508011000.r-x.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: Process Memory Space: wind.m68k.elf PID: 5474, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: wind.m68k.elf PID: 5477, type: MEMORYSTR
        Source: Yara matchFile source: wind.m68k.elf, type: SAMPLE
        Source: Yara matchFile source: 5477.1.00007f8508001000.00007f8508011000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5474.1.00007f8508001000.00007f8508011000.r-x.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid AccountsWindows Management Instrumentation1
        Scripting        		Path Interception1
        Hidden Files and Directories        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Non-Standard Port        		Exfiltration Over Other Network Medium1
        Service Stop
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1587068 Sample: wind.m68k.elf Startdate: 09/01/2025 Architecture: LINUX Score: 84 24 154.216.16.103, 3778, 51292, 51294 SKHT-ASShenzhenKatherineHengTechnologyInformationCo Seychelles 2->24 26 daisy.ubuntu.com 2->26 28 Malicious sample detected (through community Yara rule) 2->28 30 Antivirus / Scanner detection for submitted sample 2->30 32 Multi AV Scanner detection for submitted file 2->32 34 Yara detected Mirai 2->34 7 wind.m68k.elf 2->7         started        9 xfce4-panel wrapper-2.0 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 6 other processes 2->13 signatures3 process4 process5 15 wind.m68k.elf 7->15         started        18 wind.m68k.elf 7->18         started        20 wind.m68k.elf 7->20         started        22 wrapper-2.0 xfpm-power-backlight-helper 9->22         started        signatures6 36 Sample tries to kill multiple processes (SIGKILL) 15->36

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        wind.m68k.elf66%ReversingLabsLinux.Trojan.Mirai
        wind.m68k.elf100%AviraEXP/ELF.Gafgyt.Z.F

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        daisy.ubuntu.com
        		162.213.35.25
        		truefalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          154.216.16.103
          		unknownSeychelles
          		135357SKHT-ASShenzhenKatherineHengTechnologyInformationCofalse

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          daisy.ubuntu.comarm6.elfGet hashmaliciousUnknownBrowse
          • 162.213.35.25
          boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
          • 162.213.35.25
          boatnet.x86.elfGet hashmaliciousMiraiBrowse
          • 162.213.35.24
          boatnet.arm.elfGet hashmaliciousMiraiBrowse
          • 162.213.35.24
          boatnet.ppc.elfGet hashmaliciousMiraiBrowse
          • 162.213.35.24
          boatnet.m68k.elfGet hashmaliciousMiraiBrowse
          • 162.213.35.24
          boatnet.sh4.elfGet hashmaliciousMiraiBrowse
          • 162.213.35.24
          boatnet.arm6.elfGet hashmaliciousMiraiBrowse
          • 162.213.35.24
          wind.ppc.elfGet hashmaliciousMiraiBrowse
          • 162.213.35.25
          wind.arm.elfGet hashmaliciousMiraiBrowse
          • 162.213.35.25

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          SKHT-ASShenzhenKatherineHengTechnologyInformationCohttps://199.188.109.181Get hashmaliciousUnknownBrowse
          • 45.207.231.119
          wind.x86.elfGet hashmaliciousMiraiBrowse
          • 154.216.19.169
          wind.ppc.elfGet hashmaliciousMiraiBrowse
          • 154.216.19.169
          wind.arm.elfGet hashmaliciousMiraiBrowse
          • 154.216.19.169
          wind.mpsl.elfGet hashmaliciousMiraiBrowse
          • 154.216.19.169
          wind.mips.elfGet hashmaliciousMiraiBrowse
          • 154.216.19.169
          wind.m68k.elfGet hashmaliciousMiraiBrowse
          • 154.216.19.169
          wind.sh4.elfGet hashmaliciousMiraiBrowse
          • 154.216.19.169
          new.batGet hashmaliciousUnknownBrowse
          • 154.216.17.175
          army7.elfGet hashmaliciousGafgyt, MiraiBrowse
          • 154.216.20.70

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          /home/saturnino/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml.new

