Edit tour

Linux Analysis Report
boatnet.m68k.elf

Overview

General Information

Sample name:	boatnet.m68k.elf
Analysis ID:	1590465
MD5:	a84322e22795675d9d33efc728c79558
SHA1:	5f919cdf09a6b0fd5910b8d83b29c3036eab6aec
SHA256:	d66438e78071a9d599f6c85127e7cdd693afb6315d741118a849ccd2620a4c65
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	84
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Mirai

Sample tries to kill multiple processes (SIGKILL)

Creates hidden files and/or directories

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes the "rm" command used to delete files or directories

Sample has stripped symbol table

Sample tries to kill a process (SIGKILL)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Yara signature match

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1590465
Start date and time:	2025-01-14 04:22:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	boatnet.m68k.elf
Detection:	MAL
Classification:	mal84.spre.troj.linELF@0/0@0/0

Runtime Messages

Command:	/tmp/boatnet.m68k.elf
PID:	6248
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

system is lnxubuntu20

dash New Fork (PID: 6219, Parent: 4331)

rm (PID: 6219, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.BB4QsoPOHa /tmp/tmp.yjVWbGs7iW /tmp/tmp.fXaABbdPM7

dash New Fork (PID: 6220, Parent: 4331)

rm (PID: 6220, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.BB4QsoPOHa /tmp/tmp.yjVWbGs7iW /tmp/tmp.fXaABbdPM7

boatnet.m68k.elf (PID: 6248, Parent: 6150, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/boatnet.m68k.elf

boatnet.m68k.elf New Fork (PID: 6250, Parent: 6248)

boatnet.m68k.elf New Fork (PID: 6251, Parent: 6248)

boatnet.m68k.elf New Fork (PID: 6254, Parent: 6248)

xfce4-panel New Fork (PID: 6260, Parent: 2063)

wrapper-2.0 (PID: 6260, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"

xfce4-panel New Fork (PID: 6261, Parent: 2063)

wrapper-2.0 (PID: 6261, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"

xfce4-panel New Fork (PID: 6262, Parent: 2063)

wrapper-2.0 (PID: 6262, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"

xfce4-panel New Fork (PID: 6263, Parent: 2063)

wrapper-2.0 (PID: 6263, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"

xfce4-panel New Fork (PID: 6264, Parent: 2063)

wrapper-2.0 (PID: 6264, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"

xfce4-panel New Fork (PID: 6265, Parent: 2063)

wrapper-2.0 (PID: 6265, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"

dbus-daemon New Fork (PID: 6269, Parent: 6268)

xfconfd (PID: 6269, Parent: 6268, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
boatnet.m68k.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
boatnet.m68k.elf	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x11c2b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c3f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c53:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c67:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c7b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c8f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ca3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11cb7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ccb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11cdf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11cf3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d07:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d1b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d2f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d43:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d57:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d6b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d7f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d93:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11da7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11dbb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
boatnet.m68k.elf	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x1217c:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64

Memory Dumps

Source	Rule	Description	Author	Strings
6251.1.00007f98a4001000.00007f98a4015000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6251.1.00007f98a4001000.00007f98a4015000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x11c2b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c3f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c53:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c67:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c7b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c8f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ca3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11cb7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ccb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11cdf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11cf3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d07:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d1b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d2f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d43:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d57:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d6b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d7f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d93:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11da7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11dbb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6251.1.00007f98a4001000.00007f98a4015000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x1217c:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
6248.1.00007f98a4001000.00007f98a4015000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
6248.1.00007f98a4001000.00007f98a4015000.r-x.sdmp	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x11c2b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c3f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c53:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c67:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c7b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c8f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ca3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11cb7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ccb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11cdf:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11cf3:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d07:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d1b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d2f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d43:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d57:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d6b:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d7f:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d93:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11da7:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11dbb:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
6248.1.00007f98a4001000.00007f98a4015000.r-x.sdmp	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x1217c:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: boatnet.m68k.elf PID: 6248	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: boatnet.m68k.elf PID: 6248	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: boatnet.m68k.elf PID: 6248	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1c22:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c36:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c4a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c5e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c72:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c86:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1c9a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cae:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cc2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cd6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cea:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1cfe:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d12:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d26:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d3a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d4e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d62:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d76:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d8a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1d9e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1db2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: boatnet.m68k.elf PID: 6248	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x251f:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Process Memory Space: boatnet.m68k.elf PID: 6251	JoeSecurity_Mirai_9	Yara detected Mirai	Joe Security
Process Memory Space: boatnet.m68k.elf PID: 6251	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
Process Memory Space: boatnet.m68k.elf PID: 6251	Linux_Trojan_Gafgyt_28a2fe0c	unknown	unknown	0x1046:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x105a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x106e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1082:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1096:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10aa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10be:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10d2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10e6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x10fa:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x110e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1122:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1136:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x114a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x115e:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1172:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x1186:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x119a:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11ae:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11c2:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F 0x11d6:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Process Memory Space: boatnet.m68k.elf PID: 6251	Linux_Trojan_Gafgyt_ea92cca8	unknown	unknown	0x1943:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
Click to see the 9 entries

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: boatnet.m68k.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: boatnet.m68k.elf	Virustotal: Detection: 63%			Perma Link
Source: boatnet.m68k.elf	ReversingLabs: Detection: 65%

