Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
boatnet.mpsl.elf

Overview

General Information

Sample name:boatnet.mpsl.elf
Analysis ID:1589460
MD5:4e23210e2603fe08846bf7eeebd8aab5
SHA1:b6f6949d7c9da505946a90bbb8cca46a4c3efd53
SHA256:cd510f2661e5d81afed3093967ef5c31f1a14967a0e88b2b005549695653eaaa
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:88
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1589460
Start date and time:2025-01-12 15:48:11 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 24s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:boatnet.mpsl.elf
Detection:MAL
Classification:mal88.spre.troj.evad.linELF@0/0@2/0

Runtime Messages

Command:/tmp/boatnet.mpsl.elf
PID:5840
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wrapper-2.0 (PID: 5852, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5853, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 5854, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 5876, Parent: 5854, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 5855, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 5856, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • wrapper-2.0 (PID: 5857, Parent: 3235, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • xfconfd (PID: 5875, Parent: 5874, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 5884, Parent: 3044)
  • xfce4-notifyd (PID: 5884, Parent: 3044, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5844.1.00007f9670400000.00007f967041b000.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
    5844.1.00007f9670400000.00007f967041b000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5844.1.00007f9670400000.00007f967041b000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0x18b8c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18ba0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18bb4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18bc8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18bdc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18bf0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18c04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18c18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18c2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18c40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18c54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18c68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18c7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18c90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18ca4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18cb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18ccc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18ce0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18cf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18d08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x18d1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5844.1.00007f9670400000.00007f967041b000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
      • 0x190e4:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
      5844.1.00007f9670400000.00007f967041b000.r-x.sdmpMirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
      • 0x18a90:$x1: POST /cdn-cgi/
      • 0x1991c:$s1: LCOGQGPTGP
      Click to see the 22 entries

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: boatnet.mpsl.elfAvira: detected
      Multi AV Scanner detection for submitted file
      Source: boatnet.mpsl.elfVirustotal: Detection: 41%Perma Link
      Source: boatnet.mpsl.elfReversingLabs: Detection: 55%
      Source: global trafficTCP traffic: 192.168.2.15:54084 -> 94.158.245.27:3778
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: unknownTCP traffic detected without corresponding DNS query: 94.158.245.27
      Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
      Source: boatnet.mpsl.elfString found in binary or memory: http://upx.sf.net

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 5844.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5844.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 5844.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5844.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5840.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5840.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 5840.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5840.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: 5846.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 5846.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 5846.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 5846.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Detects ELF malware Mirai related Author: Florian Roth
      Source: Process Memory Space: boatnet.mpsl.elf PID: 5840, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: boatnet.mpsl.elf PID: 5840, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: boatnet.mpsl.elf PID: 5844, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: boatnet.mpsl.elf PID: 5844, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: Process Memory Space: boatnet.mpsl.elf PID: 5846, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: boatnet.mpsl.elf PID: 5846, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Sample tries to kill multiple processes (SIGKILL)
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3192, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3249, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3250, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3251, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3252, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3253, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3255, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3272, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3274, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3298, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5846, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5852, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5853, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5854, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5855, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5856, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5857, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5875, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5884, result: successfulJump to behavior
      Source: LOAD without section mappingsProgram segment: 0x100000
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3192, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3249, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3250, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3251, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3252, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3253, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3255, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3272, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3274, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 3298, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5846, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5852, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5853, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5854, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5855, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5856, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5857, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5875, result: successfulJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)SIGKILL sent: pid: 5884, result: successfulJump to behavior
      Source: 5844.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5844.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 5844.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5844.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5840.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5840.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 5840.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5840.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: 5846.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 5846.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 5846.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 5846.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_2 date = 2018-10-27, hash1 = fa0018e75f503f9748a5de0d14d4358db234f65e28c31c8d5878cc58807081c9, author = Florian Roth, description = Detects ELF malware Mirai related, reference = Internal Research
      Source: Process Memory Space: boatnet.mpsl.elf PID: 5840, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: boatnet.mpsl.elf PID: 5840, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: boatnet.mpsl.elf PID: 5844, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: boatnet.mpsl.elf PID: 5844, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: Process Memory Space: boatnet.mpsl.elf PID: 5846, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: boatnet.mpsl.elf PID: 5846, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: classification engineClassification label: mal88.spre.troj.evad.linELF@0/0@2/0

