Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
boatnet.sh4.elf

Overview

General Information

Sample name:boatnet.sh4.elf
Analysis ID:1582575
MD5:a584c965ba6e53dc7f0be34deeaedaac
SHA1:cca6c0fda9ba17cdf0c2ad5bea6d392f4f40e029
SHA256:4946c29d6a8dc98ac449759df0b0fe56769911b8d0071599b00bd50e9bc23ad6
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
Enumerates processes within the "proc" file system
Sample has stripped symbol table
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1582575
Start date and time:2024-12-30 22:37:17 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 15s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:boatnet.sh4.elf
Detection:MAL
Classification:mal76.spre.troj.linELF@0/1@2/0

Warnings

  • VT rate limit hit for: boatnet.sh4.elf

Runtime Messages

Command:/tmp/boatnet.sh4.elf
PID:5792
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wrapper-2.0 (PID: 5803, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5804, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 5805, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 5806, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 5823, Parent: 5806, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 5807, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 5808, Parent: 3172, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 5825, Parent: 5824, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 5834, Parent: 2955)
  • xfce4-notifyd (PID: 5834, Parent: 2955, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
boatnet.sh4.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    boatnet.sh4.elfLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xab04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xab18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xab2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xab40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xab54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xab68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xab7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xab90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xaba4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xabb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xabcc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xabe0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xabf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xac08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xac1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xac30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xac44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xac58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xac6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xac80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xac94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    boatnet.sh4.elfLinux_Trojan_Gafgyt_ea92cca8unknownunknown
    • 0xb05c:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5792.1.00007efda8400000.00007efda840c000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5792.1.00007efda8400000.00007efda840c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xab04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xab18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xab2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xab40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xab54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xab68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xab7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xab90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xaba4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xabb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xabcc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xabe0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xabf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xac08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xac1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xac30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xac44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xac58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xac6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xac80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xac94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5792.1.00007efda8400000.00007efda840c000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
      • 0xb05c:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
      5798.1.00007efda8400000.00007efda840c000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        5798.1.00007efda8400000.00007efda840c000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
        • 0xab04:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xab18:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xab2c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xab40:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xab54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xab68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xab7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xab90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xaba4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xabb8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xabcc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xabe0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xabf4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xac08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xac1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xac30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xac44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xac58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xac6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xac80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        • 0xac94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
        Click to see the 7 entries

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: boatnet.sh4.elfAvira: detected
        Multi AV Scanner detection for submitted file
        Source: boatnet.sh4.elfReversingLabs: Detection: 65%
        Source: global trafficTCP traffic: 192.168.2.14:50446 -> 104.168.45.33:3778
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: unknownTCP traffic detected without corresponding DNS query: 104.168.45.33
        Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: boatnet.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: boatnet.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5792.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5792.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5798.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5798.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: 5795.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5795.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Source: Process Memory Space: boatnet.sh4.elf PID: 5798, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: boatnet.sh4.elf PID: 5798, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
        Sample tries to kill multiple processes (SIGKILL)
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3129, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3184, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3187, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3188, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3189, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3190, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3193, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3207, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3215, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3235, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5798, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5803, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5804, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5805, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5806, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5807, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5808, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5825, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5834, result: successfulJump to behavior
        Source: xfce4-panel.xml.new.31.drOLE indicator, VBA macros: true
        Source: xfce4-panel.xml.new.31.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3129, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3184, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3187, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3188, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3189, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3190, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3193, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3207, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3215, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 3235, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5798, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5803, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5804, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5805, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5806, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5807, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5808, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5825, result: successfulJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)SIGKILL sent: pid: 5834, result: successfulJump to behavior
        Source: boatnet.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: boatnet.sh4.elf, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5792.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5792.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5798.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5798.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: 5795.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5795.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.sh4.elf PID: 5798, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: boatnet.sh4.elf PID: 5798, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
        Source: classification engineClassification label: mal76.spre.troj.linELF@0/1@2/0
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5803)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /home/saturnino/.fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/X11/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5825)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5825)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5825)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5825)Directory: /home/saturnino/.configJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5834)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5834)Directory: /home/saturnino/.cacheJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5834)Directory: /home/saturnino/.localJump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5834)Directory: /home/saturnino/.configJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3760/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3761/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/2672/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1583/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3244/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3120/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3361/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3759/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3239/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1577/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1610/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/512/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1299/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3235/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/514/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/5775/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/5776/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/519/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/2946/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/917/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3758/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3134/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1593/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3011/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3094/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3406/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1589/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3129/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1588/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3402/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3125/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3246/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3245/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/767/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/800/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/888/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/801/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/769/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/803/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/806/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/5825/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/807/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/928/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/2956/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3420/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/490/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3142/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1635/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1633/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1599/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3139/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1873/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1630/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3412/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/657/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/658/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/5798/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/659/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/418/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/419/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1639/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/5834/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1638/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3398/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1371/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3392/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/780/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/660/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/661/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/782/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1369/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3304/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3425/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/785/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1642/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/940/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/941/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1640/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3147/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3268/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1364/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/548/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1647/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/2991/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1383/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1382/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1381/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/791/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/671/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/5739/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/794/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1655/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/2986/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/795/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/674/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1653/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/797/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/2983/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3159/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/678/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1650/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3157/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/679/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/3676/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5794)File opened: /proc/1659/cmdlineJump to behavior
        Source: /tmp/boatnet.sh4.elf (PID: 5792)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5803)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5806)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5807)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5808)Queries kernel information via 'uname': Jump to behavior
        Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5834)Queries kernel information via 'uname': Jump to behavior
        Source: boatnet.sh4.elf, 5792.1.00007ffea7dde000.00007ffea7dff000.rw-.sdmp, boatnet.sh4.elf, 5795.1.00007ffea7dde000.00007ffea7dff000.rw-.sdmp, boatnet.sh4.elf, 5798.1.00007ffea7dde000.00007ffea7dff000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-sh4/tmp/boatnet.sh4.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/boatnet.sh4.elf
        Source: boatnet.sh4.elf, 5792.1.00007ffea7dde000.00007ffea7dff000.rw-.sdmp, boatnet.sh4.elf, 5795.1.00007ffea7dde000.00007ffea7dff000.rw-.sdmp, boatnet.sh4.elf, 5798.1.00007ffea7dde000.00007ffea7dff000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sh4
        Source: boatnet.sh4.elf, 5792.1.0000560e7db69000.0000560e7dbcc000.rw-.sdmp, boatnet.sh4.elf, 5795.1.0000560e7db69000.0000560e7dbcc000.rw-.sdmp, boatnet.sh4.elf, 5798.1.0000560e7db69000.0000560e7dbcc000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sh4
        Source: boatnet.sh4.elf, 5792.1.0000560e7db69000.0000560e7dbcc000.rw-.sdmp, boatnet.sh4.elf, 5795.1.0000560e7db69000.0000560e7dbcc000.rw-.sdmp, boatnet.sh4.elf, 5798.1.0000560e7db69000.0000560e7dbcc000.rw-.sdmpBinary or memory string: V5!/etc/qemu-binfmt/sh4

