Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf

Overview

General Information

Sample name:46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf
Analysis ID:1627619
MD5:e8096820bd75fba7a8c607ad47ab8c4f
SHA1:9608f8761d548ab942e511041536465b83e74909
SHA256:4d6308d49f57378c4e243ec53b957af739fefa5779f1f0b4f0f0f33e828043d8
Tags:elfuser-threatquery
Infos:

Detection

Mirai
Score:76
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1627619
Start date and time:2025-03-02 22:28:17 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 6s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf
Detection:MAL
Classification:mal76.spre.troj.linELF@0/0@2/0

Runtime Messages

Command:/tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf
PID:5512
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wrapper-2.0 (PID: 5524, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5525, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 5526, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 5527, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 5547, Parent: 5527, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 5528, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 5529, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 5546, Parent: 5545, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 5556, Parent: 2955)
  • xfce4-notifyd (PID: 5556, Parent: 2955, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xc1e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc1f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc20c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc220:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc234:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc25c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc2fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc34c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xc374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elfLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0xc735:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5517.1.00007fb584001000.00007fb58400f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5517.1.00007fb584001000.00007fb58400f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xc1e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc1f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc20c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc220:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc234:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc25c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc2fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc34c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xc374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5517.1.00007fb584001000.00007fb58400f000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
      • 0xc735:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
      5512.1.00007fb584001000.00007fb58400f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5512.1.00007fb584001000.00007fb58400f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0xc1e4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc1f8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc20c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc220:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc234:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc248:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc25c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc270:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc284:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc298:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc2fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc310:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc324:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc338:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc34c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc360:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xc374:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        Click to see the 5 entries

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        • AV Detection
        • Networking
        • System Summary
        • Persistence and Installation Behavior
        • Malware Analysis System Evasion
        • Stealing of Sensitive Information
        • Remote Access Functionality

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elfAvira: detected
        Source: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elfVirustotal: Detection: 61%Perma Link
        Source: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elfReversingLabs: Detection: 65%
        Source: global trafficTCP traffic: 192.168.2.14:35644 -> 46.247.108.221:3778
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: unknownTCP traffic detected without corresponding DNS query: 46.247.108.221
        Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

