Edit tour

Linux Analysis Report
boatnet.x86.elf

Overview

General Information

Sample name:boatnet.x86.elf
Analysis ID:1582567
MD5:40648053c206c69674f9763fef196c6a
SHA1:04f18536aed84f036d6c9f0dabcaf8bd88924826
SHA256:8319d2c673442caca81b4e6ee7042dd28b8f4db9288078be16dad1d2f5946ae7
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Machine Learning detection for sample
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Sample tries to kill a process (SIGKILL)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:41.0.0 Charoite
Analysis ID:1582567
Start date and time:2024-12-30 22:28:08 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 1s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:boatnet.x86.elf
Detection:MAL
Classification:mal76.spre.troj.evad.linELF@0/1@0/0
  • VT rate limit hit for: boatnet.x86.elf
Command:/tmp/boatnet.x86.elf
PID:6232
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:
  • system is lnxubuntu20
  • wrapper-2.0 (PID: 6239, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 6240, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 6241, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 6242, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 6259, Parent: 6242, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 6243, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 6244, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 6258, Parent: 6257, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 6269, Parent: 1860)
  • xfce4-notifyd (PID: 6269, Parent: 1860, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
boatnet.x86.elfLinux_Trojan_Gafgyt_ea92cca8unknownunknown
  • 0x4417:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
SourceRuleDescriptionAuthorStrings
6235.1.0000000008048000.0000000008054000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    6235.1.0000000008048000.0000000008054000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xa820:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa834:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa848:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa85c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa870:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa884:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa898:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa8ac:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa8c0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa8d4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa8e8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa8fc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa910:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa924:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa938:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa94c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa960:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa974:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa988:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa99c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xa9b0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    6235.1.0000000008048000.0000000008054000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0xad78:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
    6232.1.0000000008048000.0000000008054000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      6235.1.0000000008048000.0000000008054000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
      • 0x5990:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
      Click to see the 22 entries
      No Suricata rule has matched

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: boatnet.x86.elfReversingLabs: Detection: 55%
      Source: boatnet.x86.elfJoe Sandbox ML: detected
      Source: global trafficTCP traffic: 192.168.2.23:46560 -> 104.168.45.33:3778
      Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
      Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
      Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
      Source: boatnet.x86.elfString found in binary or memory: http://upx.sf.net
      Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

      System Summary

      barindex
      Source: boatnet.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 Author: unknown
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2018, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2077, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2078, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2079, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2080, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2083, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2084, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2114, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2156, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6235, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6239, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6240, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6241, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6242, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6243, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6244, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6258, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6269, result: successfulJump to behavior
      Source: xfce4-panel.xml.new.30.drOLE indicator, VBA macros: true
      Source: xfce4-panel.xml.new.30.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
      Source: LOAD without section mappingsProgram segment: 0xc01000
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2018, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2077, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2078, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2079, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2080, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2083, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2084, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2114, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 2156, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6235, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6239, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6240, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6241, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6242, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6243, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6244, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6258, result: successfulJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)SIGKILL sent: pid: 6269, result: successfulJump to behavior
      Source: boatnet.x86.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_ae9d0fa6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = ca2bf2771844bec95563800d19a35dd230413f8eff0bd44c8ab0b4c596f81bfc, id = ae9d0fa6-be06-4656-9b13-8edfc0ee9e71, last_modified = 2021-09-16
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
      Source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
      Source: classification engineClassification label: mal76.spre.troj.evad.linELF@0/1@0/0