Source: global traffic

TCP traffic: 192.168.2.23:57514 -> 96.62.214.10:3778

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10
Source: unknown	TCP traffic detected without corresponding DNS query: 96.62.214.10

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary

Malicious sample detected (through community Yara rule)

Source: boatnet.m68k.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: boatnet.m68k.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6251.1.00007f98a4001000.00007f98a4015000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6251.1.00007f98a4001000.00007f98a4015000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 6248.1.00007f98a4001000.00007f98a4015000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 6248.1.00007f98a4001000.00007f98a4015000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: boatnet.m68k.elf PID: 6248, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: boatnet.m68k.elf PID: 6248, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: boatnet.m68k.elf PID: 6251, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: boatnet.m68k.elf PID: 6251, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2018, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2077, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2078, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2079, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2080, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2083, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2084, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2114, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2156, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 6260, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 6261, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 6262, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 6263, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 6264, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 6265, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 6269, result: successful	Jump to behavior

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2018, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2077, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2078, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2079, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2080, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2083, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2084, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2114, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 2156, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 6260, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 6261, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 6262, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 6263, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 6264, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 6265, result: successful	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	SIGKILL sent: pid: 6269, result: successful	Jump to behavior

Source: boatnet.m68k.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: boatnet.m68k.elf, type: SAMPLE	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6251.1.00007f98a4001000.00007f98a4015000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6251.1.00007f98a4001000.00007f98a4015000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 6248.1.00007f98a4001000.00007f98a4015000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 6248.1.00007f98a4001000.00007f98a4015000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: boatnet.m68k.elf PID: 6248, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: boatnet.m68k.elf PID: 6248, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: boatnet.m68k.elf PID: 6251, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: boatnet.m68k.elf PID: 6251, type: MEMORYSTR	Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16

Source: classification engine

Classification label: mal84.spre.troj.linELF@0/0@0/0

Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /home/saturnino/.Xdefaults-galassia	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /home/saturnino/.local/share/fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /home/saturnino/.fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/X11/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/cMap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/cmap/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/opentype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/X11/Type1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/X11/encodings/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/X11/misc/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/X11/util/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/cmap/adobe-cns1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/cmap/adobe-gb1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/cmap/adobe-japan1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/cmap/adobe-japan2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/cmap/adobe-korea1/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/opentype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/opentype/mathjax/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/opentype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/opentype/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/Gargi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/Gubbi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/Nakula/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/Navilu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/Sahadeva/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/Sarai/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/abyssinica/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/ancient-scripts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/dejavu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/droid/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/freefont/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/kacst/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/kacst-one/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/lao/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/lato/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/liberation/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/liberation2/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/lohit-assamese/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/lohit-bengali/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/lohit-kannada/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/lohit-oriya/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/lohit-tamil/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/lohit-telugu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/malayalam/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/noto/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/openoffice/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/padauk/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/pagul/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/samyak/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/samyak-fonts/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/sinhala/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/tibetan-machine/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/tlwg/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/truetype/ubuntu/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/type1/urw-base35/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Directory: /usr/share/fonts/X11/encodings/large/.uuid	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6269)	Directory: /home/saturnino/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6269)	Directory: /home/saturnino/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6269)	Directory: /home/saturnino/.config	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6269)	Directory: /home/saturnino/.config	Jump to behavior

Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/6357/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1582/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2033/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2275/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/3088/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1612/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1579/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1699/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1335/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1698/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2028/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1334/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1576/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2302/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/3236/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2025/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2146/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/910/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/4444/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/4445/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/912/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/517/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/759/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2307/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/918/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1594/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2285/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2281/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1349/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1623/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/761/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1622/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/884/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1983/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2038/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1344/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1465/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1586/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1463/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2156/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/800/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/801/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1629/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1627/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1900/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/6254/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/6256/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/4476/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/3021/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/491/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2294/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2050/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1877/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/772/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1633/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/4509/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1599/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1632/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/774/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1477/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/654/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/896/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1476/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1872/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2048/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/655/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1475/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2289/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/656/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/777/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/657/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/658/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/419/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/936/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1639/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1638/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2208/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2180/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/6263/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/6262/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/6265/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/6264/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/4486/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/6269/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1809/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1494/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1890/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2063/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2062/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/6261/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/6260/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1888/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1886/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/420/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1489/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/785/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1642/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/788/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/667/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/789/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/4479/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/1648/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2078/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2077/cmdline	Jump to behavior
Source: /tmp/boatnet.m68k.elf (PID: 6250)	File opened: /proc/2074/cmdline	Jump to behavior

Source: /usr/bin/dash (PID: 6219)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.BB4QsoPOHa /tmp/tmp.yjVWbGs7iW /tmp/tmp.fXaABbdPM7			Jump to behavior
Source: /usr/bin/dash (PID: 6220)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.BB4QsoPOHa /tmp/tmp.yjVWbGs7iW /tmp/tmp.fXaABbdPM7			Jump to behavior

Source: /tmp/boatnet.m68k.elf (PID: 6248)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6265)	Queries kernel information via 'uname':			Jump to behavior