          Download File
          Process:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
          File Type:XML 1.0 document, ASCII text
          Category:dropped
          Size (bytes):5128
          Entropy (8bit):4.457618060812407
          Encrypted:false
          SSDEEP:96:R14GBdYLSNUH+ZAFQrSRR6dn0tWlTDFwIfM/vfzPpjT9I3jZ/qeH2Wg:74GnYLSNUH+ZAyrSRRYn0taTDKIfMPzv
          MD5:2A2A7C34B585CDAE5E123F3C5100C253
          SHA1:E814B1B1531B25581DB76CB813C85E53E1390BA4
          SHA-256:BCA18B654D038B69B25ACDF84CFF99BF521A1B54F482F1DE2B54CE13AC219A04
          SHA-512:CEC7A3A7A6AD6C2A6D101A3BF6D89A01EBDCEB0121AA3DE1CEA024268410B39E4E9188382439C7C3FD734C66764B66B13F1D277700B00A2FCB35CB67E31996DD
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:<?xml version="1.0" encoding="UTF-8"?>..<channel name="xfce4-panel" version="1.0">. <property name="configver" type="int" value="2"/>. <property name="panels" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <property name="panel-1" type="empty">. <property name="position" type="string" value="p=6;x=0;y=0"/>. <property name="length" type="uint" value="100"/>. <property name="position-locked" type="bool" value="true"/>. <property name="icon-size" type="uint" value="16"/>. <property name="size" type="uint" value="26"/>. <property name="plugin-ids" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <value type="int" value="3"/>. <value type="int" value="4"/>. <value type="int" value="5"/>. <value type="int" value="6"/>. <value type="int" value="7"/>. <value type="int" value="8"/>. <value type="int" value="9"/>. <value type="in

          Static File Info

          General

          File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
          Entropy (8bit):6.360544459733418
          TrID:
          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
          File name:wind.m68k.elf
          File size:65'072 bytes
          MD5:daafe94588ed91c3f7ab5b8b78092ea1
          SHA1:b74391bad5cf27a4d245f34c1731ac1c2a1c91b3
          SHA256:74debe1d1279d8e6d8f226c7484583af8d99b46ba5b8aebc2f6be34b50865f98
          SHA512:7ca0623c968bd20b60e71bceaf3e2e2f5080ca788b8b586de99b9ee7197ef8ce8ce8ef768a935e4fcb6dcd08e46f17d67f87a8268e0954296120cb0a335c9748
          SSDEEP:1536:TO76X79qRw/eeTh2yw8E6Mw0n8XDZKRAr:SzG/eeTh1xMoD0R0
          TLSH:9E531BE9B8025E3CF91B9ABA44164E0ABD6177C152830F27677BFDD37C720A59D02C85
          File Content Preview:.ELF.......................D...4.........4. ...(.......................2...2...... ........8...8...8...(.......... .dt.Q............................NV..a....da.....N^NuNV..J9...`f>"y...P QJ.g.X.#....PN."y...P QJ.f.A.....J.g.Hy...4N.X........`N^NuNV..N^NuN

          Static ELF Info

          ELF header

          Class:ELF32
          Data:2's complement, big endian
          Version:1 (current)
          Machine:MC68000
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:UNIX - System V
          ABI Version:0
          Entry Point Address:0x80000144
          Flags:0x0
          ELF Header Size:52
          Program Header Offset:52
          Program Header Size:32
          Number of Program Headers:3
          Section Header Offset:64672
          Section Header Size:40
          Number of Section Headers:10
          Header String Table Index:9

          Sections

          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
          NULL0x00x00x00x00x0000
          .initPROGBITS0x800000940x940x140x00x6AX002
          .textPROGBITS0x800000a80xa80xe5020x00x6AX004
          .finiPROGBITS0x8000e5aa0xe5aa0xe0x00x6AX002
          .rodataPROGBITS0x8000e5b80xe5b80x147a0x00x2A002
          .ctorsPROGBITS0x80011a380xfa380x80x00x3WA004
          .dtorsPROGBITS0x80011a400xfa400x80x00x3WA004
          .dataPROGBITS0x80011a4c0xfa4c0x2140x00x3WA004
          .bssNOBITS0x80011c600xfc600x2e80x00x3WA004
          .shstrtabSTRTAB0x00xfc600x3e0x00x0001