        System Summary

        barindex
        Source: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5517.1.00007fb584001000.00007fb58400f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5517.1.00007fb584001000.00007fb58400f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5512.1.00007fb584001000.00007fb58400f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5512.1.00007fb584001000.00007fb58400f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf PID: 5512, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf PID: 5512, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf PID: 5517, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3129, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3184, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3187, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3188, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3189, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3190, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3193, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3207, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3215, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3235, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5524, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5525, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5526, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5527, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5528, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5529, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5546, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5556, result: successfulJump to behavior
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3129, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3184, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3187, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3188, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3189, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3190, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3193, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3207, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3215, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 3235, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5524, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5525, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5526, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5527, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5528, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5529, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5546, result: successfulJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)SIGKILL sent: pid: 5556, result: successfulJump to behavior
        Source: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5517.1.00007fb584001000.00007fb58400f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5517.1.00007fb584001000.00007fb58400f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5512.1.00007fb584001000.00007fb58400f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5512.1.00007fb584001000.00007fb58400f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf PID: 5512, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf PID: 5512, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf PID: 5517, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: classification engineClassification label: mal76.spre.troj.linELF@0/0@2/0
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5524)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5525)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5526)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5546)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5546)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5546)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5546)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5556)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5556)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5556)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5556)Directory: /home/saturnino/.configJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3760/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3761/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/2672/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1583/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3244/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3120/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3361/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3759/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3239/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1577/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1610/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/512/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1299/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3235/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/514/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/519/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/2946/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/917/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/5157/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3134/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1593/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3011/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3094/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3406/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1589/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3129/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1588/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3402/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3125/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3246/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3245/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/767/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/800/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/888/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3762/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/801/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/769/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/5546/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/803/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/806/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/807/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/928/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/2956/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3420/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/490/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3142/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1635/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1633/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1599/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3139/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1873/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1630/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3412/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/657/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/658/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/5556/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/659/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/418/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/419/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1639/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1638/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3673/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3398/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1371/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3392/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/780/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/660/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/661/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/782/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1369/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3304/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3425/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/785/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1642/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/940/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/941/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1640/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3147/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3268/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1364/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/548/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1647/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/2991/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1383/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1382/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1381/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/791/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/671/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/794/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1655/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/2986/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/795/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/674/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1653/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/797/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/2983/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3159/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/678/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1650/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3157/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/679/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/5456/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/1659/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/3319/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5515)File opened: /proc/5351/cmdlineJump to behavior
        Source: /tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf (PID: 5512)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5524)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5525)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5526)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5527)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5528)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5529)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5556)Queries kernel information via 'uname': Jump to behavior
        Source: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf, 5512.1.000055d1b596a000.000055d1b59ef000.rw-.sdmp, 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf, 5517.1.000055d1b596a000.000055d1b59ef000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/m68k
        Source: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf, 5512.1.00007fff9a108000.00007fff9a129000.rw-.sdmp, 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf, 5517.1.00007fff9a108000.00007fff9a129000.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
        Source: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf, 5512.1.000055d1b596a000.000055d1b59ef000.rw-.sdmp, 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf, 5517.1.000055d1b596a000.000055d1b59ef000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k
        Source: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf, 5512.1.00007fff9a108000.00007fff9a129000.rw-.sdmp, 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf, 5517.1.00007fff9a108000.00007fff9a129000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-m68k/tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf, type: SAMPLE
        Source: Yara matchFile source: 5517.1.00007fb584001000.00007fb58400f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5512.1.00007fb584001000.00007fb58400f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf PID: 5512, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Source: Yara matchFile source: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf, type: SAMPLE
        Source: Yara matchFile source: 5517.1.00007fb584001000.00007fb58400f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5512.1.00007fb584001000.00007fb58400f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf PID: 5512, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
        Hidden Files and Directories        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Non-Standard Port        		Exfiltration Over Other Network Medium1
        Service Stop
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1627619 Sample: 46.247.108.221-boatnet.m68k... Startdate: 02/03/2025 Architecture: LINUX Score: 76 24 46.247.108.221, 35644, 35646, 35648 FLUIDATAGB United Kingdom 2->24 26 daisy.ubuntu.com 2->26 28 Malicious sample detected (through community Yara rule) 2->28 30 Antivirus / Scanner detection for submitted sample 2->30 32 Multi AV Scanner detection for submitted file 2->32 34 Yara detected Mirai 2->34 7 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf 2->7         started        9 xfce4-panel wrapper-2.0 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 6 other processes 2->13 signatures3 process4 process5 15 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf 7->15         started        18 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf 7->18         started        20 46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf 7->20         started        22 wrapper-2.0 xfpm-power-backlight-helper 9->22         started        signatures6 36 Sample tries to kill multiple processes (SIGKILL) 15->36

        Screenshots

        Download Video

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf62%VirustotalBrowse
        46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf66%ReversingLabsLinux.Trojan.Mirai
        46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf100%AviraEXP/ELF.Gafgyt.D

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Download Network PCAP: filteredfull

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        daisy.ubuntu.com
        		162.213.35.24
        		truefalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          46.247.108.221
          		unknownUnited Kingdom
          		39545FLUIDATAGBtrue

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          46.247.108.22146.247.108.221-boatnet.x86-2025-02-28T21_19_25.elfGet hashmaliciousMiraiBrowse
            46.247.108.221-boatnet.ppc-2025-02-28T21_19_25.elfGet hashmaliciousMiraiBrowse
              46.247.108.221-boatnet.sh4-2025-02-28T21_49_47.elfGet hashmaliciousMiraiBrowse