Source: boatnet.m68k.elf, 6248.1.000055bf29c74000.000055bf29cf9000.rw-.sdmp, boatnet.m68k.elf, 6251.1.000055bf29c74000.000055bf29cf9000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/m68k
Source: boatnet.m68k.elf, 6248.1.00007fffb4364000.00007fffb4385000.rw-.sdmp, boatnet.m68k.elf, 6251.1.00007fffb4364000.00007fffb4385000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-m68k
Source: boatnet.m68k.elf, 6248.1.000055bf29c74000.000055bf29cf9000.rw-.sdmp, boatnet.m68k.elf, 6251.1.000055bf29c74000.000055bf29cf9000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/m68k
Source: boatnet.m68k.elf, 6248.1.00007fffb4364000.00007fffb4385000.rw-.sdmp, boatnet.m68k.elf, 6251.1.00007fffb4364000.00007fffb4385000.rw-.sdmp	Binary or memory string: =x86_64/usr/bin/qemu-m68k/tmp/boatnet.m68k.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/boatnet.m68k.elf

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: Process Memory Space: boatnet.m68k.elf PID: 6248, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: boatnet.m68k.elf PID: 6251, type: MEMORYSTR
Source: Yara match	File source: boatnet.m68k.elf, type: SAMPLE
Source: Yara match	File source: 6251.1.00007f98a4001000.00007f98a4015000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6248.1.00007f98a4001000.00007f98a4015000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: Process Memory Space: boatnet.m68k.elf PID: 6248, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: boatnet.m68k.elf PID: 6251, type: MEMORYSTR
Source: Yara match	File source: boatnet.m68k.elf, type: SAMPLE
Source: Yara match	File source: 6251.1.00007f98a4001000.00007f98a4015000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6248.1.00007f98a4001000.00007f98a4015000.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Hidden Files and Directories	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 Service Stop
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
boatnet.m68k.elf	63%	Virustotal		Browse
boatnet.m68k.elf	66%	ReversingLabs	Linux.Trojan.Mirai
boatnet.m68k.elf	100%	Avira	EXP/ELF.Gafgyt.Z.F

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
96.62.214.10	unknown	United States	35908	VPLSNETUS	false
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
96.62.214.10	boatnet.mips.elf	Get hash	malicious	Mirai	Browse
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse
	boatnet.arm.elf	Get hash	malicious	Mirai	Browse
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse
	boatnet.spc.elf	Get hash	malicious	Mirai	Browse
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse
	96.62.214.10-boatnet.x86-2025-01-13T13_31_47.elf	Get hash	malicious	Mirai	Browse
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	tftp.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	camp.m68k.elf	Get hash	malicious	Mirai	Browse
	camp.ppc.elf	Get hash	malicious	Mirai	Browse
	camp.arc.elf	Get hash	malicious	Mirai	Browse
	boatnet.mips.elf	Get hash	malicious	Mirai	Browse
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
91.189.91.42	tftp.elf	Get hash	malicious	Unknown	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	camp.m68k.elf	Get hash	malicious	Mirai	Browse
	camp.ppc.elf	Get hash	malicious	Mirai	Browse
	camp.arc.elf	Get hash	malicious	Mirai	Browse
	boatnet.mips.elf	Get hash	malicious	Mirai	Browse
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse
	na.elf	Get hash	malicious	Prometei	Browse
	na.elf	Get hash	malicious	Prometei	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	tftp.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	camp.mips.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	camp.m68k.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	camp.arm6.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	camp.ppc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	camp.arc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	boatnet.mips.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
CANONICAL-ASGB	tftp.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	na.elf	Get hash	malicious	Prometei	Browse	91.189.91.42
	camp.mips.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	camp.m68k.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	camp.arm6.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	camp.ppc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	camp.arc.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	boatnet.mips.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
INIT7CH	tftp.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	camp.m68k.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	camp.ppc.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	camp.arc.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	boatnet.mips.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
	na.elf	Get hash	malicious	Prometei	Browse	109.202.202.202
VPLSNETUS	boatnet.mips.elf	Get hash	malicious	Mirai	Browse	96.62.214.10
	boatnet.ppc.elf	Get hash	malicious	Mirai	Browse	96.62.214.10
	boatnet.arm.elf	Get hash	malicious	Mirai	Browse	96.62.214.10
	boatnet.arm7.elf	Get hash	malicious	Mirai	Browse	96.62.214.10
	boatnet.sh4.elf	Get hash	malicious	Mirai	Browse	96.62.214.10
	boatnet.spc.elf	Get hash	malicious	Mirai	Browse	96.62.214.10
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse	96.62.214.10
	96.62.214.10-boatnet.x86-2025-01-13T13_31_47.elf	Get hash	malicious	Mirai	Browse	96.62.214.10
	armv6l.elf	Get hash	malicious	Unknown	Browse	174.139.77.182
	Tepe - 20000000826476479.exe	Get hash	malicious	MassLogger RAT	Browse	74.119.238.7