          Program Segments

          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00x800000000x800000000xfa320xfa326.39140x5R E0x2000.init .text .fini .rodata
          LOAD0xfa380x80011a380x80011a380x2280x5103.07770x6RW 0x2000.ctors .dtors .data .bss
          GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jan 9, 2025 22:32:59.556466103 CET512923778192.168.2.13154.216.16.103
          Jan 9, 2025 22:32:59.561312914 CET377851292154.216.16.103192.168.2.13
          Jan 9, 2025 22:32:59.561367989 CET512923778192.168.2.13154.216.16.103
          Jan 9, 2025 22:32:59.595913887 CET512923778192.168.2.13154.216.16.103
          Jan 9, 2025 22:32:59.600760937 CET377851292154.216.16.103192.168.2.13
          Jan 9, 2025 22:32:59.600842953 CET512923778192.168.2.13154.216.16.103
          Jan 9, 2025 22:32:59.605658054 CET377851292154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:00.219171047 CET377851292154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:00.219337940 CET512923778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:00.219455957 CET512923778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:00.220005035 CET512943778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:00.224853039 CET377851294154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:00.224924088 CET512943778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:00.225524902 CET512943778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:00.230364084 CET377851294154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:00.230424881 CET512943778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:00.235431910 CET377851294154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:00.910881042 CET377851294154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:00.911338091 CET512943778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:00.911447048 CET512943778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:00.913013935 CET512963778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:00.918469906 CET377851296154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:00.923403978 CET512963778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:00.931468964 CET512963778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:00.936444044 CET377851296154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:00.939394951 CET512963778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:00.946784019 CET377851296154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:01.598483086 CET377851296154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:01.598607063 CET512963778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:01.598643064 CET512963778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:01.599189997 CET512983778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:01.603926897 CET377851298154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:01.603981018 CET512983778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:01.604621887 CET512983778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:01.609414101 CET377851298154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:01.609498024 CET512983778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:01.614342928 CET377851298154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:02.264938116 CET377851298154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:02.265160084 CET512983778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:02.265160084 CET512983778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:02.265645027 CET513003778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:02.270482063 CET377851300154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:02.270565033 CET513003778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:02.271296024 CET513003778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:02.276065111 CET377851300154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:02.276161909 CET513003778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:02.280960083 CET377851300154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:02.928215981 CET377851300154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:02.928447008 CET513003778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:02.928447008 CET513003778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:02.929002047 CET513023778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:02.935028076 CET377851302154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:02.935082912 CET513023778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:02.935740948 CET513023778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:02.941832066 CET377851302154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:02.941884995 CET513023778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:02.947896957 CET377851302154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:03.612854004 CET377851302154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:03.613157034 CET513023778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:03.613157034 CET513023778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:03.613888025 CET513043778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:03.618669987 CET377851304154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:03.618726969 CET513043778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:03.619383097 CET513043778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:03.624136925 CET377851304154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:03.624191999 CET513043778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:03.628962040 CET377851304154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:04.296310902 CET377851304154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:04.296503067 CET513043778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:04.296503067 CET513043778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:04.296961069 CET513063778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:04.303030014 CET377851306154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:04.303095102 CET513063778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:04.303734064 CET513063778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:04.309643984 CET377851306154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:04.309704065 CET513063778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:04.314568043 CET377851306154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:04.972409010 CET377851306154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:04.972451925 CET513063778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:04.972487926 CET513063778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:04.974453926 CET513083778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:04.979243994 CET377851308154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:04.979300976 CET513083778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:04.982083082 CET513083778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:04.987646103 CET377851308154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:04.987693071 CET513083778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:04.993179083 CET377851308154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:05.671825886 CET377851308154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:05.671924114 CET513083778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:05.671925068 CET513083778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:05.687401056 CET513103778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:05.692157030 CET377851310154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:05.692213058 CET513103778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:05.772424936 CET513103778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:05.777259111 CET377851310154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:05.780432940 CET513103778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:05.785284996 CET377851310154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:06.364862919 CET377851310154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:06.364954948 CET513103778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:06.364954948 CET513103778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:06.366328955 CET513123778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:06.371083975 CET377851312154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:06.371326923 CET513123778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:06.376315117 CET513123778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:06.381102085 CET377851312154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:06.381226063 CET513123778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:06.385989904 CET377851312154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:07.049803019 CET377851312154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:07.049871922 CET513123778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:07.049907923 CET513123778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:07.051804066 CET513143778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:07.056574106 CET377851314154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:07.056713104 CET513143778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:07.059772968 CET513143778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:07.064614058 CET377851314154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:07.064718962 CET513143778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:07.069448948 CET377851314154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:07.711939096 CET377851314154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:07.712074041 CET513143778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:07.712074041 CET513143778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:07.726885080 CET513163778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:07.731755972 CET377851316154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:07.731826067 CET513163778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:07.755202055 CET513163778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:07.760215998 CET377851316154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:07.760281086 CET513163778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:07.765105009 CET377851316154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:08.404516935 CET377851316154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:08.404709101 CET513163778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:08.404709101 