      Data Obfuscation

      barindex
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
      Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6239)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /home/saturnino/.fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/X11/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /home/saturnino/.fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/X11/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /home/saturnino/.fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/X11/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /home/saturnino/.fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/X11/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /home/saturnino/.cacheJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /home/saturnino/.localJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Directory: /home/saturnino/.configJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /home/saturnino/.fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/X11/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6258)Directory: /home/saturnino/.cacheJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6258)Directory: /home/saturnino/.localJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6258)Directory: /home/saturnino/.configJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 6258)Directory: /home/saturnino/.configJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6269)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6269)Directory: /home/saturnino/.cacheJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6269)Directory: /home/saturnino/.localJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6269)Directory: /home/saturnino/.configJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/6354/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/6235/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1582/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2033/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2275/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/3088/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/6191/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1612/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1579/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1699/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1335/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1698/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2028/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1334/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1576/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2302/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/3236/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2025/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2146/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/910/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/4445/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/912/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/4446/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/517/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/759/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/4447/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/4448/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2307/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/918/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/6241/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/6240/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/6243/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/6242/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/6244/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1594/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2285/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2281/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1349/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1623/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/761/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1622/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/884/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1983/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2038/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1344/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1465/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1586/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1463/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2156/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/800/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/801/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1629/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/6239/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1627/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1900/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/6258/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/3021/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/491/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2294/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2050/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1877/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/772/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1633/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1599/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1632/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/774/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1477/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/654/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/896/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1476/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1872/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2048/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/655/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1475/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2289/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/656/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/777/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/657/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/658/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/4500/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/419/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/936/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1639/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1638/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2208/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2180/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/6269/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1809/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1494/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1890/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2063/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2062/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1888/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1886/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/420/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1489/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/785/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1642/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/788/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/667/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/789/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/1648/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/4497/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2078/cmdlineJump to behavior
      Source: /tmp/boatnet.x86.elf (PID: 6233)File opened: /proc/2077/cmdlineJump to behavior
      Source: boatnet.x86.elfSubmission file: segment LOAD with 7.8484 entropy (max. 8.0)
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6239)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6240)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6241)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6242)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6243)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 6244)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 6269)Queries kernel information via 'uname': Jump to behavior

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: 6235.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6232.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6234.1.0000000008048000.0000000008054000.r-x.sdmp, type: MEMORY
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity Information1
      Scripting
      Valid AccountsWindows Management Instrumentation1
      Scripting
      Path Interception1
      Hidden Files and Directories
      1
      OS Credential Dumping
      1
      Security Software Discovery
      Remote ServicesData from Local System1
      Encrypted Channel
      Exfiltration Over Other Network Medium1
      Service Stop
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
      Obfuscated Files or Information
      LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Standard Port
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
      Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      No configs have been found
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582567 Sample: boatnet.x86.elf Startdate: 30/12/2024 Architecture: LINUX Score: 76 24 109.202.202.202, 80 INIT7CH Switzerland 2->24 26 91.189.91.42, 443 CANONICAL-ASGB United Kingdom 2->26 28 2 other IPs or domains 2->28 30 Malicious sample detected (through community Yara rule) 2->30 32 Multi AV Scanner detection for submitted file 2->32 34 Yara detected Mirai 2->34 36 2 other signatures 2->36 7 boatnet.x86.elf 2->7         started        9 xfce4-panel wrapper-2.0 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 6 other processes 2->13 signatures3 process4 process5 15 boatnet.x86.elf 7->15         started        18 boatnet.x86.elf 7->18         started        20 boatnet.x86.elf 7->20         started        22 wrapper-2.0 xfpm-power-backlight-helper 9->22         started        signatures6 38 Sample tries to kill multiple processes (SIGKILL) 15->38

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      boatnet.x86.elf55%ReversingLabsLinux.Backdoor.Mirai
      boatnet.x86.elf100%Joe Sandbox ML
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches

      Download Network PCAP: filteredfull

      No contacted domains info
      NameSourceMaliciousAntivirus DetectionReputation
      http://upx.sf.netboatnet.x86.elffalse
        high
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        109.202.202.202
        unknownSwitzerland
        13030INIT7CHfalse
        104.168.45.33
        unknownUnited States
        36352AS-COLOCROSSINGUSfalse
        91.189.91.43
        unknownUnited Kingdom
        41231CANONICAL-ASGBfalse
        91.189.91.42
        unknownUnited Kingdom
        41231CANONICAL-ASGBfalse
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
        • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
        91.189.91.43i.elfGet hashmaliciousUnknownBrowse
          boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
            boatnet.arm5.elfGet hashmaliciousMiraiBrowse
              boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                kwari.m68k.elfGet hashmaliciousUnknownBrowse
                  fenty.arm5.elfGet hashmaliciousMiraiBrowse
                    boatnet.x86.elfGet hashmaliciousMiraiBrowse
                      fenty.arm7.elfGet hashmaliciousMiraiBrowse
                        boatnet.arc.elfGet hashmaliciousMiraiBrowse
                          boatnet.arm.elfGet hashmaliciousMiraiBrowse
                            91.189.91.42i.elfGet hashmaliciousUnknownBrowse
                              boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                boatnet.arm5.elfGet hashmaliciousMiraiBrowse
                                  boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                    kwari.m68k.elfGet hashmaliciousUnknownBrowse
                                      fenty.arm5.elfGet hashmaliciousMiraiBrowse
                                        boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                          fenty.arm7.elfGet hashmaliciousMiraiBrowse
                                            boatnet.arc.elfGet hashmaliciousMiraiBrowse
                                              boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                No context
                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                CANONICAL-ASGBi.elfGet hashmaliciousUnknownBrowse
                                                • 91.189.91.42
                                                boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                boatnet.arm5.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                kwari.m68k.elfGet hashmaliciousUnknownBrowse
                                                • 91.189.91.42
                                                fenty.arm5.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                fenty.arm7.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                boatnet.mips.elfGet hashmaliciousMiraiBrowse
                                                • 185.125.190.26
                                                boatnet.arc.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                CANONICAL-ASGBi.elfGet hashmaliciousUnknownBrowse
                                                • 91.189.91.42
                                                boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                boatnet.arm5.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                kwari.m68k.elfGet hashmaliciousUnknownBrowse
                                                • 91.189.91.42
                                                fenty.arm5.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                fenty.arm7.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                boatnet.mips.elfGet hashmaliciousMiraiBrowse
                                                • 185.125.190.26
                                                boatnet.arc.elfGet hashmaliciousMiraiBrowse
                                                • 91.189.91.42
                                                AS-COLOCROSSINGUSrebirth.m68.elfGet hashmaliciousGafgytBrowse
                                                • 23.95.72.235
                                                rebirth.mips.elfGet hashmaliciousGafgytBrowse
                                                • 23.95.72.235
                                                rebirth.arm6.elfGet hashmaliciousGafgytBrowse
                                                • 23.95.72.235
                                                rebirth.ppc.elfGet hashmaliciousGafgytBrowse
                                                • 23.95.72.235
                                                rebirth.arm4t.elfGet hashmaliciousGafgytBrowse
                                                • 23.95.72.235
                                                rebirth.x86.elfGet hashmaliciousGafgytBrowse
                                                • 23.95.72.235
                                                rebirth.sh4.elfGet hashmaliciousGafgytBrowse
                                                • 23.95.72.235
                                                rebirth.arm5.elfGet hashmaliciousGafgytBrowse
                                                • 23.95.72.235
                                                rebirth.i686.elfGet hashmaliciousGafgytBrowse