      Data Obfuscation

      barindex
      Sample is packed with UPX
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5852)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5853)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5854)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5855)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /home/saturnino/.fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/X11/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /home/saturnino/.fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/X11/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /home/saturnino/.cacheJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /home/saturnino/.localJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Directory: /home/saturnino/.configJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5875)Directory: /home/saturnino/.cacheJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5875)Directory: /home/saturnino/.localJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5875)Directory: /home/saturnino/.configJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5875)Directory: /home/saturnino/.configJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5884)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1185/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3241/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3483/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1732/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1730/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1333/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1695/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3235/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3234/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/911/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/515/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/914/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1617/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1615/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/917/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3255/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3253/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1591/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3252/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3251/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3250/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1623/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1588/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3249/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/764/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3368/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1585/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3246/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3488/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/766/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/800/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/888/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/5787/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/802/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1509/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/803/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/804/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/5823/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3800/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/5824/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3801/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1867/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3407/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3802/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/5682/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3781/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1484/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/490/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1514/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1634/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1479/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1875/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/654/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3379/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/655/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/656/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/777/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/931/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1595/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/657/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/812/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/779/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/658/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/933/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/418/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/419/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3419/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3310/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3275/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3274/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3273/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3394/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3272/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/782/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3303/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1762/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3027/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1486/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/789/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1806/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/5846/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1660/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3440/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/793/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/794/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3316/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/674/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/796/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/675/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/676/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1498/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1497/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1496/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3157/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3278/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3399/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/5852/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/5853/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/5854/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/5855/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3799/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/3953/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/5856/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/5857/cmdlineJump to behavior
      Source: /tmp/boatnet.mpsl.elf (PID: 5842)File opened: /proc/1659/cmdlineJump to behavior
      Source: boatnet.mpsl.elfSubmission file: segment LOAD with 7.9159 entropy (max. 8.0)
      Source: /tmp/boatnet.mpsl.elf (PID: 5840)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5852)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5853)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5854)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5855)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5856)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5857)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5884)Queries kernel information via 'uname': Jump to behavior
      Source: boatnet.mpsl.elf, 5840.1.00007ffd307d3000.00007ffd307f4000.rw-.sdmp, boatnet.mpsl.elf, 5844.1.00007ffd307d3000.00007ffd307f4000.rw-.sdmp, boatnet.mpsl.elf, 5846.1.00007ffd307d3000.00007ffd307f4000.rw-.sdmpBinary or memory string: Px86_64/usr/bin/qemu-mipsel/tmp/boatnet.mpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/boatnet.mpsl.elf
      Source: boatnet.mpsl.elf, 5840.1.0000557294cae000.0000557294d55000.rw-.sdmp, boatnet.mpsl.elf, 5844.1.0000557294cae000.0000557294d35000.rw-.sdmp, boatnet.mpsl.elf, 5846.1.0000557294cae000.0000557294d35000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
      Source: boatnet.mpsl.elf, 5840.1.0000557294cae000.0000557294d55000.rw-.sdmp, boatnet.mpsl.elf, 5844.1.0000557294cae000.0000557294d35000.rw-.sdmp, boatnet.mpsl.elf, 5846.1.0000557294cae000.0000557294d35000.rw-.sdmpBinary or memory string: rU!/etc/qemu-binfmt/mipsel
      Source: boatnet.mpsl.elf, 5840.1.00007ffd307d3000.00007ffd307f4000.rw-.sdmp, boatnet.mpsl.elf, 5844.1.00007ffd307d3000.00007ffd307f4000.rw-.sdmp, boatnet.mpsl.elf, 5846.1.00007ffd307d3000.00007ffd307f4000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel