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.380117901526744
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	boatnet.m68k.elf
File size:	80'024 bytes
MD5:	a84322e22795675d9d33efc728c79558
SHA1:	5f919cdf09a6b0fd5910b8d83b29c3036eab6aec
SHA256:	d66438e78071a9d599f6c85127e7cdd693afb6315d741118a849ccd2620a4c65
SHA512:	745984d25b85fd92029c2f042e727e2575dac29cdf74ef7b4f572534328d6e62a812f92167d71091a25ed4bfcfa1cf165f22968810796b07708ea6ffb8bfb43b
SSDEEP:	1536:OwUvSHdufBYf3s/gblSk+Z1E5jK02o18W8VwieZYbnOFwZCcMrBJCrWXpdxs8q6o:0SigblSk+Z1E5jK02jW8VneZynOFwZC4
TLSH:	CF733999B4029E7CF94BDABD54164E0EE821678152830F27A7BBFD933C731A5AD03C85
File Content Preview:	.ELF.......................D...4..7......4. ...(......................4...4....... .......4...T...T....(.......... .dt.Q............................NV..a....da.....N^NuNV..J9..V.f>"y..T. QJ.g.X.#...T.N."y..T. QJ.f.A.....J.g.Hy..4.N.X.......V.N^NuNV..N^NuN