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                daisy.ubuntu.comhar.elfGet hashmaliciousUnknownBrowse
                • 162.213.35.24
                main_arm6.elfGet hashmaliciousMiraiBrowse
                • 162.213.35.25
                sshd.elfGet hashmaliciousUnknownBrowse
                • 162.213.35.24
                jackmymips.elfGet hashmaliciousGafgyt, MiraiBrowse
                • 162.213.35.24
                jackmypowerpc.elfGet hashmaliciousGafgyt, MiraiBrowse
                • 162.213.35.24
                jackmysh4.elfGet hashmaliciousGafgyt, MiraiBrowse
                • 162.213.35.25
                jackmyarmv6.elfGet hashmaliciousGafgyt, MiraiBrowse
                • 162.213.35.25
                jackmyx86.elfGet hashmaliciousGafgyt, MiraiBrowse
                • 162.213.35.24
                jackmyi586.elfGet hashmaliciousGafgyt, MiraiBrowse
                • 162.213.35.24

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                FLUIDATAGBx86_64.elfGet hashmaliciousMirai, MoobotBrowse
                • 46.247.116.152
                res.mpsl.elfGet hashmaliciousMiraiBrowse
                • 46.247.70.167
                46.247.108.221-boatnet.x86-2025-02-28T21_19_25.elfGet hashmaliciousMiraiBrowse
                • 46.247.108.221
                46.247.108.221-boatnet.ppc-2025-02-28T21_19_25.elfGet hashmaliciousMiraiBrowse
                • 46.247.108.221
                46.247.108.221-boatnet.sh4-2025-02-28T21_49_47.elfGet hashmaliciousMiraiBrowse
                • 46.247.108.221
                res.mips.elfGet hashmaliciousMiraiBrowse
                • 46.247.70.157
                res.x86.elfGet hashmaliciousUnknownBrowse
                • 46.247.70.120
                Owari.m68k.elfGet hashmaliciousUnknownBrowse
                • 46.247.70.152
                Fantazy.arm4.elfGet hashmaliciousUnknownBrowse
                • 46.247.116.166
                3.elfGet hashmaliciousUnknownBrowse
                • 46.247.70.170

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                No created / dropped files found

                Static File Info

                General

                File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
                Entropy (8bit):6.2551936909027654
                TrID:
                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                File name:46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf
                File size:54'932 bytes
                MD5:e8096820bd75fba7a8c607ad47ab8c4f
                SHA1:9608f8761d548ab942e511041536465b83e74909
                SHA256:4d6308d49f57378c4e243ec53b957af739fefa5779f1f0b4f0f0f33e828043d8
                SHA512:fcfad27bbf289b3e61fbc0a9245b3ed60235e0d44b6de625b94b0705855b49b2ad4a096df54347e8248460daa75f7197627f532b19e4b7e9c56659205b4269c0
                SSDEEP:768:gduPBFnHooqR8qOCKq2cH4Fje+TK806MMUVjzMfQXOtHud2oGT:r/hqaJMcjeqK806MHdMfQXoHuCT
                TLSH:E133FA8EB8029D3CF91BE6BE54164E0DB93177C152830B2757BBFDA36C721945E02E85
                File Content Preview:.ELF.......................D...4.........4. ...(.................................. ....................(.......... .dt.Q............................NV..a....da.....N^NuNV..J9....f>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X.........N^NuNV..N^NuN

                Static ELF Info

                ELF header

                Class:ELF32
                Data:2's complement, big endian
                Version:1 (current)
                Machine:MC68000
                Version Number:0x1
                Type:EXEC (Executable file)
                OS/ABI:UNIX - System V
                ABI Version:0
                Entry Point Address:0x80000144
                Flags:0x0
                ELF Header Size:52
                Program Header Offset:52
                Program Header Size:32
                Number of Program Headers:3
                Section Header Offset:54532
                Section Header Size:40
                Number of Section Headers:10
                Header String Table Index:9

                Sections

                NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                NULL0x00x00x00x00x0000
                .initPROGBITS0x800000940x940x140x00x6AX002
                .textPROGBITS0x800000a80xa80xc12e0x00x6AX004
                .finiPROGBITS0x8000c1d60xc1d60xe0x00x6AX002
                .rodataPROGBITS0x8000c1e40xc1e40x10b40x00x2A002
                .ctorsPROGBITS0x8000f29c0xd29c0x80x00x3WA004
                .dtorsPROGBITS0x8000f2a40xd2a40x80x00x3WA004
                .dataPROGBITS0x8000f2b00xd2b00x2140x00x3WA004
                .bssNOBITS0x8000f4c40xd4c40x2a00x00x3WA004
                .shstrtabSTRTAB0x00xd4c40x3e0x00x0001

