Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
boatnet.sh4.elf

Overview

General Information

Sample name:boatnet.sh4.elf
Analysis ID:1589821
MD5:705a7135a4f7928109054b4858ed9168
SHA1:6032bea9471563918e248f4412db118df0919bdf
SHA256:3fdc4644bfbdb9bf34cb0886c7ef893630b02fbf301a1ea2566d4226ec9f1214
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1589821
Start date and time:2025-01-13 08:11:33 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 9s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:boatnet.sh4.elf
Detection:MAL
Classification:mal76.spre.troj.linELF@0/1@2/0

Warnings

  • VT rate limit hit for: boatnet.sh4.elf

Runtime Messages

Command:/tmp/boatnet.sh4.elf
PID:5434
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wrapper-2.0 (PID: 5451, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5452, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 5453, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 5454, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 5473, Parent: 5454, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 5455, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 5456, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 5472, Parent: 5471, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 5482, Parent: 2935)
  • xfce4-notifyd (PID: 5482, Parent: 2935, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
boatnet.sh4.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    boatnet.sh4.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xa764:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa778:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa78c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa7a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa7b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa7c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa7dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa7f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa804:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa818:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa82c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa87c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa8a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa8b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa8cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa8e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa8f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    boatnet.sh4.elfLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0xacbc:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5438.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5438.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xa764:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa778:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa78c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa7a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa7b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa7c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa7dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa7f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa804:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa818:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa82c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa87c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa8a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa8b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa8cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa8e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xa8f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5438.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
      • 0xacbc:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
      5434.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5434.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0xa764:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa778:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa78c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa7a0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa7b4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa7c8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa7dc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa7f0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa804:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa818:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa82c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa840:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa854:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa868:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa87c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa890:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa8a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa8b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa8cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa8e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xa8f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        Click to see the 13 entries

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: boatnet.sh4.elfAvira: detected
        Multi AV Scanner detection for submitted file
        Source: boatnet.sh4.elfReversingLabs: Detection: 65%
        Source: global trafficTCP traffic: 192.168.2.13:47158 -> 216.9.225.175:3778
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: unknownTCP traffic detected without corresponding DNS query: 216.9.225.175
        Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: boatnet.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: boatnet.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5438.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5438.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5434.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5434.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5437.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5437.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: boatnet.sh4.elf PID: 5434, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: boatnet.sh4.elf PID: 5434, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: boatnet.sh4.elf PID: 5437, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: boatnet.sh4.elf PID: 5437, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: boatnet.sh4.elf PID: 5438, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: boatnet.sh4.elf PID: 5438, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Sample tries to kill multiple processes (SIGKILL)
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3104, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3161, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3162, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3163, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3164, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3165, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3170, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3182, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3208, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3212, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5438, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5451, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5452, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5453, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5454, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5455, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5456, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5472, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5482, result: successfulJump to behavior
        Source: xfce4-panel.xml.new.29.drOLE indicator, VBA macros: true
        Source: xfce4-panel.xml.new.29.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3104, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3161, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3162, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3163, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3164, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3165, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3170, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3182, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3208, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 3212, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5438, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5451, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5452, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5453, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5454, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5455, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5456, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5472, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)SIGKILL sent: pid: 5482, result: successfulJump to behavior
        Source: boatnet.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: boatnet.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5438.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5438.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5434.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5434.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5437.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5437.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.sh4.elf PID: 5434, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.sh4.elf PID: 5434, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.sh4.elf PID: 5437, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.sh4.elf PID: 5437, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.sh4.elf PID: 5438, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.sh4.elf PID: 5438, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: classification engineClassification label: mal76.spre.troj.linELF@0/1@2/0
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5451)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5453)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5472)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5472)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5472)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5472)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5482)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5482)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5482)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5482)Directory: /home/saturnino/.configJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/4056/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3122/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/5381/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3639/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3117/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3114/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/914/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/518/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/519/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/5417/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/5418/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/917/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/5276/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3134/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3375/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3132/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3095/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1745/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1866/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1588/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/884/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1982/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/765/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3246/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/767/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/800/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1906/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/802/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/803/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1748/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3420/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1482/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/490/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1480/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1755/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1238/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1875/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/2964/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3413/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1751/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1872/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/2961/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1475/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/656/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/778/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/657/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/658/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/659/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/418/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/936/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/419/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/5438/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/816/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1879/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/5451/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/5452/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/5453/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/5574/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/5454/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3794/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/5455/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1891/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3310/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3153/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/780/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/660/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1921/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/783/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1765/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/2974/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1400/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1884/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3424/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/2972/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3709/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3147/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/2970/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1881/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3146/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3300/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1805/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1925/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1804/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1648/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1922/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3429/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3442/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3165/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3164/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3163/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3162/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/790/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3161/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/792/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/793/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/672/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1930/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/674/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/795/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/3315/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1411/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/2984/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/1410/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/797/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5436)File opened: /proc/676/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5434)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5451)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5452)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5453)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5454)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5455)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5456)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5482)Queries kernel information via 'uname': Jump to behavior
        Source: boatnet.sh4.elf, 5434.1.00007fff350b1000.00007fff350d2000.rw-.sdmp, boatnet.sh4.elf, 5437.1.00007fff350b1000.00007fff350d2000.rw-.sdmp, boatnet.sh4.elf, 5438.1.00007fff350b1000.00007fff350d2000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sh4/tmp/boatnet.sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/boatnet.sh4.elf
        Source: boatnet.sh4.elf, 5434.1.00007fff350b1000.00007fff350d2000.rw-.sdmp, boatnet.sh4.elf, 5437.1.00007fff350b1000.00007fff350d2000.rw-.sdmp, boatnet.sh4.elf, 5438.1.00007fff350b1000.00007fff350d2000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sh4
        Source: boatnet.sh4.elf, 5434.1.000055b54de9b000.000055b54defe000.rw-.sdmp, boatnet.sh4.elf, 5437.1.000055b54de9b000.000055b54defe000.rw-.sdmp, boatnet.sh4.elf, 5438.1.000055b54de9b000.000055b54defe000.rw-.sdmpBinary or memory string: U5!/etc/qemu-binfmt/sh4
        Source: boatnet.sh4.elf, 5434.1.000055b54de9b000.000055b54defe000.rw-.sdmp, boatnet.sh4.elf, 5437.1.000055b54de9b000.000055b54defe000.rw-.sdmp, boatnet.sh4.elf, 5438.1.000055b54de9b000.000055b54defe000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sh4