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MC68000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x80000144
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	79624
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x80000094	0x94	0x14	0x0	0x6	AX	2
.text	PROGBITS	0x800000a8	0xa8	0x11b1e	0x0	0x6	AX	4
.fini	PROGBITS	0x80011bc6	0x11bc6	0xe	0x0	0x6	AX	2
.rodata	PROGBITS	0x80011bd4	0x11bd4	0x18c8	0x0	0x2	A	2
.ctors	PROGBITS	0x800154a0	0x134a0	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x800154a8	0x134a8	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x800154b4	0x134b4	0x214	0x0	0x3	WA	4
.bss	NOBITS	0x800156c8	0x136c8	0x37c	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0x136c8	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x80000000	0x80000000	0x1349c	0x1349c	6.4045	0x5	R E	0x2000	.init .text .fini .rodata
LOAD	0x134a0	0x800154a0	0x800154a0	0x228	0x5a4	3.1119	0x6	RW	0x2000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 04:22:52.753716946 CET	43928	443	192.168.2.23	91.189.91.42
Jan 14, 2025 04:22:54.316020966 CET	57514	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:54.321114063 CET	3778	57514	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:54.321185112 CET	57514	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:54.364689112 CET	57514	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:54.369914055 CET	3778	57514	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:54.369971037 CET	57514	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:54.374937057 CET	3778	57514	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:55.094600916 CET	3778	57514	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:55.094784021 CET	57514	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:55.094990969 CET	57514	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:55.095997095 CET	57516	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:55.100832939 CET	3778	57516	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:55.100955009 CET	57516	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:55.102004051 CET	57516	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:55.106772900 CET	3778	57516	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:55.106844902 CET	57516	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:55.111670017 CET	3778	57516	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:55.877994061 CET	3778	57516	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:55.878393888 CET	57516	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:55.878496885 CET	57516	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:55.879271030 CET	57518	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:55.884171963 CET	3778	57518	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:55.884239912 CET	57518	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:55.884953022 CET	57518	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:55.889779091 CET	3778	57518	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:55.889831066 CET	57518	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:55.894721985 CET	3778	57518	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:56.685894966 CET	3778	57518	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:56.686296940 CET	57518	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:56.686523914 CET	57518	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:56.687661886 CET	57520	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:56.692527056 CET	3778	57520	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:56.692610979 CET	57520	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:56.693378925 CET	57520	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:56.698163986 CET	3778	57520	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:56.698211908 CET	57520	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:56.703052044 CET	3778	57520	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:57.469607115 CET	3778	57520	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:57.469861984 CET	57520	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:57.469890118 CET	57520	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:57.470760107 CET	57522	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:57.476650953 CET	3778	57522	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:57.476732016 CET	57522	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:57.477770090 CET	57522	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:57.482628107 CET	3778	57522	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:57.482692957 CET	57522	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:57.488215923 CET	3778	57522	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:58.249885082 CET	3778	57522	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:58.250117064 CET	57522	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:58.250199080 CET	57522	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:58.251204014 CET	57524	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:58.256158113 CET	3778	57524	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:58.256290913 CET	57524	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:58.257261992 CET	57524	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:58.262109995 CET	3778	57524	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:58.262201071 CET	57524	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:58.267704964 CET	3778	57524	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:58.384809017 CET	42836	443	192.168.2.23	91.189.91.43
Jan 14, 2025 04:22:59.063402891 CET	3778	57524	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:59.063663960 CET	57524	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:59.063750029 CET	57524	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:59.064611912 CET	57526	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:59.069540977 CET	3778	57526	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:59.069633961 CET	57526	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:59.070940971 CET	57526	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:59.075777054 CET	3778	57526	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:59.075850964 CET	57526	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:59.080743074 CET	3778	57526	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:59.152715921 CET	42516	80	192.168.2.23	109.202.202.202
Jan 14, 2025 04:22:59.858727932 CET	3778	57526	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:59.858810902 CET	57526	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:59.858900070 CET	57526	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:59.861568928 CET	57528	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:59.866611004 CET	3778	57528	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:59.866678953 CET	57528	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:59.873342037 CET	57528	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:59.878190041 CET	3778	57528	96.62.214.10	192.168.2.23
Jan 14, 2025 04:22:59.878257990 CET	57528	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:22:59.883143902 CET	3778	57528	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:00.636699915 CET	3778	57528	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:00.636989117 CET	57528	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:00.636990070 CET	57528	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:00.641670942 CET	57530	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:00.646594048 CET	3778	57530	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:00.646799088 CET	57530	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:00.662201881 CET	57530	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:00.667058945 CET	3778	57530	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:00.667118073 CET	57530	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:00.671892881 CET	3778	57530	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:01.419893980 CET	3778	57530	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:01.420047045 CET	57530	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:01.420047045 CET	57530	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:01.421968937 CET	57532	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:01.426831961 CET	3778	57532	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:01.426888943 CET	57532	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:01.430362940 CET	57532	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:01.435216904 CET	3778	57532	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:01.435271978 CET	57532	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:01.440087080 CET	3778	57532	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:02.199587107 CET	3778	57532	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:02.199690104 CET	57532	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:02.199690104 CET	57532	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:02.200120926 CET	57534	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:02.204941988 CET	3778	57534	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:02.204992056 CET	57534	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:02.205957890 CET	57534	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:02.210861921 CET	3778	57534	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:02.210906982 CET	57534	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:02.215718031 CET	3778	57534	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:02.989883900 CET	3778	57534	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:02.990143061 CET	57534	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:02.990215063 CET	57534	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:02.992517948 CET	57536	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:02.997421980 CET	3778	57536	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:02.997533083 CET	57536	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:03.003381014 CET	57536	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:03.008325100 CET	3778	57536	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:03.008641005 CET	57536	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:03.013520956 CET	3778	57536	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:03.782319069 CET	3778	57536	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:03.782524109 CET	57536	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:03.782609940 CET	57536	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:03.783328056 CET	57538	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:03.788189888 CET	3778	57538	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:03.788290977 CET	57538	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:03.789228916 CET	57538	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:03.794368029 CET	3778	57538	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:03.794450045 CET	57538	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:03.799875021 CET	3778	57538	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:04.568800926 CET	3778	57538	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:04.568905115 CET	57538	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:04.568945885 CET	57538	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:04.569406033 CET	57540	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:04.574261904 CET	3778	57540	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:04.574321032 CET	57540	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:04.575006962 CET	57540	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:04.579823971 CET	3778	57540	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:04.579916954 CET	57540	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:04.584810972 CET	3778	57540	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:05.347265959 CET	3778	57540	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:05.347497940 CET	57540	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:05.347640038 CET	57540	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:05.348119020 CET	57542	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:05.352993011 CET	3778	57542	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:05.353055954 CET	57542	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:05.353699923 CET	57542	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:05.358503103 CET	3778	57542	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:05.358551025 CET	57542	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:05.363392115 CET	3778	57542	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:06.125679970 CET	3778	57542	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:06.125785112 CET	57542	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:06.125969887 CET	57542	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:06.126318932 CET	57544	