                                                • 23.95.72.235
                                                GfxDriverUpdater.exeGet hashmaliciousDanaBotBrowse
                                                • 198.23.237.249
                                                INIT7CHi.elfGet hashmaliciousUnknownBrowse
                                                • 109.202.202.202
                                                boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                • 109.202.202.202
                                                boatnet.arm5.elfGet hashmaliciousMiraiBrowse
                                                • 109.202.202.202
                                                boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                • 109.202.202.202
                                                kwari.m68k.elfGet hashmaliciousUnknownBrowse
                                                • 109.202.202.202
                                                fenty.arm5.elfGet hashmaliciousMiraiBrowse
                                                • 109.202.202.202
                                                boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                • 109.202.202.202
                                                fenty.arm7.elfGet hashmaliciousMiraiBrowse
                                                • 109.202.202.202
                                                boatnet.arc.elfGet hashmaliciousMiraiBrowse
                                                • 109.202.202.202
                                                boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                • 109.202.202.202
                                                No context
                                                No context
                                                Process:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                                File Type:XML 1.0 document, ASCII text
                                                Category:dropped
                                                Size (bytes):5128
                                                Entropy (8bit):4.457618060812407
                                                Encrypted:false
                                                SSDEEP:96:R14GBdYLSNUH+ZAFQrSRR6dn0tWlTDFwIfM/vfzPpjT9I3jZ/qeH2Wg:74GnYLSNUH+ZAyrSRRYn0taTDKIfMPzv
                                                MD5:2A2A7C34B585CDAE5E123F3C5100C253
                                                SHA1:E814B1B1531B25581DB76CB813C85E53E1390BA4
                                                SHA-256:BCA18B654D038B69B25ACDF84CFF99BF521A1B54F482F1DE2B54CE13AC219A04
                                                SHA-512:CEC7A3A7A6AD6C2A6D101A3BF6D89A01EBDCEB0121AA3DE1CEA024268410B39E4E9188382439C7C3FD734C66764B66B13F1D277700B00A2FCB35CB67E31996DD
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview:<?xml version="1.0" encoding="UTF-8"?>..<channel name="xfce4-panel" version="1.0">. <property name="configver" type="int" value="2"/>. <property name="panels" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <property name="panel-1" type="empty">. <property name="position" type="string" value="p=6;x=0;y=0"/>. <property name="length" type="uint" value="100"/>. <property name="position-locked" type="bool" value="true"/>. <property name="icon-size" type="uint" value="16"/>. <property name="size" type="uint" value="26"/>. <property name="plugin-ids" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <value type="int" value="3"/>. <value type="int" value="4"/>. <value type="int" value="5"/>. <value type="int" value="6"/>. <value type="int" value="7"/>. <value type="int" value="8"/>. <value type="int" value="9"/>. <value type="in
                                                File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
                                                Entropy (8bit):7.844562772784021
                                                TrID:
                                                • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                File name:boatnet.x86.elf
                                                File size:21'500 bytes
                                                MD5:40648053c206c69674f9763fef196c6a
                                                SHA1:04f18536aed84f036d6c9f0dabcaf8bd88924826
                                                SHA256:8319d2c673442caca81b4e6ee7042dd28b8f4db9288078be16dad1d2f5946ae7
                                                SHA512:8dded6f9ccff98b321d7b45432f0fa5e433409dd9b817bad1482ffc26881fe165a1c2e2bf0562a7128df833019215b8e335ee4d1ed2f02b90b33e025c7b37269
                                                SSDEEP:384:MgWLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oTH:O98o08kxofBE+ZkXaITbp2F2TWul0c5z
                                                TLSH:06A2E019BF1C868BC836797555D9EAD21393FC61F29CCC096940D16FF0A33A95834F8A
                                                File Content Preview:.ELF.....................Z..4...........4. ...(......................R...R...................G...G..................Q.td................................UPX!....................Y.......w....ELF.......d....g..4...34. (.....[..;;.F.@....'..6..f?..@..>....{?i