        Stealing of Sensitive Information

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: boatnet.sh4.elf, type: SAMPLE
        Source: Yara matchFile source: 5438.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5434.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5437.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: boatnet.sh4.elf PID: 5434, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.sh4.elf PID: 5437, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.sh4.elf PID: 5438, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: boatnet.sh4.elf, type: SAMPLE
        Source: Yara matchFile source: 5438.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5434.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5437.1.00007f4fa8400000.00007f4fa840c000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: boatnet.sh4.elf PID: 5434, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.sh4.elf PID: 5437, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: boatnet.sh4.elf PID: 5438, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid AccountsWindows Management Instrumentation1
        Scripting        		Path Interception1
        Hidden Files and Directories        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Non-Standard Port        		Exfiltration Over Other Network Medium1
        Service Stop
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589821 Sample: boatnet.sh4.elf Startdate: 13/01/2025 Architecture: LINUX Score: 76 24 216.9.225.175, 3778, 47158, 47160 ATT-INTERNET4US Reserved 2->24 26 daisy.ubuntu.com 2->26 28 Malicious sample detected (through community Yara rule) 2->28 30 Antivirus / Scanner detection for submitted sample 2->30 32 Multi AV Scanner detection for submitted file 2->32 34 Yara detected Mirai 2->34 7 boatnet.sh4.elf 2->7         started        9 xfce4-panel wrapper-2.0 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 6 other processes 2->13 signatures3 process4 process5 15 boatnet.sh4.elf 7->15         started        18 boatnet.sh4.elf 7->18         started        20 boatnet.sh4.elf 7->20         started        22 wrapper-2.0 xfpm-power-backlight-helper 9->22         started        signatures6 36 Sample tries to kill multiple processes (SIGKILL) 15->36

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        boatnet.sh4.elf66%ReversingLabsLinux.Trojan.Mirai
        boatnet.sh4.elf100%AviraEXP/ELF.Mirai.N

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        daisy.ubuntu.com
        		162.213.35.25
        		truefalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          216.9.225.175
          		unknownReserved
          		7018ATT-INTERNET4USfalse

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          216.9.225.175boatnet.arm7.elfGet hashmaliciousMiraiBrowse
            boatnet.arm.elfGet hashmaliciousMiraiBrowse
              boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                boatnet.x86.elfGet hashmaliciousMiraiBrowse