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:06.131128073 CET	3778	57544	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:06.131184101 CET	57544	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:06.131834030 CET	57544	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:06.136626959 CET	3778	57544	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:06.136678934 CET	57544	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:06.141442060 CET	3778	57544	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:06.910717010 CET	3778	57544	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:06.911103010 CET	57544	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:06.911142111 CET	57544	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:06.911799908 CET	57546	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:06.916749954 CET	3778	57546	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:06.916817904 CET	57546	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:06.917511940 CET	57546	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:06.922363043 CET	3778	57546	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:06.922424078 CET	57546	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:06.927285910 CET	3778	57546	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:07.694042921 CET	3778	57546	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:07.694564104 CET	57546	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:07.694829941 CET	57546	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:07.695947886 CET	57548	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:07.701349974 CET	3778	57548	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:07.701431990 CET	57548	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:07.702367067 CET	57548	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:07.707185984 CET	3778	57548	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:07.707251072 CET	57548	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:07.712110043 CET	3778	57548	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:08.476839066 CET	3778	57548	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:08.477238894 CET	57548	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:08.477238894 CET	57548	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:08.477806091 CET	57550	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:08.482634068 CET	3778	57550	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:08.482697964 CET	57550	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:08.483383894 CET	57550	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:08.488181114 CET	3778	57550	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:08.488240957 CET	57550	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:08.493043900 CET	3778	57550	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:09.260238886 CET	3778	57550	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:09.260322094 CET	57550	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:09.260591984 CET	57550	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:09.261748075 CET	57552	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:09.266799927 CET	3778	57552	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:09.266921043 CET	57552	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:09.267750025 CET	57552	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:09.272830009 CET	3778	57552	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:09.272947073 CET	57552	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:09.277812004 CET	3778	57552	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:10.047427893 CET	3778	57552	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:10.047796965 CET	57552	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:10.047796965 CET	57552	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:10.048444986 CET	57554	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:10.053921938 CET	3778	57554	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:10.053987980 CET	57554	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:10.054933071 CET	57554	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:10.060215950 CET	3778	57554	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:10.060267925 CET	57554	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:10.065675974 CET	3778	57554	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:10.846549034 CET	3778	57554	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:10.847001076 CET	57554	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:10.847001076 CET	57554	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:10.847574949 CET	57556	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:10.853920937 CET	3778	57556	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:10.853985071 CET	57556	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:10.854656935 CET	57556	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:10.860752106 CET	3778	57556	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:10.860802889 CET	57556	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:10.867408037 CET	3778	57556	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:11.646076918 CET	3778	57556	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:11.646230936 CET	57556	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:11.646284103 CET	57556	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:11.646889925 CET	57558	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:11.651747942 CET	3778	57558	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:11.651865005 CET	57558	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:11.652472973 CET	57558	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:11.657376051 CET	3778	57558	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:11.657423973 CET	57558	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:11.662516117 CET	3778	57558	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:12.435141087 CET	3778	57558	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:12.435452938 CET	57558	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:12.435452938 CET	57558	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:12.437055111 CET	57560	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:12.442478895 CET	3778	57560	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:12.442662001 CET	57560	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:12.443569899 CET	57560	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:12.448463917 CET	3778	57560	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:12.448532104 CET	57560	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:12.453461885 CET	3778	57560	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:13.232119083 CET	3778	57560	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:13.232400894 CET	57560	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:13.232400894 CET	57560	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:13.232803106 CET	57562	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:13.237641096 CET	3778	57562	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:13.237725973 CET	57562	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:13.238279104 CET	57562	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:13.243082047 CET	3778	57562	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:13.243160009 CET	57562	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:13.251575947 CET	3778	57562	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:14.030467033 CET	3778	57562	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:14.030966043 CET	57562	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:14.030966043 CET	57562	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:14.032068014 CET	57564	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:14.037458897 CET	3778	57564	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:14.037605047 CET	57564	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:14.038851976 CET	57564	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:14.044269085 CET	3778	57564	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:14.044334888 CET	57564	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:14.049762011 CET	3778	57564	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:14.510656118 CET	43928	443	192.168.2.23	91.189.91.42
Jan 14, 2025 04:23:14.827137947 CET	3778	57564	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:14.827508926 CET	57564	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:14.827613115 CET	57564	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:14.828453064 CET	57566	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:14.833225965 CET	3778	57566	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:14.833312988 CET	57566	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:14.834217072 CET	57566	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:14.839050055 CET	3778	57566	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:14.839101076 CET	57566	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:14.843869925 CET	3778	57566	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:15.605710030 CET	3778	57566	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:15.605922937 CET	57566	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:15.605923891 CET	57566	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:15.606800079 CET	57568	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:15.611757040 CET	3778	57568	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:15.611839056 CET	57568	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:15.612581968 CET	57568	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:15.617435932 CET	3778	57568	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:15.617497921 CET	57568	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:15.622338057 CET	3778	57568	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:16.385481119 CET	3778	57568	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:16.385703087 CET	57568	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:16.385803938 CET	57568	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:16.386311054 CET	57570	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:16.391205072 CET	3778	57570	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:16.391324043 CET	57570	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:16.391943932 CET	57570	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:16.396851063 CET	3778	57570	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:16.396981955 CET	57570	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:16.402005911 CET	3778	57570	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:17.164202929 CET	3778	57570	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:17.164411068 CET	57570	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:17.164411068 CET	57570	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:17.164853096 CET	57572	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:17.169935942 CET	3778	57572	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:17.170061111 CET	57572	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:17.171025991 CET	57572	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:17.175867081 CET	3778	57572	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:17.175918102 CET	57572	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:17.180774927 CET	3778	57572	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:17.942783117 CET	3778	57572	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:17.942977905 CET	57572	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:17.943056107 CET	57572	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:17.943921089 CET	57574	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:17.952042103 CET	3778	57574	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:17.952126980 CET	57574	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:17.953183889 CET	57574	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:17.960438967 CET	3778	57574	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:17.960510015 CET	57574	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:17.968233109 CET	3778	57574	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:18.735718966 CET	3778	57574	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:18.736053944 CET	57574	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:18.736187935 CET	57574	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:18.737098932 CET	57576	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:18.741930962 CET	3778	57576	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:18.741995096 CET	57576	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:18.742862940 CET	57576	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:18.748893976 CET	3778	57576	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:18.748951912 CET	57576	