      Stealing of Sensitive Information

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: 5844.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5840.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5846.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: boatnet.mpsl.elf PID: 5840, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: boatnet.mpsl.elf PID: 5844, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: boatnet.mpsl.elf PID: 5846, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: 5844.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5840.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5846.1.00007f9670400000.00007f967041b000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: boatnet.mpsl.elf PID: 5840, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: boatnet.mpsl.elf PID: 5844, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: boatnet.mpsl.elf PID: 5846, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
      Hidden Files and Directories      		1
      OS Credential Dumping      		11
      Security Software Discovery      		Remote ServicesData from Local System1
      Non-Standard Port      		Exfiltration Over Other Network Medium1
      Service Stop
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
      Obfuscated Files or Information      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589460 Sample: boatnet.mpsl.elf Startdate: 12/01/2025 Architecture: LINUX Score: 88 24 94.158.245.27, 3778, 54084, 54086 MIVOCLOUDMD Moldova Republic of 2->24 26 daisy.ubuntu.com 2->26 28 Malicious sample detected (through community Yara rule) 2->28 30 Antivirus / Scanner detection for submitted sample 2->30 32 Multi AV Scanner detection for submitted file 2->32 34 2 other signatures 2->34 7 boatnet.mpsl.elf 2->7         started        9 xfce4-panel wrapper-2.0 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 6 other processes 2->13 signatures3 process4 process5 15 boatnet.mpsl.elf 7->15         started        18 boatnet.mpsl.elf 7->18         started        20 boatnet.mpsl.elf 7->20         started        22 wrapper-2.0 xfpm-power-backlight-helper 9->22         started        signatures6 36 Sample tries to kill multiple processes (SIGKILL) 15->36

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      boatnet.mpsl.elf42%VirustotalBrowse
      boatnet.mpsl.elf55%ReversingLabsLinux.Trojan.Mirai
      boatnet.mpsl.elf100%AviraEXP/ELF.Agent.M.28

      Dropped Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      daisy.ubuntu.com
      		162.213.35.24
      		truefalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://upx.sf.netboatnet.mpsl.elffalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          94.158.245.27
          		unknownMoldova Republic of
          		39798MIVOCLOUDMDfalse

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          94.158.245.27boatnet.ppc.elfGet hashmaliciousMiraiBrowse
            boatnet.arm.elfGet hashmaliciousMiraiBrowse
              boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                boatnet.x86.elfGet hashmaliciousMiraiBrowse

                  Domains

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  daisy.ubuntu.com2.elfGet hashmaliciousUnknownBrowse
                  • 162.213.35.24
                  boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                  • 162.213.35.25
                  boatnet.x86.elfGet hashmaliciousMiraiBrowse
                  • 162.213.35.25
                  arm6.elfGet hashmaliciousUnknownBrowse
                  • 162.213.35.25
                  camp.arm6.elfGet hashmaliciousMiraiBrowse
                  • 162.213.35.25
                  2.elfGet hashmaliciousUnknownBrowse
                  • 162.213.35.25
                  x86_64.elfGet hashmaliciousUnknownBrowse
                  • 162.213.35.24
                  mips.elfGet hashmaliciousUnknownBrowse
                  • 162.213.35.24
                  i686.elfGet hashmaliciousUnknownBrowse
                  • 162.213.35.25