                  Domains

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  daisy.ubuntu.comboatnet.arm.elfGet hashmaliciousMiraiBrowse
                  • 162.213.35.24
                  boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                  • 162.213.35.24
                  boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                  • 162.213.35.24
                  t6.elfGet hashmaliciousUnknownBrowse
                  • 162.213.35.24
                  t5.elfGet hashmaliciousUnknownBrowse
                  • 162.213.35.24
                  byte.arm6.elfGet hashmaliciousMirai, OkiruBrowse
                  • 162.213.35.25
                  byte.arm5.elfGet hashmaliciousMirai, OkiruBrowse
                  • 162.213.35.24
                  byte.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                  • 162.213.35.24
                  byte.sh4.elfGet hashmaliciousMirai, OkiruBrowse
                  • 162.213.35.24
                  byte.ppc.elfGet hashmaliciousMirai, OkiruBrowse
                  • 162.213.35.25

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  ATT-INTERNET4USboatnet.arm7.elfGet hashmaliciousMiraiBrowse
                  • 216.9.225.175
                  boatnet.arm.elfGet hashmaliciousMiraiBrowse
                  • 216.9.225.175
                  boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                  • 216.9.225.175
                  boatnet.x86.elfGet hashmaliciousMiraiBrowse
                  • 216.9.225.175
                  5.elfGet hashmaliciousUnknownBrowse
                  • 108.239.35.128
                  https://informed.deliveryerz.top/us/Get hashmaliciousUnknownBrowse
                  • 13.32.27.21
                  https://informed.deliveryerw.top/us/Get hashmaliciousUnknownBrowse
                  • 13.32.27.113
                  https://informed.deliveryewo.top/us/Get hashmaliciousUnknownBrowse
                  • 13.32.27.21
                  http://ledger-recovery.co.uk/Get hashmaliciousUnknownBrowse
                  • 13.32.27.65
                  6.elfGet hashmaliciousUnknownBrowse
                  • 172.126.55.209

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  /home/saturnino/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml.new

                  Download File
                  Process:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                  File Type:XML 1.0 document, ASCII text
                  Category:dropped
                  Size (bytes):5128
                  Entropy (8bit):4.457618060812407
                  Encrypted:false
                  SSDEEP:96:R14GBdYLSNUH+ZAFQrSRR6dn0tWlTDFwIfM/vfzPpjT9I3jZ/qeH2Wg:74GnYLSNUH+ZAyrSRRYn0taTDKIfMPzv
                  MD5:2A2A7C34B585CDAE5E123F3C5100C253
                  SHA1:E814B1B1531B25581DB76CB813C85E53E1390BA4
                  SHA-256:BCA18B654D038B69B25ACDF84CFF99BF521A1B54F482F1DE2B54CE13AC219A04
                  SHA-512:CEC7A3A7A6AD6C2A6D101A3BF6D89A01EBDCEB0121AA3DE1CEA024268410B39E4E9188382439C7C3FD734C66764B66B13F1D277700B00A2FCB35CB67E31996DD
                  Malicious:false
                  Reputation:moderate, very likely benign file
                  Preview:<?xml version="1.0" encoding="UTF-8"?>..<channel name="xfce4-panel" version="1.0">. <property name="configver" type="int" value="2"/>. <property name="panels" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <property name="panel-1" type="empty">. <property name="position" type="string" value="p=6;x=0;y=0"/>. <property name="length" type="uint" value="100"/>. <property name="position-locked" type="bool" value="true"/>. <property name="icon-size" type="uint" value="16"/>. <property name="size" type="uint" value="26"/>. <property name="plugin-ids" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <value type="int" value="3"/>. <value type="int" value="4"/>. <value type="int" value="5"/>. <value type="int" value="6"/>. <value type="int" value="7"/>. <value type="int" value="8"/>. <value type="int" value="9"/>. <value type="in

                  Static File Info

                  General

                  File type:ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
                  Entropy (8bit):6.8125364158930655
                  TrID:
                  • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                  File name:boatnet.sh4.elf
                  File size:47'068 bytes
                  MD5:705a7135a4f7928109054b4858ed9168
                  SHA1:6032bea9471563918e248f4412db118df0919bdf
                  SHA256:3fdc4644bfbdb9bf34cb0886c7ef893630b02fbf301a1ea2566d4226ec9f1214
                  SHA512:de83f3813592091c52a372b3e39174b7daaca063a1e4e424bc647f6b6ff6324f71f479637480bcb87b0810a544be0421139702254e28a893f54aaf8a99215d49
                  SSDEEP:768:/atK+BteOz33IqOt76eOutMELrN+BTUUfKat0vbO9hPT0YC2oR22cZQCqd:/atvtNDI5d6NWMeo4Uf/CAPJOR0mCq
                  TLSH:A3235B35F029AE94C65A4178B0AC8E341F53F1C493936DB71AE542B1A887C78F629FE4
                  File Content Preview:.ELF..............*.......@.4...L.......4. ...(...............@...@...........................A...A.(...<...........Q.td............................././"O.n........#.*@........#.*@L....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