CET513163778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:08.406858921 CET513183778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:08.411756039 CET377851318154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:08.411809921 CET513183778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:08.416651964 CET513183778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:08.421467066 CET377851318154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:08.421525002 CET513183778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:08.426343918 CET377851318154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:09.069820881 CET377851318154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:09.069916964 CET513183778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:09.070003033 CET513183778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:09.072312117 CET513203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:09.078255892 CET377851320154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:09.078306913 CET513203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:09.083035946 CET513203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:09.090121984 CET377851320154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:09.090171099 CET513203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:09.096854925 CET377851320154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:09.735969067 CET377851320154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:09.736062050 CET513203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:09.736063004 CET513203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:09.765013933 CET513223778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:09.769860983 CET377851322154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:09.770225048 CET513223778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:09.795331955 CET513223778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:09.800169945 CET377851322154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:09.800232887 CET513223778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:09.807080984 CET377851322154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:10.440437078 CET377851322154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:10.440479040 CET513223778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:10.440509081 CET513223778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:10.444330931 CET513243778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:10.449352026 CET377851324154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:10.449443102 CET513243778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:10.455228090 CET513243778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:10.460057020 CET377851324154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:10.460114002 CET513243778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:10.464871883 CET377851324154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:11.170811892 CET377851324154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:11.171202898 CET513243778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:11.171202898 CET513243778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:11.173312902 CET513263778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:11.178069115 CET377851326154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:11.178153038 CET513263778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:11.183188915 CET513263778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:11.187897921 CET377851326154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:11.187966108 CET513263778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:11.192753077 CET377851326154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:11.835436106 CET377851326154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:11.835552931 CET513263778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:11.835552931 CET513263778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:11.839059114 CET513283778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:11.844686985 CET377851328154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:11.844775915 CET513283778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:11.854916096 CET513283778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:11.860515118 CET377851328154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:11.861994982 CET513283778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:11.867990971 CET377851328154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:13.066220045 CET377851328154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:13.066277981 CET513283778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:13.066325903 CET513283778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:13.066462994 CET377851328154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:13.066521883 CET513283778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:13.066760063 CET377851328154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:13.066796064 CET513283778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:13.068736076 CET513303778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:13.073574066 CET377851330154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:13.073627949 CET513303778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:13.078205109 CET513303778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:13.083697081 CET377851330154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:13.083741903 CET513303778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:13.088506937 CET377851330154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:13.748759031 CET377851330154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:13.748862028 CET513303778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:13.748862028 CET513303778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:13.771338940 CET513323778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:13.776159048 CET377851332154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:13.776396990 CET513323778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:13.878933907 CET513323778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:13.883740902 CET377851332154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:13.884465933 CET513323778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:13.889374018 CET377851332154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:14.435398102 CET377851332154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:14.435476065 CET513323778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:14.435509920 CET513323778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:14.437577963 CET513343778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:14.442414045 CET377851334154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:14.442456007 CET513343778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:14.446230888 CET513343778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:14.451026917 CET377851334154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:14.451066017 CET513343778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:14.456108093 CET377851334154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:15.132239103 CET377851334154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:15.132293940 CET513343778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:15.132352114 CET513343778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:15.134706974 CET513363778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:15.141388893 CET377851336154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:15.141431093 CET513363778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:15.146411896 CET513363778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:15.152998924 CET377851336154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:15.153033018 CET513363778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:15.159903049 CET377851336154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:15.803173065 CET377851336154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:15.803271055 CET513363778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:15.803327084 CET513363778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:15.807852983 CET513383778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:15.812686920 CET377851338154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:15.812761068 CET513383778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:15.885727882 CET513383778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:15.890748024 CET377851338154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:15.892353058 CET513383778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:15.897125959 CET377851338154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:16.519020081 CET377851338154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:16.519103050 CET513383778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:16.519131899 CET513383778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:16.520879984 CET513403778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:16.525891066 CET377851340154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:16.525974035 CET513403778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:16.532953024 CET513403778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:16.537903070 CET377851340154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:16.537950039 CET513403778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:16.542776108 CET377851340154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:17.203382969 CET377851340154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:17.203448057 CET513403778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:17.203486919 CET513403778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:17.205393076 CET513423778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:17.210138083 CET377851342154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:17.210221052 CET513423778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:17.213921070 CET513423778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:17.218715906 CET377851342154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:17.218772888 CET513423778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:17.223567963 CET377851342154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:17.868549109 CET377851342154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:17.868731022 