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  MIVOCLOUDMDboatnet.ppc.elfGet hashmaliciousMiraiBrowse
                  • 94.158.245.27
                  boatnet.arm.elfGet hashmaliciousMiraiBrowse
                  • 94.158.245.27
                  boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                  • 94.158.245.27
                  boatnet.x86.elfGet hashmaliciousMiraiBrowse
                  • 94.158.245.27
                  camp.x86_64.elfGet hashmaliciousMiraiBrowse
                  • 5.181.159.16
                  camp.arm7.elfGet hashmaliciousMiraiBrowse
                  • 5.181.159.16
                  camp.sh4.elfGet hashmaliciousMiraiBrowse
                  • 5.181.159.16
                  camp.i686.elfGet hashmaliciousMiraiBrowse
                  • 5.181.159.16
                  camp.m68k.elfGet hashmaliciousMiraiBrowse
                  • 5.181.159.16
                  camp.spc.elfGet hashmaliciousMiraiBrowse
                  • 5.181.159.16

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  No created / dropped files found

                  Static File Info

                  General

                  File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header
                  Entropy (8bit):7.912726423037366
                  TrID:
                  • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                  File name:boatnet.mpsl.elf
                  File size:33'708 bytes
                  MD5:4e23210e2603fe08846bf7eeebd8aab5
                  SHA1:b6f6949d7c9da505946a90bbb8cca46a4c3efd53
                  SHA256:cd510f2661e5d81afed3093967ef5c31f1a14967a0e88b2b005549695653eaaa
                  SHA512:9f3d48b2744fa1d3b489fcec2d1dd2b1ecf74f3ae47d38cc0b424a10b20f69ce1c61809426f0f58068dcf902fcaeb815dee465b9b2c8512973d3e4cbbfe4a2d8
                  SSDEEP:768:GiBo3YwNAQcN+vKVi7Wb5YAfSCu4vlwX/iyEo6pGeGvKxFWm:Gi0cN+iVi7USmvlwX/iyEmewm
                  TLSH:4EE2E11CD920349DCF2D5CB951DE29718440E0DB3253CBAAA7159C8A3678A8FFE8F625
                  File Content Preview:.ELF....................8o..4...........4. ...(.....................u...u...............h...h.E.h.E.................S.|EUPX!d.......H...H.......S..........?.E.h;....#......b.L#3...z6RMN.....r..]...3.Z.6uG.W.yq#l..C...g.,.K'.k.X.......+l.../k.............+

                  Static ELF Info

                  ELF header

                  Class:ELF32
                  Data:2's complement, little endian
                  Version:1 (current)
                  Machine:MIPS R3000
                  Version Number:0x1
                  Type:EXEC (Executable file)
                  OS/ABI:UNIX - System V
                  ABI Version:0
                  Entry Point Address:0x106f38
                  Flags:0x1007
                  ELF Header Size:52
                  Program Header Offset:52
                  Program Header Size:32
                  Number of Program Headers:2
                  Section Header Offset:0
                  Section Header Size:40
                  Number of Section Headers:0
                  Header String Table Index:0

                  Program Segments

                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                  LOAD0x00x1000000x1000000x82750x82757.91590x5R E0x10000
                  LOAD0xbd680x45bd680x45bd680x00x00.00000x6RW 0x10000