                  Static ELF Info

                  ELF header

                  Class:ELF32
                  Data:2's complement, little endian
                  Version:1 (current)
                  Machine:<unknown>
                  Version Number:0x1
                  Type:EXEC (Executable file)
                  OS/ABI:UNIX - System V
                  ABI Version:0
                  Entry Point Address:0x4001a0
                  Flags:0x9
                  ELF Header Size:52
                  Program Header Offset:52
                  Program Header Size:32
                  Number of Program Headers:3
                  Section Header Offset:46668
                  Section Header Size:40
                  Number of Section Headers:10
                  Header String Table Index:9

                  Sections

                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                  NULL0x00x00x00x00x0000
                  .initPROGBITS0x4000940x940x300x00x6AX004
                  .textPROGBITS0x4000e00xe00xa6600x00x6AX0032
                  .finiPROGBITS0x40a7400xa7400x240x00x6AX004
                  .rodataPROGBITS0x40a7640xa7640xc7c0x00x2A004
                  .ctorsPROGBITS0x41b3e40xb3e40x80x00x3WA004
                  .dtorsPROGBITS0x41b3ec0xb3ec0x80x00x3WA004
                  .dataPROGBITS0x41b3f80xb3f80x2140x00x3WA004
                  .bssNOBITS0x41b60c0xb60c0x3140x00x3WA004
                  .shstrtabSTRTAB0x00xb60c0x3e0x00x0001

                  Program Segments

                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                  LOAD0x00x4000000x4000000xb3e00xb3e06.85940x5R E0x10000.init .text .fini .rodata
                  LOAD0xb3e40x41b3e40x41b3e40x2280x53c3.03160x6RW 0x10000.ctors .dtors .data .bss
                  GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jan 13, 2025 08:12:21.140156984 CET471583778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:21.145710945 CET377847158216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:21.145802021 CET471583778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:21.178138018 CET471583778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:21.182997942 CET377847158216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:21.183034897 CET471583778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:21.187784910 CET377847158216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:21.861453056 CET377847158216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:21.861710072 CET471583778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:21.861941099 CET471583778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:21.862900019 CET471603778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:21.868597031 CET377847160216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:21.868659973 CET471603778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:21.869980097 CET471603778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:21.874819040 CET377847160216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:21.874869108 CET471603778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:21.879658937 CET377847160216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:22.591198921 CET377847160216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:22.591382980 CET471603778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:22.591573954 CET471603778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:22.592374086 CET471623778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:22.597135067 CET377847162216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:22.597198009 CET471623778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:22.598717928 CET471623778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:22.603472948 CET377847162216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:22.603518963 CET471623778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:22.608320951 CET377847162216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:23.302845955 CET377847162216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:23.303080082 CET471623778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:23.303080082 CET471623778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:23.303920031 CET471643778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:23.308753014 CET377847164216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:23.308818102 CET471643778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:23.309825897 CET471643778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:23.314610004 CET377847164216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:23.314662933 CET471643778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:23.319500923 CET377847164216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:24.020569086 CET377847164216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:24.020834923 CET471643778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:24.020836115 CET471643778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:24.021641970 CET471663778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:24.026468039 CET377847166216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:24.026547909 CET471663778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:24.027626991 CET471663778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:24.032885075 CET377847166216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:24.032941103 CET471663778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:24.037734032 CET377847166216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:24.740868092 CET377847166216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:24.740993977 CET471663778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:24.741055012 CET471663778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:24.741857052 CET471683778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:24.746758938 CET377847168216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:24.746818066 CET471683778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:24.748030901 CET471683778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:24.753499031 CET377847168216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:24.753552914 CET471683778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:24.758395910 CET377847168216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:25.456219912 CET377847168216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:25.456362009 CET471683778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:25.456454992 CET471683778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:25.456981897 CET471703778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:25.461894035 CET377847170216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:25.461958885 CET471703778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:25.462836027 CET471703778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:25.467659950 CET377847170216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:25.467729092 CET471703778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:25.472649097 CET377847170216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:26.194766998 CET377847170216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:26.194844961 CET471703778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:26.194942951 CET471703778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:26.196068048 CET471723778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:26.200913906 CET377847172216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:26.200973034 CET471723778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:26.203876019 CET471723778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:26.208705902 CET377847172216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:26.208745956 CET471723778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:26.213531971 CET377847172216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:26.906864882 CET377847172216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:26.906932116 CET471723778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:26.906971931 CET471723778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:26.910559893 CET471743778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:26.915400982 CET377847174216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:26.915452957 CET471743778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:26.923439980 CET471743778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:26.929980040 CET377847174216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:26.930020094 CET471743778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:26.934873104 CET377847174216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:27.558000088 CET471743778192.168.2.13216.9.225.175
                  Jan 13, 2025 08:12:27.563049078 CET377847174216.9.225.175192.168.2.13
                  Jan 13, 2025 08:12:27.563091040 CET471743778192.168.2.13216.9.225.175