CET513423778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:17.868731022 CET513423778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:17.871145010 CET513443778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:17.876802921 CET377851344154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:17.876915932 CET513443778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:17.886430025 CET513443778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:17.891211033 CET377851344154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:17.891635895 CET513443778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:17.896375895 CET377851344154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:18.670517921 CET377851344154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:18.670587063 CET513443778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:18.670623064 CET513443778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:18.672089100 CET513463778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:18.676847935 CET377851346154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:18.676908970 CET513463778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:18.679708004 CET513463778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:18.684514046 CET377851346154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:18.684568882 CET513463778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:18.689379930 CET377851346154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:19.361713886 CET377851346154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:19.361830950 CET513463778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:19.361830950 CET513463778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:19.364058971 CET513483778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:19.369487047 CET377851348154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:19.369574070 CET513483778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:19.374842882 CET513483778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:19.379787922 CET377851348154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:19.379858017 CET513483778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:19.384763956 CET377851348154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:20.066751957 CET377851348154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:20.066869974 CET513483778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:20.066869974 CET513483778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:20.069878101 CET513503778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:20.076220036 CET377851350154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:20.078464985 CET513503778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:20.111943007 CET513503778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:20.118302107 CET377851350154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:20.118356943 CET513503778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:20.124676943 CET377851350154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:23.736893892 CET377851350154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:23.737307072 CET513503778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:23.737308025 CET513503778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:23.737804890 CET513523778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:23.742639065 CET377851352154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:23.742739916 CET513523778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:23.743463039 CET513523778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:23.748225927 CET377851352154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:23.751214981 CET513523778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:23.758096933 CET377851352154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:24.433886051 CET377851352154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:24.434160948 CET513523778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:24.434160948 CET513523778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:24.434564114 CET513543778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:24.439402103 CET377851354154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:24.439500093 CET513543778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:24.440140963 CET513543778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:24.444886923 CET377851354154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:24.444958925 CET513543778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:24.449748993 CET377851354154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:25.124990940 CET377851354154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:25.125283003 CET513543778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:25.125283957 CET513543778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:25.126178026 CET513563778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:25.130971909 CET377851356154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:25.131038904 CET513563778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:25.131994963 CET513563778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:25.136822939 CET377851356154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:25.136871099 CET513563778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:25.141927958 CET377851356154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:25.810239077 CET377851356154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:25.810518026 CET513563778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:25.810518026 CET513563778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:25.811342001 CET513583778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:25.816222906 CET377851358154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:25.816306114 CET513583778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:25.817151070 CET513583778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:25.821957111 CET377851358154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:25.822004080 CET513583778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:25.826791048 CET377851358154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:26.474931002 CET377851358154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:26.475378036 CET513583778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:26.475378036 CET513583778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:26.476089001 CET513603778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:26.480896950 CET377851360154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:26.481004953 CET513603778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:26.481937885 CET513603778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:26.486813068 CET377851360154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:26.486860991 CET513603778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:26.491636038 CET377851360154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:27.150775909 CET377851360154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:27.151102066 CET513603778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:27.151102066 CET513603778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:27.152013063 CET513623778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:27.156774998 CET377851362154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:27.156831980 CET513623778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:27.157746077 CET513623778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:27.162467957 CET377851362154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:27.162516117 CET513623778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:27.167272091 CET377851362154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:27.843173027 CET377851362154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:27.843492985 CET513623778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:27.843492985 CET513623778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:27.844187021 CET513643778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:27.849021912 CET377851364154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:27.849140882 CET513643778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:27.850102901 CET513643778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:27.854875088 CET377851364154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:27.854954958 CET513643778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:27.859726906 CET377851364154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:28.509924889 CET377851364154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:28.510134935 CET513643778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:28.510134935 CET513643778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:28.510530949 CET513663778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:28.515321016 CET377851366154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:28.515388012 CET513663778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:28.516267061 CET513663778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:28.521011114 CET377851366154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:28.521089077 CET513663778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:28.525847912 CET377851366154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:29.199742079 CET377851366154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:29.200108051 CET513663778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:29.200108051 CET513663778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:29.200592041 CET513683778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:29.205440044 CET377851368154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:29.205501080 CET513683778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:29.206201077 CET513683778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:29.211024046 CET377851368154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:29.211081028 CET513683778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:29.215883017 CET377851368154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:29.867424965 CET377851368154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:29.867707014 CET513683778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:29.867707014 CET513683778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:29.868323088 CET513703778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:29.873122931 CET377851370154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:29.873228073 