                Program Segments

                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                LOAD0x00x800000000x800000000xd2980xd2986.29060x5R E0x2000.init .text .fini .rodata
                LOAD0xd29c0x8000f29c0x8000f29c0x2280x4c83.03460x6RW 0x2000.ctors .dtors .data .bss
                GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                Network Behavior

                Download Network PCAP: filteredfull

                Network Port Distribution

                • Total Packets: 60
                • 3778 undefined
                • 53 (DNS)
                TimestampSource PortDest PortSource IPDest IP
                Mar 2, 2025 22:29:09.510706902 CET356443778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:09.516031027 CET37783564446.247.108.221192.168.2.14
                Mar 2, 2025 22:29:09.516114950 CET356443778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:09.550753117 CET356443778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:09.555819035 CET37783564446.247.108.221192.168.2.14
                Mar 2, 2025 22:29:09.555895090 CET356443778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:09.560961962 CET37783564446.247.108.221192.168.2.14
                Mar 2, 2025 22:29:10.060981989 CET37783564446.247.108.221192.168.2.14
                Mar 2, 2025 22:29:10.061465025 CET356443778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:10.066595078 CET37783564446.247.108.221192.168.2.14
                Mar 2, 2025 22:29:11.064328909 CET356463778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:11.069962978 CET37783564646.247.108.221192.168.2.14
                Mar 2, 2025 22:29:11.070164919 CET356463778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:11.071635008 CET356463778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:11.076893091 CET37783564646.247.108.221192.168.2.14
                Mar 2, 2025 22:29:11.077245951 CET356463778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:11.082459927 CET37783564646.247.108.221192.168.2.14
                Mar 2, 2025 22:29:21.081314087 CET356463778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:21.086545944 CET37783564646.247.108.221192.168.2.14
                Mar 2, 2025 22:29:32.459465981 CET37783564646.247.108.221192.168.2.14
                Mar 2, 2025 22:29:32.459904909 CET356463778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:32.465085983 CET37783564646.247.108.221192.168.2.14
                Mar 2, 2025 22:29:33.461740971 CET356483778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:33.490767956 CET37783564846.247.108.221192.168.2.14
                Mar 2, 2025 22:29:33.490947962 CET356483778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:33.491837978 CET356483778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:33.496962070 CET37783564846.247.108.221192.168.2.14
                Mar 2, 2025 22:29:33.497018099 CET356483778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:33.502176046 CET37783564846.247.108.221192.168.2.14
                Mar 2, 2025 22:29:54.846652985 CET37783564846.247.108.221192.168.2.14
                Mar 2, 2025 22:29:54.847151995 CET356483778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:54.852798939 CET37783564846.247.108.221192.168.2.14
                Mar 2, 2025 22:29:55.849916935 CET356503778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:55.855511904 CET37783565046.247.108.221192.168.2.14
                Mar 2, 2025 22:29:55.855643034 CET356503778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:55.857275963 CET356503778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:55.862884998 CET37783565046.247.108.221192.168.2.14
                Mar 2, 2025 22:29:55.863028049 CET356503778192.168.2.1446.247.108.221
                Mar 2, 2025 22:29:55.868704081 CET37783565046.247.108.221192.168.2.14
                Mar 2, 2025 22:30:17.207031012 CET37783565046.247.108.221192.168.2.14
                Mar 2, 2025 22:30:17.207427979 CET356503778192.168.2.1446.247.108.221
                Mar 2, 2025 22:30:17.212927103 CET37783565046.247.108.221192.168.2.14
                Mar 2, 2025 22:30:18.210577011 CET356523778192.168.2.1446.247.108.221
                Mar 2, 2025 22:30:18.216198921 CET37783565246.247.108.221192.168.2.14
                Mar 2, 2025 22:30:18.216392994 CET356523778192.168.2.1446.247.108.221
                Mar 2, 2025 22:30:18.218395948 CET356523778192.168.2.1446.247.108.221
                Mar 2, 2025 22:30:18.224375010 CET37783565246.247.108.221192.168.2.14
                Mar 2, 2025 22:30:18.224467993 CET356523778192.168.2.1446.247.108.221
                Mar 2, 2025 22:30:18.229979992 CET37783565246.247.108.221192.168.2.14
                Mar 2, 2025 22:30:28.228321075 CET356523778192.168.2.1446.247.108.221
                Mar 2, 2025 22:30:28.233745098 CET37783565246.247.108.221192.168.2.14
                Mar 2, 2025 22:30:39.585799932 CET37783565246.247.108.221192.168.2.14
                Mar 2, 2025 22:30:39.586052895 CET356523778192.168.2.1446.247.108.221
                Mar 2, 2025 22:30:39.591182947 CET37783565246.247.108.221192.168.2.14
                Mar 2, 2025 22:30:40.589102983 CET356543778192.168.2.1446.247.108.221
                Mar 2, 2025 22:30:40.594567060 CET37783565446.247.108.221192.168.2.14