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jan 13, 2025 08:15:05.179817915 CET4590153192.168.2.131.1.1.1
                  Jan 13, 2025 08:15:05.179908037 CET3831153192.168.2.131.1.1.1
                  Jan 13, 2025 08:15:05.186995029 CET53383111.1.1.1192.168.2.13
                  Jan 13, 2025 08:15:05.187371016 CET53459011.1.1.1192.168.2.13

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Jan 13, 2025 08:15:05.179817915 CET192.168.2.131.1.1.10x9556Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                  Jan 13, 2025 08:15:05.179908037 CET192.168.2.131.1.1.10x27d7Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Jan 13, 2025 08:15:05.187371016 CET1.1.1.1192.168.2.130x9556No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                  Jan 13, 2025 08:15:05.187371016 CET1.1.1.1192.168.2.130x9556No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

                  System Behavior

                  General

                  Start time (UTC):07:12:20
                  Start date (UTC):13/01/2025
                  Path:/tmp/boatnet.sh4.elf
                  Arguments:/tmp/boatnet.sh4.elf
                  File size:4139976 bytes
                  MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                  Chronological Activities


                  General

                  Start time (UTC):07:12:20
                  Start date (UTC):13/01/2025
                  Path:/tmp/boatnet.sh4.elf
                  Arguments:-
                  File size:4139976 bytes
                  MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                  Chronological Activities


                  General

                  Start time (UTC):07:12:20
                  Start date (UTC):13/01/2025
                  Path:/tmp/boatnet.sh4.elf
                  Arguments:-
                  File size:4139976 bytes
                  MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                  Chronological Activities


                  General

                  Start time (UTC):07:12:20
                  Start date (UTC):13/01/2025
                  Path:/tmp/boatnet.sh4.elf
                  Arguments:-
                  File size:4139976 bytes
                  MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                  Chronological Activities


                  General

                  Start time (UTC):07:12:26
                  Start date (UTC):13/01/2025
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):07:12:26
                  Start date (UTC):13/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):07:12:26
                  Start date (UTC):13/01/2025
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):07:12:26
                  Start date (UTC):13/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):07:12:26
                  Start date (UTC):13/01/2025
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):07:12:26
                  Start date (UTC):13/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):07:12:26
                  Start date (UTC):13/01/2025
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):07:12:26
                  Start date (UTC):13/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):07:12:32
                  Start date (UTC):13/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:-
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):07:12:32
                  Start date (UTC):13/01/2025
                  Path:/usr/sbin/xfpm-power-backlight-helper
                  Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
                  File size:14656 bytes
                  MD5 hash:3d221ad23f28ca3259f599b1664e2427

                  Chronological Activities


                  General

                  Start time (UTC):07:12:26
                  Start date (UTC):13/01/2025
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):07:12:26
                  Start date (UTC):13/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):07:12:26
                  Start date (UTC):13/01/2025
                  Path:/usr/bin/xfce4-panel
                  Arguments:-
                  File size:375768 bytes
                  MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                  Chronological Activities


                  General

                  Start time (UTC):07:12:26
                  Start date (UTC):13/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
                  File size:35136 bytes
                  MD5 hash:ac0b8a906f359a8ae102244738682e76

                  Chronological Activities


                  General

                  Start time (UTC):07:12:32
                  Start date (UTC):13/01/2025
                  Path:/usr/bin/dbus-daemon
                  Arguments:-
                  File size:249032 bytes
                  MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                  Chronological Activities


                  General

                  Start time (UTC):07:12:32
                  Start date (UTC):13/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                  File size:112880 bytes
                  MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                  Chronological Activities


                  General

                  Start time (UTC):07:12:36
                  Start date (UTC):13/01/2025
                  Path:/usr/lib/systemd/systemd
                  Arguments:-
                  File size:1620224 bytes
                  MD5 hash:9b2bec7092a40488108543f9334aab75

                  Chronological Activities


                  General

                  Start time (UTC):07:12:36
                  Start date (UTC):13/01/2025
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                  File size:112872 bytes
                  MD5 hash:eee956f1b227c1d5031f9c61223255d1

                  Chronological Activities