                                                ELF header

                                                Class:ELF32
                                                Data:2's complement, little endian
                                                Version:1 (current)
                                                Machine:Intel 80386
                                                Version Number:0x1
                                                Type:EXEC (Executable file)
                                                OS/ABI:UNIX - Linux
                                                ABI Version:0
                                                Entry Point Address:0xc05af0
                                                Flags:0x0
                                                ELF Header Size:52
                                                Program Header Offset:52
                                                Program Header Size:32
                                                Number of Program Headers:3
                                                Section Header Offset:0
                                                Section Header Size:40
                                                Number of Section Headers:0
                                                Header String Table Index:0
                                                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                LOAD0x00xc010000xc010000x52fc0x52fc7.84840x5R E0x1000
                                                LOAD0x7a00x80547a00x80547a00x00x00.00000x6RW 0x1000
                                                GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                Download Network PCAP: filteredfull

                                                • Total Packets: 73
                                                • 3778 undefined
                                                • 443 (HTTPS)
                                                • 80 (HTTP)
                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 30, 2024 22:28:53.626873016 CET465603778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:53.632194996 CET377846560104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:53.632258892 CET465603778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:53.632299900 CET465603778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:53.637411118 CET377846560104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:53.637447119 CET465603778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:53.642503977 CET377846560104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:54.117203951 CET377846560104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:54.117413998 CET465603778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:54.117413998 CET465603778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:54.117459059 CET465623778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:54.122282982 CET377846562104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:54.122378111 CET465623778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:54.122378111 CET465623778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:54.127156019 CET377846562104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:54.127202988 CET465623778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:54.131958961 CET377846562104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:54.594829082 CET377846562104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:54.594995975 CET465643778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:54.595000029 CET465623778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:54.595000029 CET465623778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:54.599817038 CET377846564104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:54.599908113 CET465643778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:54.599908113 CET465643778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:54.604685068 CET377846564104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:54.604749918 CET465643778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:54.609565020 CET377846564104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:55.089293957 CET377846564104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:55.089392900 CET465643778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:55.089392900 CET465643778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:55.089410067 CET465663778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:55.094199896 CET377846566104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:55.094254017 CET465663778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:55.094283104 CET465663778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:55.099031925 CET377846566104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:55.099085093 CET465663778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:55.103851080 CET377846566104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:55.465559959 CET43928443192.168.2.2391.189.91.42
                                                Dec 30, 2024 22:28:55.565309048 CET377846566104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:55.565471888 CET465663778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:55.565471888 CET465663778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:55.565481901 CET465683778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:55.570300102 CET377846568104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:55.570357084 CET465683778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:55.570372105 CET465683778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:55.575139999 CET377846568104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:55.575182915 CET465683778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:55.579966068 CET377846568104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:56.044183969 CET377846568104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:56.044488907 CET465703778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:56.044488907 CET465683778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:56.044488907 CET465683778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:56.049340010 CET377846570104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:56.049393892 CET465703778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:56.049443960 CET465703778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:56.054193020 CET377846570104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:56.054239035 CET465703778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:56.058974028 CET377846570104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:56.528136015 CET377846570104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:56.528420925 CET465703778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:56.528420925 CET465703778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:56.528425932 CET465723778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:56.533274889 CET377846572104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:56.533422947 CET465723778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:56.533422947 CET465723778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:56.538218021 CET377846572104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:56.538260937 CET465723778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:56.543049097 CET377846572104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:57.001549959 CET377846572104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:57.001739979 CET465723778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.001739979 CET465723778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.001773119 CET465743778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.006537914 CET377846574104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:57.006584883 CET465743778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.006614923 CET465743778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.011399984 CET377846574104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:57.011441946 CET465743778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.016206026 CET377846574104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:57.487003088 CET377846574104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:57.487257004 CET465743778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.487257004 CET465743778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.487262011 CET465763778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.492110014 CET377846576104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:57.492161989 CET465763778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.492173910 CET465763778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.496934891 CET377846576104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:57.496978045 CET465763778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.501776934 CET377846576104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:57.973795891 CET377846576104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:57.973968983 CET465783778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.973968983 CET465763778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.973968983 CET465763778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.978827953 CET377846578104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:57.978880882 CET465783778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.978914976 CET465783778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.983827114 CET377846578104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:57.983872890 CET465783778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:57.988614082 CET377846578104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:58.459592104 CET377846578104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:58.459815979 CET465803778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:58.459825993 CET465783778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:58.459825993 CET465783778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:58.464680910 CET377846580104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:58.464765072 CET465803778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:58.464823961 CET465803778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:58.469575882 CET377846580104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:58.469641924 CET465803778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:58.474364042 CET377846580104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:58.918675900 CET465803778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:28:58.923959017 CET377846580104.168.45.33192.168.2.23
                                                Dec 30, 2024 22:28:58.924025059 CET465803778192.168.2.23104.168.45.33
                                                Dec 30, 2024 22:29:01.096658945 CET42836443192.168.2.2391.189.91.43
                                                Dec 30, 2024 22:29:02.632443905 CET4251680192.168.2.23109.202.202.202
                                                Dec 30, 2024 22:29:15.942720890 CET43928443192.168.2.2391.189.91.42
                                                Dec 30, 2024 22:29:28.229013920 CET42836443192.168.2.2391.189.91.43
                                                Dec 30, 2024 22:29:32.324425936 CET4251680192.168.2.23109.202.202.202
                                                Dec 30, 2024 22:29:56.897092104 CET43928443192.168.2.2391.189.91.42

                                                System Behavior

                                                Start time (UTC):21:28:52
                                                Start date (UTC):30/12/2024
                                                Path:/tmp/boatnet.x86.elf
                                                Arguments:/tmp/boatnet.x86.elf
                                                File size:21500 bytes
                                                MD5 hash:40648053c206c69674f9763fef196c6a