                Mar 2, 2025 22:30:40.594695091 CET356543778192.168.2.1446.247.108.221
                Mar 2, 2025 22:30:40.596239090 CET356543778192.168.2.1446.247.108.221
                Mar 2, 2025 22:30:40.601366043 CET37783565446.247.108.221192.168.2.14
                Mar 2, 2025 22:30:40.601444006 CET356543778192.168.2.1446.247.108.221
                Mar 2, 2025 22:30:40.606470108 CET37783565446.247.108.221192.168.2.14
                Mar 2, 2025 22:31:01.943155050 CET37783565446.247.108.221192.168.2.14
                Mar 2, 2025 22:31:01.943465948 CET356543778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:01.948664904 CET37783565446.247.108.221192.168.2.14
                Mar 2, 2025 22:31:02.946662903 CET356563778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:02.951900959 CET37783565646.247.108.221192.168.2.14
                Mar 2, 2025 22:31:02.952014923 CET356563778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:02.953356981 CET356563778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:02.958736897 CET37783565646.247.108.221192.168.2.14
                Mar 2, 2025 22:31:02.958818913 CET356563778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:02.963932991 CET37783565646.247.108.221192.168.2.14
                Mar 2, 2025 22:31:24.354815006 CET37783565646.247.108.221192.168.2.14
                Mar 2, 2025 22:31:24.355123997 CET356563778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:24.360340118 CET37783565646.247.108.221192.168.2.14
                Mar 2, 2025 22:31:25.358055115 CET356583778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:25.363352060 CET37783565846.247.108.221192.168.2.14
                Mar 2, 2025 22:31:25.363583088 CET356583778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:25.365137100 CET356583778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:25.370244980 CET37783565846.247.108.221192.168.2.14
                Mar 2, 2025 22:31:25.370306969 CET356583778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:25.375466108 CET37783565846.247.108.221192.168.2.14
                Mar 2, 2025 22:31:35.374942064 CET356583778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:35.380186081 CET37783565846.247.108.221192.168.2.14
                Mar 2, 2025 22:31:46.727528095 CET37783565846.247.108.221192.168.2.14
                Mar 2, 2025 22:31:46.727962971 CET356583778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:46.733134985 CET37783565846.247.108.221192.168.2.14
                Mar 2, 2025 22:31:47.731213093 CET356603778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:47.895525932 CET37783566046.247.108.221192.168.2.14
                Mar 2, 2025 22:31:47.895773888 CET356603778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:47.897582054 CET356603778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:47.902632952 CET37783566046.247.108.221192.168.2.14
                Mar 2, 2025 22:31:47.902721882 CET356603778192.168.2.1446.247.108.221
                Mar 2, 2025 22:31:47.907793999 CET37783566046.247.108.221192.168.2.14
                Mar 2, 2025 22:32:09.239649057 CET37783566046.247.108.221192.168.2.14
                Mar 2, 2025 22:32:09.240236044 CET356603778192.168.2.1446.247.108.221
                Mar 2, 2025 22:32:09.245429039 CET37783566046.247.108.221192.168.2.14
                Mar 2, 2025 22:32:10.243045092 CET356623778192.168.2.1446.247.108.221
                Mar 2, 2025 22:32:10.248334885 CET37783566246.247.108.221192.168.2.14
                Mar 2, 2025 22:32:10.248526096 CET356623778192.168.2.1446.247.108.221
                Mar 2, 2025 22:32:10.249425888 CET356623778192.168.2.1446.247.108.221
                Mar 2, 2025 22:32:10.254503965 CET37783566246.247.108.221192.168.2.14
                Mar 2, 2025 22:32:10.254586935 CET356623778192.168.2.1446.247.108.221
                Mar 2, 2025 22:32:10.259691000 CET37783566246.247.108.221192.168.2.14
                Mar 2, 2025 22:32:31.633179903 CET37783566246.247.108.221192.168.2.14
                Mar 2, 2025 22:32:31.633455038 CET356623778192.168.2.1446.247.108.221
                Mar 2, 2025 22:32:31.639378071 CET37783566246.247.108.221192.168.2.14
                Mar 2, 2025 22:32:32.637715101 CET356643778192.168.2.1446.247.108.221
                Mar 2, 2025 22:32:33.177865028 CET37783566446.247.108.221192.168.2.14
                Mar 2, 2025 22:32:33.178303957 CET356643778192.168.2.1446.247.108.221
                Mar 2, 2025 22:32:33.180310011 CET356643778192.168.2.1446.247.108.221
                Mar 2, 2025 22:32:33.185412884 CET37783566446.247.108.221192.168.2.14
                Mar 2, 2025 22:32:33.185497999 CET356643778192.168.2.1446.247.108.221
                Mar 2, 2025 22:32:33.190599918 CET37783566446.247.108.221192.168.2.14
                Mar 2, 2025 22:32:43.186661959 CET356643778192.168.2.1446.247.108.221
                Mar 2, 2025 22:32:43.193641901 CET37783566446.247.108.221192.168.2.14
                TimestampSource PortDest PortSource IPDest IP
                Mar 2, 2025 22:31:53.757134914 CET5833853192.168.2.141.1.1.1
                Mar 2, 2025 22:31:53.757222891 CET5092153192.168.2.141.1.1.1
                Mar 2, 2025 22:31:53.764722109 CET53583381.1.1.1192.168.2.14
                Mar 2, 2025 22:31:53.765193939 CET53509211.1.1.1192.168.2.14