        Stealing of Sensitive Information

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: boatnet.sh4.elf, type: SAMPLE
        Source: Yara matchFile source: 5792.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5798.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5795.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: boatnet.sh4.elf PID: 5798, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: boatnet.sh4.elf, type: SAMPLE
        Source: Yara matchFile source: 5792.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5798.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5795.1.00007efda8400000.00007efda840c000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: boatnet.sh4.elf PID: 5798, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid AccountsWindows Management Instrumentation1
        Scripting        		Path Interception1
        Hidden Files and Directories        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Non-Standard Port        		Exfiltration Over Other Network Medium1
        Service Stop
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582575 Sample: boatnet.sh4.elf Startdate: 30/12/2024 Architecture: LINUX Score: 76 24 104.168.45.33, 3778, 50446, 50448 AS-COLOCROSSINGUS United States 2->24 26 daisy.ubuntu.com 2->26 28 Malicious sample detected (through community Yara rule) 2->28 30 Antivirus / Scanner detection for submitted sample 2->30 32 Multi AV Scanner detection for submitted file 2->32 34 Yara detected Mirai 2->34 7 boatnet.sh4.elf 2->7         started        9 xfce4-panel wrapper-2.0 2->9         started        11 xfce4-panel wrapper-2.0 2->11         started        13 6 other processes 2->13 signatures3 process4 process5 15 boatnet.sh4.elf 7->15         started        18 boatnet.sh4.elf 7->18         started        20 boatnet.sh4.elf 7->20         started        22 wrapper-2.0 xfpm-power-backlight-helper 9->22         started        signatures6 36 Sample tries to kill multiple processes (SIGKILL) 15->36

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        boatnet.sh4.elf66%ReversingLabsLinux.Trojan.Mirai
        boatnet.sh4.elf100%AviraEXP/ELF.Gafgyt.D

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        daisy.ubuntu.com
        		162.213.35.24
        		truefalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          104.168.45.33
          		unknownUnited States
          		36352AS-COLOCROSSINGUSfalse

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          104.168.45.33boatnet.arm7.elfGet hashmaliciousMiraiBrowse
            boatnet.spc.elfGet hashmaliciousMiraiBrowse
              boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                  boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                    boatnet.arm.elfGet hashmaliciousMiraiBrowse
                      boatnet.x86.elfGet hashmaliciousMiraiBrowse
                        boatnet.mips.elfGet hashmaliciousMiraiBrowse