CET513703778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:29.873831987 CET513703778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:29.879296064 CET377851370154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:29.879365921 CET513703778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:29.884828091 CET377851370154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:30.530291080 CET377851370154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:30.530541897 CET513703778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:30.530541897 CET513703778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:30.531049967 CET513723778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:30.535902023 CET377851372154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:30.535972118 CET513723778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:30.536586046 CET513723778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:30.541328907 CET377851372154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:30.541404009 CET513723778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:30.546205044 CET377851372154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:31.194704056 CET377851372154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:31.194989920 CET513723778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:31.195025921 CET513723778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:31.195856094 CET513743778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:31.200659037 CET377851374154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:31.200751066 CET513743778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:31.201864958 CET513743778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:31.206693888 CET377851374154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:31.206784010 CET513743778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:31.211544037 CET377851374154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:31.871047020 CET377851374154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:31.871395111 CET513743778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:31.871498108 CET513743778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:31.872270107 CET513763778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:31.877151012 CET377851376154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:31.877280951 CET513763778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:31.878000975 CET513763778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:31.882822037 CET377851376154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:31.882936001 CET513763778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:31.887829065 CET377851376154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:32.544423103 CET377851376154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:32.544848919 CET513763778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:32.544848919 CET513763778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:32.545759916 CET513783778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:32.550879002 CET377851378154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:32.550962925 CET513783778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:32.551922083 CET513783778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:32.556772947 CET377851378154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:32.556879044 CET513783778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:32.561784029 CET377851378154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:33.217263937 CET377851378154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:33.217637062 CET513783778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:33.217637062 CET513783778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:33.218224049 CET513803778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:33.223120928 CET377851380154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:33.223253012 CET513803778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:33.224005938 CET513803778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:33.228811026 CET377851380154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:33.228981018 CET513803778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:33.234325886 CET377851380154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:33.916130066 CET377851380154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:33.916400909 CET513803778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:33.916443110 CET513803778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:33.917135954 CET513823778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:33.921986103 CET377851382154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:33.922046900 CET513823778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:33.922724009 CET513823778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:33.927506924 CET377851382154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:33.927599907 CET513823778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:33.932492971 CET377851382154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:34.592386961 CET377851382154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:34.592905045 CET513823778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:34.592969894 CET513823778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:34.593805075 CET513843778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:34.599004984 CET377851384154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:34.599102974 CET513843778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:34.600435019 CET513843778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:34.605377913 CET377851384154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:34.605454922 CET513843778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:34.610337973 CET377851384154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:35.286988020 CET377851384154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:35.287143946 CET513843778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:35.287290096 CET513843778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:35.288232088 CET513863778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:35.293018103 CET377851386154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:35.293168068 CET513863778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:35.293783903 CET513863778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:35.298561096 CET377851386154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:35.298643112 CET513863778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:35.303468943 CET377851386154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:35.954924107 CET377851386154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:35.955265999 CET513863778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:35.955265999 CET513863778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:35.956027031 CET513883778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:35.960864067 CET377851388154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:35.960938931 CET513883778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:35.961836100 CET513883778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:35.966666937 CET377851388154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:35.966722012 CET513883778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:35.971467018 CET377851388154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:36.634747028 CET377851388154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:36.635088921 CET513883778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:36.635088921 CET513883778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:36.636001110 CET513903778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:36.640826941 CET377851390154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:36.640955925 CET513903778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:36.641920090 CET513903778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:36.646826029 CET377851390154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:36.646923065 CET513903778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:36.651771069 CET377851390154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:37.306535006 CET377851390154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:37.306704998 CET513903778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:37.306802988 CET513903778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:37.307742119 CET513923778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:37.312772036 CET377851392154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:37.312875032 CET513923778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:37.314246893 CET513923778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:37.319359064 CET377851392154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:37.319473982 CET513923778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:37.324295044 CET377851392154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:37.998035908 CET377851392154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:37.998267889 CET513923778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:37.998426914 CET513923778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:37.999310970 CET513943778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:38.004220963 CET377851394154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:38.004309893 CET513943778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:38.005259037 CET513943778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:38.010067940 CET377851394154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:38.010130882 CET513943778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:38.014970064 CET377851394154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:38.687573910 CET377851394154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:38.687839985 CET513943778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:38.687930107 CET513943778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:38.689282894 CET513963778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:38.694255114 CET377851396154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:38.694453955 CET513963778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:38.695815086 CET513963778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:38.700751066 CET377851396154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:38.700920105 