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Mar 2, 2025 22:31:53.757134914 CET192.168.2.141.1.1.10xb2a5Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                Mar 2, 2025 22:31:53.757222891 CET192.168.2.141.1.1.10x3052Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Mar 2, 2025 22:31:53.764722109 CET1.1.1.1192.168.2.140xb2a5No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                Mar 2, 2025 22:31:53.764722109 CET1.1.1.1192.168.2.140xb2a5No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                System Behavior

                General

                Start time (UTC):21:29:08
                Start date (UTC):02/03/2025
                Path:/tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf
                Arguments:/tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf
                File size:4463432 bytes
                MD5 hash:cd177594338c77b895ae27c33f8f86cc

                File Activities

                Process Activities

                System Activities

                Network Activities


                General

                Start time (UTC):21:29:08
                Start date (UTC):02/03/2025
                Path:/tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf
                Arguments:-
                File size:4463432 bytes
                MD5 hash:cd177594338c77b895ae27c33f8f86cc

                File Activities

                Process Activities


                General

                Start time (UTC):21:29:08
                Start date (UTC):02/03/2025
                Path:/tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf
                Arguments:-
                File size:4463432 bytes
                MD5 hash:cd177594338c77b895ae27c33f8f86cc

                File Activities

                Process Activities


                General

                Start time (UTC):21:29:08
                Start date (UTC):02/03/2025
                Path:/tmp/46.247.108.221-boatnet.m68k-2025-02-28T21_19_26.elf
                Arguments:-
                File size:4463432 bytes
                MD5 hash:cd177594338c77b895ae27c33f8f86cc