                                                Start time (UTC):21:28:52
                                                Start date (UTC):30/12/2024
                                                Path:/tmp/boatnet.x86.elf
                                                Arguments:-
                                                File size:21500 bytes
                                                MD5 hash:40648053c206c69674f9763fef196c6a

                                                Start time (UTC):21:28:52
                                                Start date (UTC):30/12/2024
                                                Path:/tmp/boatnet.x86.elf
                                                Arguments:-
                                                File size:21500 bytes
                                                MD5 hash:40648053c206c69674f9763fef196c6a

                                                Start time (UTC):21:28:52
                                                Start date (UTC):30/12/2024
                                                Path:/tmp/boatnet.x86.elf
                                                Arguments:-
                                                File size:21500 bytes
                                                MD5 hash:40648053c206c69674f9763fef196c6a
                                                Start time (UTC):21:28:58
                                                Start date (UTC):30/12/2024
                                                Path:/usr/bin/xfce4-panel
                                                Arguments:-
                                                File size:375768 bytes
                                                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                Start time (UTC):21:28:58
                                                Start date (UTC):30/12/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                                                File size:35136 bytes
                                                MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                Start time (UTC):21:28:58
                                                Start date (UTC):30/12/2024
                                                Path:/usr/bin/xfce4-panel
                                                Arguments:-
                                                File size:375768 bytes
                                                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                Start time (UTC):21:28:58
                                                Start date (UTC):30/12/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                                                File size:35136 bytes
                                                MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                Start time (UTC):21:28:58
                                                Start date (UTC):30/12/2024
                                                Path:/usr/bin/xfce4-panel
                                                Arguments:-
                                                File size:375768 bytes
                                                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                Start time (UTC):21:28:58
                                                Start date (UTC):30/12/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                                                File size:35136 bytes
                                                MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                Start time (UTC):21:28:58
                                                Start date (UTC):30/12/2024
                                                Path:/usr/bin/xfce4-panel
                                                Arguments:-
                                                File size:375768 bytes
                                                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                Start time (UTC):21:28:58
                                                Start date (UTC):30/12/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                                                File size:35136 bytes
                                                MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                Start time (UTC):21:29:02
                                                Start date (UTC):30/12/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                Arguments:-
                                                File size:35136 bytes
                                                MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                Start time (UTC):21:29:02
                                                Start date (UTC):30/12/2024
                                                Path:/usr/sbin/xfpm-power-backlight-helper
                                                Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
                                                File size:14656 bytes
                                                MD5 hash:3d221ad23f28ca3259f599b1664e2427

                                                Start time (UTC):21:28:58
                                                Start date (UTC):30/12/2024
                                                Path:/usr/bin/xfce4-panel
                                                Arguments:-
                                                File size:375768 bytes
                                                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                Start time (UTC):21:28:58
                                                Start date (UTC):30/12/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                                                File size:35136 bytes
                                                MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                Start time (UTC):21:28:58
                                                Start date (UTC):30/12/2024
                                                Path:/usr/bin/xfce4-panel
                                                Arguments:-
                                                File size:375768 bytes
                                                MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                                                Start time (UTC):21:28:58
                                                Start date (UTC):30/12/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                                                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
                                                File size:35136 bytes
                                                MD5 hash:ac0b8a906f359a8ae102244738682e76

                                                Start time (UTC):21:29:02
                                                Start date (UTC):30/12/2024
                                                Path:/usr/bin/dbus-daemon
                                                Arguments:-
                                                File size:249032 bytes
                                                MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                                                Start time (UTC):21:29:02
                                                Start date (UTC):30/12/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                                                File size:112880 bytes
                                                MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                                                Start time (UTC):21:29:05
                                                Start date (UTC):30/12/2024
                                                Path:/usr/lib/systemd/systemd
                                                Arguments:-
                                                File size:1620224 bytes
                                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                                Start time (UTC):21:29:05
                                                Start date (UTC):30/12/2024
                                                Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                                                Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                                                File size:112872 bytes
                                                MD5 hash:eee956f1b227c1d5031f9c61223255d1