CET513963778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:38.705951929 CET377851396154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:39.358795881 CET377851396154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:39.359080076 CET513963778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:39.359081030 CET513963778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:39.359996080 CET513983778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:39.365178108 CET377851398154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:39.365298986 CET513983778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:39.366482019 CET513983778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:39.371237993 CET377851398154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:39.371299028 CET513983778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:39.376070976 CET377851398154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:40.050961971 CET377851398154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:40.051323891 CET513983778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:40.051323891 CET513983778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:40.052333117 CET514003778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:40.057208061 CET377851400154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:40.057290077 CET514003778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:40.058614969 CET514003778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:40.063399076 CET377851400154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:40.063467026 CET514003778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:40.068265915 CET377851400154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:40.715874910 CET377851400154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:40.716227055 CET514003778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:40.716315031 CET514003778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:40.717210054 CET514023778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:40.722134113 CET377851402154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:40.722367048 CET514023778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:40.723783970 CET514023778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:40.728533030 CET377851402154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:40.728615046 CET514023778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:40.733572960 CET377851402154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:41.382225037 CET377851402154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:41.382615089 CET514023778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:41.382853985 CET514023778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:41.383852005 CET514043778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:41.388775110 CET377851404154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:41.389024973 CET514043778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:41.390456915 CET514043778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:41.395241976 CET377851404154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:41.395311117 CET514043778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:41.400136948 CET377851404154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:42.068295956 CET377851404154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:42.068650007 CET514043778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:42.068742037 CET514043778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:42.069530964 CET514063778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:42.074430943 CET377851406154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:42.074572086 CET514063778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:42.075598001 CET514063778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:42.080421925 CET377851406154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:42.080524921 CET514063778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:42.085659027 CET377851406154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:42.730626106 CET377851406154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:42.731000900 CET514063778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:42.731194973 CET514063778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:42.732321024 CET514083778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:42.737251043 CET377851408154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:42.737413883 CET514083778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:42.738750935 CET514083778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:42.743606091 CET377851408154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:42.743693113 CET514083778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:42.748569012 CET377851408154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:43.418260098 CET377851408154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:43.418845892 CET514083778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:43.418977976 CET514083778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:43.421607018 CET514103778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:43.426825047 CET377851410154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:43.427017927 CET514103778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:43.428792000 CET514103778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:43.433625937 CET377851410154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:43.433743954 CET514103778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:43.438555002 CET377851410154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:44.115650892 CET377851410154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:44.116333961 CET514103778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:44.116334915 CET514103778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:44.117923975 CET514123778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:44.123096943 CET377851412154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:44.123275042 CET514123778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:44.124320030 CET514123778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:44.132703066 CET377851412154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:44.133111000 CET514123778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:44.138468027 CET377851412154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:44.817069054 CET377851412154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:44.817637920 CET514123778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:44.817639112 CET514123778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:44.818731070 CET514143778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:44.823945045 CET377851414154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:44.824269056 CET514143778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:44.825550079 CET514143778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:44.830858946 CET377851414154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:44.831139088 CET514143778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:44.836580992 CET377851414154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:45.484890938 CET377851414154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:45.485483885 CET514143778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:45.485532045 CET514143778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:45.486972094 CET514163778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:45.492136955 CET377851416154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:45.492274046 CET514163778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:45.493782043 CET514163778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:45.498791933 CET377851416154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:45.498883009 CET514163778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:45.503695011 CET377851416154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:46.477684975 CET377851416154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:46.478286982 CET514163778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:46.478287935 CET514163778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:46.479573965 CET514183778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:46.484672070 CET377851418154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:46.484839916 CET514183778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:46.486151934 CET514183778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:46.490978003 CET377851418154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:46.491055012 CET514183778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:46.496028900 CET377851418154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:47.154340029 CET377851418154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:47.155133009 CET514183778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:47.155133009 CET514183778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:47.156234026 CET514203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:47.161381006 CET377851420154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:47.161487103 CET514203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:47.162817955 CET514203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:47.167965889 CET377851420154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:47.168044090 CET514203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:47.173171043 CET377851420154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:57.171468019 CET514203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:33:57.177444935 CET377851420154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:57.373289108 CET377851420154.216.16.103192.168.2.13
          Jan 9, 2025 22:33:57.373713017 CET514203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:34:57.415179968 CET514203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:34:57.420696020 CET377851420154.216.16.103192.168.2.13
          Jan 9, 2025 22:34:57.617374897 CET377851420154.216.16.103192.168.2.13
          Jan 9, 2025 22:34:57.617957115 CET514203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:35:57.667543888 CET514203778192.168.2.13154.216.16.103
          Jan 9, 2025 22:35:57.673221111 CET377851420154.216.16.103192.168.2.13
          Jan 9, 2025 22:35:57.868907928 CET377851420154.216.16.103192.168.2.13
          Jan 9, 2025 22:35:57.869203091 CET514203778192.168.2.13154.216.16.103