                Process Activities

                Network Activities


                General

                Start time (UTC):21:29:13
                Start date (UTC):02/03/2025
                Path:/usr/bin/xfce4-panel
                Arguments:-
                File size:375768 bytes
                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                Process Activities


                General

                Start time (UTC):21:29:13
                Start date (UTC):02/03/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                File size:35136 bytes
                MD5 hash:ac0b8a906f359a8ae102244738682e76

                File Activities

                Process Activities

                System Activities

                Network Activities


                General

                Start time (UTC):21:29:13
                Start date (UTC):02/03/2025
                Path:/usr/bin/xfce4-panel
                Arguments:-
                File size:375768 bytes
                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                Process Activities


                General

                Start time (UTC):21:29:13
                Start date (UTC):02/03/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                File size:35136 bytes
                MD5 hash:ac0b8a906f359a8ae102244738682e76

                File Activities

                Process Activities

                System Activities

                Network Activities


                General

                Start time (UTC):21:29:13
                Start date (UTC):02/03/2025
                Path:/usr/bin/xfce4-panel
                Arguments:-
                File size:375768 bytes
                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                Process Activities


                General

                Start time (UTC):21:29:13
                Start date (UTC):02/03/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                File size:35136 bytes
                MD5 hash:ac0b8a906f359a8ae102244738682e76

                File Activities

                Process Activities

                System Activities

                Network Activities


                General

                Start time (UTC):21:29:13
                Start date (UTC):02/03/2025
                Path:/usr/bin/xfce4-panel
                Arguments:-
                File size:375768 bytes
                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                Process Activities


                General

                Start time (UTC):21:29:13
                Start date (UTC):02/03/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                File size:35136 bytes
                MD5 hash:ac0b8a906f359a8ae102244738682e76

                File Activities

                Process Activities

                System Activities

                Network Activities


                General

                Start time (UTC):21:29:19
                Start date (UTC):02/03/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                Arguments:-
                File size:35136 bytes
                MD5 hash:ac0b8a906f359a8ae102244738682e76

                File Activities

                Process Activities


                General

                Start time (UTC):21:29:19
                Start date (UTC):02/03/2025
                Path:/usr/sbin/xfpm-power-backlight-helper
                Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
                File size:14656 bytes
                MD5 hash:3d221ad23f28ca3259f599b1664e2427

                File Activities


                General

                Start time (UTC):21:29:13
                Start date (UTC):02/03/2025
                Path:/usr/bin/xfce4-panel
                Arguments:-
                File size:375768 bytes
                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                Process Activities


                General

                Start time (UTC):21:29:13
                Start date (UTC):02/03/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                File size:35136 bytes
                MD5 hash:ac0b8a906f359a8ae102244738682e76

                File Activities

                Process Activities

                System Activities

                Network Activities


                General

                Start time (UTC):21:29:13
                Start date (UTC):02/03/2025
                Path:/usr/bin/xfce4-panel
                Arguments:-
                File size:375768 bytes
                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                Process Activities


                General

                Start time (UTC):21:29:13
                Start date (UTC):02/03/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
                File size:35136 bytes
                MD5 hash:ac0b8a906f359a8ae102244738682e76

                File Activities

                Process Activities

                System Activities

                Network Activities


                General

                Start time (UTC):21:29:19
                Start date (UTC):02/03/2025
                Path:/usr/bin/dbus-daemon
                Arguments:-
                File size:249032 bytes
                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                Process Activities


                General

                Start time (UTC):21:29:19
                Start date (UTC):02/03/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                File size:112880 bytes
                MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                File Activities

                Process Activities

                Network Activities


                General

                Start time (UTC):21:29:23
                Start date (UTC):02/03/2025
                Path:/usr/lib/systemd/systemd
                Arguments:-
                File size:1620224 bytes
                MD5 hash:9b2bec7092a40488108543f9334aab75

                Process Activities


                General

                Start time (UTC):21:29:23
                Start date (UTC):02/03/2025
                Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                File size:112872 bytes
                MD5 hash:eee956f1b227c1d5031f9c61223255d1

                File Activities

                Process Activities

                System Activities

                Network Activities