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jan 12, 2025 15:49:22.567980051 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:22.573079109 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:22.573198080 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:22.613094091 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:22.618197918 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:22.618256092 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:22.623186111 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.256339073 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.256427050 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.256603956 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.256628036 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.256640911 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.256658077 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.256675005 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.256689072 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.256705999 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.256716967 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.256761074 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.256759882 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.256795883 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.256812096 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.256824970 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.256841898 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.256856918 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.256871939 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.256892920 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.256901979 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.256936073 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.256962061 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.261440039 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.261476040 CET37785408494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.261497021 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.261522055 CET540843778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.261984110 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.262068987 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.262691975 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.267515898 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.267575979 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.272455931 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.941850901 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.942070007 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.942070007 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.942080975 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.942115068 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.942151070 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.942152023 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.942174911 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.942186117 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.942209959 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.942219973 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.942233086 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.942250013 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.942272902 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.942284107 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.942300081 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.942320108 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.942337036 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.942353964 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.942375898 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.942399025 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.942783117 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.947283983 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.947338104 CET37785408694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.947361946 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.947387934 CET540863778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.947638988 CET37785408894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.947707891 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.948903084 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.953747034 CET37785408894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:23.954150915 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:23.959023952 CET37785408894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:24.664640903 CET37785408894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:24.664946079 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.664946079 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.665043116 CET37785408894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:24.665081978 CET37785408894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:24.665117025 CET37785408894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:24.665126085 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.665126085 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.665153027 CET37785408894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:24.665169001 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.665188074 CET37785408894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:24.665191889 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.665220976 CET37785408894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:24.665235996 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.665255070 CET37785408894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:24.665266037 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.665291071 CET37785408894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:24.665299892 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.665327072 CET37785408894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:24.665334940 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.665375948 CET540883778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.665426016 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.670515060 CET37785409094.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:24.670568943 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.671184063 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.676132917 CET37785409094.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:24.676183939 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:24.681056023 CET37785409094.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:25.381186008 CET37785409094.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:25.381375074 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.381375074 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.381620884 CET37785409094.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:25.381630898 CET37785409094.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:25.381648064 CET37785409094.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:25.381685972 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.381685972 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.381709099 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.381819010 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.383764982 CET37785409094.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:25.383790016 CET37785409094.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:25.383810043 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.383831024 CET37785409094.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:25.383862019 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.383862019 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.386306047 CET37785409094.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:25.386322021 CET37785409094.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:25.386337042 CET37785409094.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:25.386346102 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.386346102 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.386353016 CET37785409094.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:25.386377096 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.386394978 CET540903778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.386651993 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:25.386709929 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.387356997 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.392177105 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:25.392220974 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:25.397010088 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.069328070 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.069406986 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.069437981 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.069636106 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.069679976 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.069696903 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.069720984 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.069732904 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.069772005 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.069781065 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.069816113 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.069822073 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.069855928 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.069859028 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.069891930 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.069993019 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.070178032 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.070214033 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.070230007 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.070265055 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.070277929 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.070301056 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.074460030 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.074493885 CET37785409294.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.074502945 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.074532986 CET540923778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.074834108 CET37785409494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.074879885 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.075575113 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.080457926 CET37785409494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.080502987 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.085407019 CET37785409494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.760363102 CET37785409494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.760736942 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.760736942 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.760802031 CET37785409494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.760809898 CET37785409494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.760837078 CET37785409494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.760843992 CET37785409494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.760859966 CET37785409494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.760879993 CET37785409494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.760890961 CET37785409494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.760900974 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.760900974 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.760900974 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.760907888 CET37785409494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.760921955 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.760921955 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.760921955 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.760927916 CET37785409494.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.760947943 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.760947943 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.760986090 CET540943778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.761266947 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.770484924 CET37785409694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.770565033 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.771203041 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.776073933 CET37785409694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:26.776124001 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:26.780999899 CET37785409694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:27.472198963 CET37785409694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:27.472702980 CET37785409694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:27.472723007 CET37785409694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:27.472759008 CET37785409694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:27.472786903 CET37785409694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:27.472805977 CET37785409694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:27.472840071 CET37785409694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:27.472862005 CET37785409694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:27.472894907 CET37785409694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:27.472903967 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.472903967 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.472903967 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.472903967 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.472903967 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.472903967 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.472938061 CET37785409694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:27.472938061 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.472938061 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.472938061 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.472938061 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.472999096 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.473618031 CET540983778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.477761984 CET37785409694.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:27.477859974 CET540963778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.478507042 CET37785409894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:27.478566885 CET540983778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.479238987 CET540983778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.484014988 CET37785409894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:27.484096050 CET540983778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:27.488890886 CET37785409894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:28.050060034 CET540983778192.168.2.1594.158.245.27
                  Jan 12, 2025 15:49:28.055370092 CET37785409894.158.245.27192.168.2.15
                  Jan 12, 2025 15:49:28.055479050 CET540983778192.168.2.1594.158.245.27