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jan 9, 2025 22:35:45.988692045 CET3553553192.168.2.138.8.8.8
          Jan 9, 2025 22:35:45.988750935 CET4366953192.168.2.138.8.8.8
          Jan 9, 2025 22:35:46.178657055 CET53436698.8.8.8192.168.2.13
          Jan 9, 2025 22:35:46.178762913 CET53355358.8.8.8192.168.2.13

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Jan 9, 2025 22:35:45.988692045 CET192.168.2.138.8.8.80x6518Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
          Jan 9, 2025 22:35:45.988750935 CET192.168.2.138.8.8.80x2d1fStandard query (0)daisy.ubuntu.com28IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Jan 9, 2025 22:35:46.178762913 CET8.8.8.8192.168.2.130x6518No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
          Jan 9, 2025 22:35:46.178762913 CET8.8.8.8192.168.2.130x6518No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

          System Behavior

          General

          Start time (UTC):21:32:58
          Start date (UTC):09/01/2025
          Path:/tmp/wind.m68k.elf
          Arguments:/tmp/wind.m68k.elf
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          Chronological Activities


          General

          Start time (UTC):21:32:58
          Start date (UTC):09/01/2025
          Path:/tmp/wind.m68k.elf
          Arguments:-
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          Chronological Activities


          General

          Start time (UTC):21:32:58
          Start date (UTC):09/01/2025
          Path:/tmp/wind.m68k.elf
          Arguments:-
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          Chronological Activities


          General

          Start time (UTC):21:32:58
          Start date (UTC):09/01/2025
          Path:/tmp/wind.m68k.elf
          Arguments:-
          File size:4463432 bytes
          MD5 hash:cd177594338c77b895ae27c33f8f86cc

          Chronological Activities


          General

          Start time (UTC):21:33:03
          Start date (UTC):09/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Chronological Activities


          General

          Start time (UTC):21:33:03
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          Chronological Activities


          General

          Start time (UTC):21:33:03
          Start date (UTC):09/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Chronological Activities


          General

          Start time (UTC):21:33:03
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          Chronological Activities


          General

          Start time (UTC):21:33:03
          Start date (UTC):09/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Chronological Activities


          General

          Start time (UTC):21:33:03
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          Chronological Activities


          General

          Start time (UTC):21:33:03
          Start date (UTC):09/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Chronological Activities


          General

          Start time (UTC):21:33:03
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          Chronological Activities


          General

          Start time (UTC):21:33:09
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:-
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          Chronological Activities


          General

          Start time (UTC):21:33:09
          Start date (UTC):09/01/2025
          Path:/usr/sbin/xfpm-power-backlight-helper
          Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
          File size:14656 bytes
          MD5 hash:3d221ad23f28ca3259f599b1664e2427

          Chronological Activities


          General

          Start time (UTC):21:33:03
          Start date (UTC):09/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Chronological Activities


          General

          Start time (UTC):21:33:03
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          Chronological Activities


          General

          Start time (UTC):21:33:03
          Start date (UTC):09/01/2025
          Path:/usr/bin/xfce4-panel
          Arguments:-
          File size:375768 bytes
          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

          Chronological Activities


          General

          Start time (UTC):21:33:03
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
          File size:35136 bytes
          MD5 hash:ac0b8a906f359a8ae102244738682e76

          Chronological Activities


          General

          Start time (UTC):21:33:09
          Start date (UTC):09/01/2025
          Path:/usr/bin/dbus-daemon
          Arguments:-
          File size:249032 bytes
          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

          Chronological Activities


          General

          Start time (UTC):21:33:09
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
          File size:112880 bytes
          MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

          Chronological Activities


          General

          Start time (UTC):21:33:13
          Start date (UTC):09/01/2025
          Path:/usr/lib/systemd/systemd
          Arguments:-
          File size:1620224 bytes
          MD5 hash:9b2bec7092a40488108543f9334aab75

          Chronological Activities


          General

          Start time (UTC):21:33:13
          Start date (UTC):09/01/2025
          Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
          File size:112872 bytes
          MD5 hash:eee956f1b227c1d5031f9c61223255d1

          Chronological Activities