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:18.753801107 CET	3778	57576	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:19.535331011 CET	3778	57576	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:19.535749912 CET	57576	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:19.535840034 CET	57576	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:19.537055016 CET	57578	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:19.541878939 CET	3778	57578	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:19.542129040 CET	57578	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:19.542974949 CET	57578	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:19.548437119 CET	3778	57578	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:19.548543930 CET	57578	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:19.554059982 CET	3778	57578	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:20.344701052 CET	3778	57578	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:20.344937086 CET	57578	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:20.345027924 CET	57578	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:20.345958948 CET	57580	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:20.351794958 CET	3778	57580	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:20.351860046 CET	57580	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:20.352982044 CET	57580	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:20.358256102 CET	3778	57580	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:20.358326912 CET	57580	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:20.363182068 CET	3778	57580	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:21.144541979 CET	3778	57580	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:21.144783020 CET	57580	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:21.144881964 CET	57580	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:21.146178961 CET	57582	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:21.151112080 CET	3778	57582	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:21.151226997 CET	57582	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:21.152340889 CET	57582	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:21.157222986 CET	3778	57582	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:21.157320976 CET	57582	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:21.162215948 CET	3778	57582	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:21.944370985 CET	3778	57582	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:21.944801092 CET	57582	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:21.944801092 CET	57582	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:21.945796013 CET	57584	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:21.950611115 CET	3778	57584	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:21.950728893 CET	57584	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:21.952173948 CET	57584	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:21.957020044 CET	3778	57584	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:21.957128048 CET	57584	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:21.962002993 CET	3778	57584	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:22.727591991 CET	3778	57584	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:22.728007078 CET	57584	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:22.728185892 CET	57584	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:22.730074883 CET	57586	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:22.735038996 CET	3778	57586	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:22.735230923 CET	57586	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:22.736622095 CET	57586	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:22.741533041 CET	3778	57586	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:22.741614103 CET	57586	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:22.746458054 CET	3778	57586	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:23.509573936 CET	3778	57586	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:23.509993076 CET	57586	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:23.509993076 CET	57586	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:23.511039972 CET	57588	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:23.516038895 CET	3778	57588	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:23.516127110 CET	57588	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:23.517529964 CET	57588	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:23.522391081 CET	3778	57588	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:23.522488117 CET	57588	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:23.527247906 CET	3778	57588	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:24.316049099 CET	3778	57588	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:24.316338062 CET	57588	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:24.316338062 CET	57588	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:24.316884041 CET	57590	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:24.321753025 CET	3778	57590	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:24.321815968 CET	57590	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:24.322679996 CET	57590	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:24.328535080 CET	3778	57590	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:24.328593016 CET	57590	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:24.334314108 CET	3778	57590	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:24.749275923 CET	42836	443	192.168.2.23	91.189.91.43
Jan 14, 2025 04:23:25.114818096 CET	3778	57590	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:25.115000963 CET	57590	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:25.115163088 CET	57590	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:25.115987062 CET	57592	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:25.120846033 CET	3778	57592	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:25.120908976 CET	57592	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:25.121778011 CET	57592	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:25.126662970 CET	3778	57592	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:25.126754999 CET	57592	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:25.131670952 CET	3778	57592	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:25.900580883 CET	3778	57592	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:25.900867939 CET	57592	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:25.900949955 CET	57592	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:25.902024031 CET	57594	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:25.906894922 CET	3778	57594	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:25.906991959 CET	57594	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:25.908127069 CET	57594	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:25.912980080 CET	3778	57594	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:25.913053989 CET	57594	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:25.917911053 CET	3778	57594	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:26.725248098 CET	3778	57594	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:26.725507021 CET	57594	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:26.725596905 CET	57594	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:26.726728916 CET	57596	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:26.731611967 CET	3778	57596	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:26.731684923 CET	57596	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:26.732816935 CET	57596	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:26.737626076 CET	3778	57596	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:26.737708092 CET	57596	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:26.742629051 CET	3778	57596	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:27.544070959 CET	3778	57596	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:27.544549942 CET	57596	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:27.544549942 CET	57596	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:27.545605898 CET	57598	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:27.550497055 CET	3778	57598	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:27.550714016 CET	57598	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:27.552299023 CET	57598	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:27.557234049 CET	3778	57598	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:27.557410002 CET	57598	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:27.562278986 CET	3778	57598	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:28.844753027 CET	42516	80	192.168.2.23	109.202.202.202
Jan 14, 2025 04:23:37.561244965 CET	57598	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:37.566536903 CET	3778	57598	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:37.824569941 CET	3778	57598	96.62.214.10	192.168.2.23
Jan 14, 2025 04:23:37.824724913 CET	57598	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:23:55.465003967 CET	43928	443	192.168.2.23	91.189.91.42
Jan 14, 2025 04:24:37.855241060 CET	57598	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:24:37.861202955 CET	3778	57598	96.62.214.10	192.168.2.23
Jan 14, 2025 04:24:38.119385004 CET	3778	57598	96.62.214.10	192.168.2.23
Jan 14, 2025 04:24:38.120079994 CET	57598	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:02.093791008 CET	3778	57598	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:02.094608068 CET	57598	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:02.100486994 CET	3778	57598	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:03.102586031 CET	57600	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:03.108063936 CET	3778	57600	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:03.108197927 CET	57600	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:03.111583948 CET	57600	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:03.116878986 CET	3778	57600	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:03.117132902 CET	57600	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:03.121993065 CET	3778	57600	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:24.484807014 CET	3778	57600	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:24.485563993 CET	57600	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:24.490612030 CET	3778	57600	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:25.491478920 CET	57602	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:25.496896982 CET	3778	57602	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:25.497124910 CET	57602	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:25.499104023 CET	57602	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:25.504200935 CET	3778	57602	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:25.504292965 CET	57602	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:25.509641886 CET	3778	57602	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:26.276854038 CET	3778	57602	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:26.277237892 CET	57602	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:26.277237892 CET	57602	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:26.278273106 CET	57604	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:26.283363104 CET	3778	57604	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:26.283601999 CET	57604	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:26.285779953 CET	57604	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:26.290724039 CET	3778	57604	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:26.290930986 CET	57604	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:26.295927048 CET	3778	57604	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:27.085472107 CET	3778	57604	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:27.085843086 CET	57604	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:27.085843086 CET	57604	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:27.087953091 CET	57606	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:27.093668938 CET	3778	57606	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:27.094095945 CET	57606	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:27.096560955 CET	57606	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:27.102016926 CET	3778	57606	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:27.102490902 CET	57606	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:27.108138084 CET	3778	57606	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:47.114428043 CET	57606	3778	192.168.2.23	96.62.214.10
Jan 14, 2025 04:25:47.120382071 CET	3778	57606	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:47.378038883 CET	3778	57606	96.62.214.10	192.168.2.23
Jan 14, 2025 04:25:47.378699064 CET	57606	3778	192.168.2.23	96.62.214.10