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jan 12, 2025 15:52:06.038760900 CET3683353192.168.2.151.1.1.1
                  Jan 12, 2025 15:52:06.038830042 CET5293753192.168.2.151.1.1.1
                  Jan 12, 2025 15:52:06.046741962 CET53368331.1.1.1192.168.2.15
                  Jan 12, 2025 15:52:06.047580004 CET53529371.1.1.1192.168.2.15

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Jan 12, 2025 15:52:06.038760900 CET192.168.2.151.1.1.10xd2cStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                  Jan 12, 2025 15:52:06.038830042 CET192.168.2.151.1.1.10x5752Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Jan 12, 2025 15:52:06.046741962 CET1.1.1.1192.168.2.150xd2cNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                  Jan 12, 2025 15:52:06.046741962 CET1.1.1.1192.168.2.150xd2cNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                  System Behavior

                  General

                  Start time (UTC):14:49:21
                  Start date (UTC):12/01/2025
                  Path:/tmp/boatnet.mpsl.elf
                  Arguments:/tmp/boatnet.mpsl.elf
                  File size:5773336 bytes
                  MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                  Chronological Activities


                  General

                  Start time (UTC):14:49:21
                  Start date (UTC):12/01/2025
                  Path:/tmp/boatnet.mpsl.elf
                  Arguments:-
                  File size:5773336 bytes
                  MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                  Chronological Activities


                  General

                  Start time (UTC):14:49:21
                  Start date (UTC):12/01/2025
                  Path:/tmp/boatnet.mpsl.elf
                  Arguments:-
                  File size:5773336 bytes
                  MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                  Chronological Activities


                  General

                  Start time (UTC):14:49:21
                  Start date (UTC):12/01/2025
                  Path:/tmp/boatnet.mpsl.elf
                  Arguments:-
                  File size:5773336 bytes
                  MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                  Chronological Activities


                  General

                  Start time (UTC):14:49:27
                  Start date (UTC):12/01/2025
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):14:49:27
                  Start date (UTC):12/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):14:49:27
                  Start date (UTC):12/01/2025
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):14:49:27
                  Start date (UTC):12/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):14:49:27
                  Start date (UTC):12/01/2025
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):14:49:27
                  Start date (UTC):12/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):14:49:33
                  Start date (UTC):12/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:-
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):14:49:33
                  Start date (UTC):12/01/2025
                  Path:/usr/sbin/xfpm-power-backlight-helper
                  Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
                  File size:14656 bytes
                  MD5 hash:3d221ad23f28ca3259f599b1664e2427

                  Chronological Activities


                  General

                  Start time (UTC):14:49:27
                  Start date (UTC):12/01/2025
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):14:49:27
                  Start date (UTC):12/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):14:49:27
                  Start date (UTC):12/01/2025
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):14:49:27
                  Start date (UTC):12/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):14:49:27
                  Start date (UTC):12/01/2025
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):14:49:27
                  Start date (UTC):12/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):14:49:33
                  Start date (UTC):12/01/2025
                  Path:/usr/bin/dbus-daemon
                  Arguments:-
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Chronological Activities


                  General

                  Start time (UTC):14:49:33
                  Start date (UTC):12/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                  File size:112880 bytes
                  MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                  Chronological Activities


                  General

                  Start time (UTC):14:49:37
                  Start date (UTC):12/01/2025
                  Path:/usr/lib/systemd/systemd
                  Arguments:-
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Chronological Activities


                  General

                  Start time (UTC):14:49:37
                  Start date (UTC):12/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                  File size:112872 bytes
                  MD5 hash:eee956f1b227c1d5031f9c61223255d1

                  Chronological Activities