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          daisy.ubuntu.comboatnet.arm7.elfGet hashmaliciousMiraiBrowse
                          • 162.213.35.25
                          boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                          • 162.213.35.25
                          boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                          • 162.213.35.25
                          boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                          • 162.213.35.24
                          boatnet.arm.elfGet hashmaliciousMiraiBrowse
                          • 162.213.35.25
                          boatnet.mips.elfGet hashmaliciousMiraiBrowse
                          • 162.213.35.25
                          boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                          • 162.213.35.25
                          kwari.sh4.elfGet hashmaliciousUnknownBrowse
                          • 162.213.35.24
                          kwari.arm5.elfGet hashmaliciousUnknownBrowse
                          • 162.213.35.24
                          kwari.arm6.elfGet hashmaliciousUnknownBrowse
                          • 162.213.35.25

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          AS-COLOCROSSINGUSboatnet.arm7.elfGet hashmaliciousMiraiBrowse
                          • 104.168.45.33
                          boatnet.spc.elfGet hashmaliciousMiraiBrowse
                          • 104.168.45.33
                          boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                          • 104.168.45.33
                          boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                          • 104.168.45.33
                          boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                          • 104.168.45.33
                          boatnet.arm.elfGet hashmaliciousMiraiBrowse
                          • 104.168.45.33
                          boatnet.x86.elfGet hashmaliciousMiraiBrowse
                          • 104.168.45.33
                          boatnet.mips.elfGet hashmaliciousMiraiBrowse
                          • 104.168.45.33
                          rebirth.m68.elfGet hashmaliciousGafgytBrowse
                          • 23.95.72.235
                          rebirth.mips.elfGet hashmaliciousGafgytBrowse
                          • 23.95.72.235

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          /home/saturnino/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml.new

                          Download File
                          Process:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                          File Type:XML 1.0 document, ASCII text
                          Category:dropped
                          Size (bytes):5128
                          Entropy (8bit):4.457618060812407
                          Encrypted:false
                          SSDEEP:96:R14GBdYLSNUH+ZAFQrSRR6dn0tWlTDFwIfM/vfzPpjT9I3jZ/qeH2Wg:74GnYLSNUH+ZAyrSRRYn0taTDKIfMPzv
                          MD5:2A2A7C34B585CDAE5E123F3C5100C253
                          SHA1:E814B1B1531B25581DB76CB813C85E53E1390BA4
                          SHA-256:BCA18B654D038B69B25ACDF84CFF99BF521A1B54F482F1DE2B54CE13AC219A04
                          SHA-512:CEC7A3A7A6AD6C2A6D101A3BF6D89A01EBDCEB0121AA3DE1CEA024268410B39E4E9188382439C7C3FD734C66764B66B13F1D277700B00A2FCB35CB67E31996DD
                          Malicious:false
                          Reputation:moderate, very likely benign file
                          Preview:<?xml version="1.0" encoding="UTF-8"?>..<channel name="xfce4-panel" version="1.0">. <property name="configver" type="int" value="2"/>. <property name="panels" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <property name="panel-1" type="empty">. <property name="position" type="string" value="p=6;x=0;y=0"/>. <property name="length" type="uint" value="100"/>. <property name="position-locked" type="bool" value="true"/>. <property name="icon-size" type="uint" value="16"/>. <property name="size" type="uint" value="26"/>. <property name="plugin-ids" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <value type="int" value="3"/>. <value type="int" value="4"/>. <value type="int" value="5"/>. <value type="int" value="6"/>. <value type="int" value="7"/>. <value type="int" value="8"/>. <value type="int" value="9"/>. <value type="in

                          Static File Info

                          General

                          File type:ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
                          Entropy (8bit):6.734469732786252
                          TrID:
                          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                          File name:boatnet.sh4.elf
                          File size:50'168 bytes
                          MD5:a584c965ba6e53dc7f0be34deeaedaac
                          SHA1:cca6c0fda9ba17cdf0c2ad5bea6d392f4f40e029
                          SHA256:4946c29d6a8dc98ac449759df0b0fe56769911b8d0071599b00bd50e9bc23ad6
                          SHA512:f91967d93f28ea9acc9217be9605289ae54b9318ad0833223ee5025fe831ddb0022ebea71a41f77f4faba3924dac9cac61707f013fa3ad967da2466ac7b0736d
                          SSDEEP:768:Oa2vU7eng2qGJert7LrLMU6fgatQh+YbT/9+m3CZQoV/bnmCozw:Oa4U7G7SvT6ftBTm3KVrmCo8
                          TLSH:52336C36E029DED4C6560234A4E88F751F03F1C883536EBB2AE546B2645396CFA19FF4
                          File Content Preview:.ELF..............*.......@.4...h.......4. ...(...............@...@.@...@.....................A...A.(...<...........Q.td............................././"O.n........#.*@........#.*@.....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