System Behavior

Analysis Process: dash PID: 6219, Parent PID: 4331

General

Start time (UTC):	03:22:49
Start date (UTC):	14/01/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6219, Parent PID: 4331

General

Start time (UTC):	03:22:49
Start date (UTC):	14/01/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.BB4QsoPOHa /tmp/tmp.yjVWbGs7iW /tmp/tmp.fXaABbdPM7
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: dash PID: 6220, Parent PID: 4331

General

Start time (UTC):	03:22:49
Start date (UTC):	14/01/2025
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: rm PID: 6220, Parent PID: 4331

General

Start time (UTC):	03:22:49
Start date (UTC):	14/01/2025
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.BB4QsoPOHa /tmp/tmp.yjVWbGs7iW /tmp/tmp.fXaABbdPM7
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Chronological Activities

Analysis Process: boatnet.m68k.elf PID: 6248, Parent PID: 6150

General

Start time (UTC):	03:22:52
Start date (UTC):	14/01/2025
Path:	/tmp/boatnet.m68k.elf
Arguments:	/tmp/boatnet.m68k.elf
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: boatnet.m68k.elf PID: 6250, Parent PID: 6248

General

Start time (UTC):	03:22:53
Start date (UTC):	14/01/2025
Path:	/tmp/boatnet.m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: boatnet.m68k.elf PID: 6251, Parent PID: 6248

General

Start time (UTC):	03:22:53
Start date (UTC):	14/01/2025
Path:	/tmp/boatnet.m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: boatnet.m68k.elf PID: 6254, Parent PID: 6248

General

Start time (UTC):	03:22:53
Start date (UTC):	14/01/2025
Path:	/tmp/boatnet.m68k.elf
Arguments:	-
File size:	4463432 bytes
MD5 hash:	cd177594338c77b895ae27c33f8f86cc

Chronological Activities

Analysis Process: xfce4-panel PID: 6260, Parent PID: 2063

General

Start time (UTC):	03:22:58
Start date (UTC):	14/01/2025
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 6260, Parent PID: 2063

General

Start time (UTC):	03:22:58
Start date (UTC):	14/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: xfce4-panel PID: 6261, Parent PID: 2063

General

Start time (UTC):	03:22:58
Start date (UTC):	14/01/2025
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 6261, Parent PID: 2063

General

Start time (UTC):	03:22:58
Start date (UTC):	14/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: xfce4-panel PID: 6262, Parent PID: 2063

General

Start time (UTC):	03:22:58
Start date (UTC):	14/01/2025
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 6262, Parent PID: 2063

General

Start time (UTC):	03:22:58
Start date (UTC):	14/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: xfce4-panel PID: 6263, Parent PID: 2063

General

Start time (UTC):	03:22:58
Start date (UTC):	14/01/2025
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 6263, Parent PID: 2063

General

Start time (UTC):	03:22:58
Start date (UTC):	14/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: xfce4-panel PID: 6264, Parent PID: 2063

General

Start time (UTC):	03:22:58
Start date (UTC):	14/01/2025
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 6264, Parent PID: 2063

General

Start time (UTC):	03:22:58
Start date (UTC):	14/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: xfce4-panel PID: 6265, Parent PID: 2063

General

Start time (UTC):	03:22:58
Start date (UTC):	14/01/2025
Path:	/usr/bin/xfce4-panel
Arguments:	-
File size:	375768 bytes
MD5 hash:	a15b657c7d54ac1385f1f15004ea6784

Chronological Activities

Analysis Process: wrapper-2.0 PID: 6265, Parent PID: 2063

General

Start time (UTC):	03:22:58
Start date (UTC):	14/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
File size:	35136 bytes
MD5 hash:	ac0b8a906f359a8ae102244738682e76

Chronological Activities

Analysis Process: dbus-daemon PID: 6269, Parent PID: 6268

General

Start time (UTC):	03:22:59
Start date (UTC):	14/01/2025
Path:	/usr/bin/dbus-daemon
Arguments:	-
File size:	249032 bytes
MD5 hash:	3089d47e3f3ab84cd81c48fd406d7a8c

Chronological Activities

Analysis Process: xfconfd PID: 6269, Parent PID: 6268

General

Start time (UTC):	03:22:59
Start date (UTC):	14/01/2025
Path:	/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
File size:	112880 bytes
MD5 hash:	4c7a0d6d258bb970905b19b84abcd8e9

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
Tactics:	Impact
Data Sources:	Command: Command Execution, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Termination, Service: Service Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report boatnet.m68k.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: dash PID: 6219, Parent PID: 4331

General

Chronological Activities

Analysis Process: rm PID: 6219, Parent PID: 4331

General

Chronological Activities

Analysis Process: dash PID: 6220, Parent PID: 4331

General

Chronological Activities

Analysis Process: rm PID: 6220, Parent PID: 4331

General

Chronological Activities

Analysis Process: boatnet.m68k.elf PID: 6248, Parent PID: 6150

General

Chronological Activities

Analysis Process: boatnet.m68k.elf PID: 6250, Parent PID: 6248

General

Chronological Activities

Analysis Process: boatnet.m68k.elf PID: 6251, Parent PID: 6248

General

Linux Analysis Report
boatnet.m68k.elf