                          Static ELF Info

                          ELF header

                          Class:ELF32
                          Data:2's complement, little endian
                          Version:1 (current)
                          Machine:<unknown>
                          Version Number:0x1
                          Type:EXEC (Executable file)
                          OS/ABI:UNIX - System V
                          ABI Version:0
                          Entry Point Address:0x4001a0
                          Flags:0x9
                          ELF Header Size:52
                          Program Header Offset:52
                          Program Header Size:32
                          Number of Program Headers:3
                          Section Header Offset:49768
                          Section Header Size:40
                          Number of Section Headers:10
                          Header String Table Index:9

                          Sections

                          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                          NULL0x00x00x00x00x0000
                          .initPROGBITS0x4000940x940x300x00x6AX004
                          .textPROGBITS0x4000e00xe00xaa000x00x6AX0032
                          .finiPROGBITS0x40aae00xaae00x240x00x6AX004
                          .rodataPROGBITS0x40ab040xab040x113c0x00x2A004
                          .ctorsPROGBITS0x41c0000xc0000x80x00x3WA004
                          .dtorsPROGBITS0x41c0080xc0080x80x00x3WA004
                          .dataPROGBITS0x41c0140xc0140x2140x00x3WA004
                          .bssNOBITS0x41c2280xc2280x3140x00x3WA004
                          .shstrtabSTRTAB0x00xc2280x3e0x00x0001

                          Program Segments

                          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                          LOAD0x00x4000000x4000000xbc400xbc406.85580x5R E0x10000.init .text .fini .rodata
                          LOAD0xc0000x41c0000x41c0000x2280x53c3.02620x6RW 0x10000.ctors .dtors .data .bss
                          GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                          Network Behavior

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Dec 30, 2024 22:38:17.018635988 CET504463778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.023516893 CET377850446104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:17.023576021 CET504463778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.082817078 CET504463778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.087714911 CET377850446104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:17.087800026 CET504463778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.092593908 CET377850446104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:17.488518953 CET377850446104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:17.488743067 CET504463778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.488831997 CET504463778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.489449978 CET504483778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.494335890 CET377850448104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:17.494548082 CET504483778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.496135950 CET504483778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.500936985 CET377850448104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:17.501025915 CET504483778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.505825043 CET377850448104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:17.958702087 CET377850448104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:17.959188938 CET504483778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.959326982 CET504483778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.960237980 CET504503778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.965014935 CET377850450104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:17.965138912 CET504503778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.966249943 CET504503778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.971091986 CET377850450104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:17.971221924 CET504503778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:17.976039886 CET377850450104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:18.436763048 CET377850450104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:18.436917067 CET504503778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:18.436990976 CET504503778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:18.437688112 CET504523778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:18.442475080 CET377850452104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:18.442543983 CET504523778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:18.443789005 CET504523778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:18.448656082 CET377850452104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:18.448733091 CET504523778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:18.453562021 CET377850452104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:18.923716068 CET377850452104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:18.923923969 CET504523778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:18.923974991 CET504523778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:18.924870968 CET504543778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:18.930145025 CET377850454104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:18.930232048 CET504543778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:18.931092024 CET504543778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:18.936254025 CET377850454104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:18.936323881 CET504543778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:18.942460060 CET377850454104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:19.417608976 CET377850454104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:19.417840004 CET504543778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:19.417915106 CET504543778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:19.418593884 CET504563778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:19.423352957 CET377850456104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:19.423415899 CET504563778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:19.424206972 CET504563778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:19.429022074 CET377850456104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:19.429095030 CET504563778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:19.433893919 CET377850456104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:19.899389982 CET377850456104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:19.899632931 CET504563778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:19.899688005 CET504563778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:19.900398016 CET504583778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:19.905203104 CET377850458104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:19.905275106 CET504583778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:19.906311989 CET504583778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:19.911139965 CET377850458104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:19.911196947 CET504583778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:19.917351961 CET377850458104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:20.386055946 CET377850458104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:20.386346102 CET504583778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:20.386408091 CET504583778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:20.387145996 CET504603778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:20.391984940 CET377850460104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:20.392066002 CET504603778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:20.392832994 CET504603778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:20.397898912 CET377850460104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:20.397958040 CET504603778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:20.402750015 CET377850460104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:20.857914925 CET377850460104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:20.858104944 CET504603778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:20.858140945 CET504603778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:20.858903885 CET504623778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:20.863781929 CET377850462104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:20.863899946 CET504623778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:20.864810944 CET504623778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:20.869611979 CET377850462104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:20.869705915 CET504623778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:20.874514103 CET377850462104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:21.355591059 CET377850462104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:21.355771065 CET504623778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:21.355824947 CET504623778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:21.356677055 CET504643778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:21.361506939 CET377850464104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:21.361601114 CET504643778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:21.362407923 CET504643778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:21.367228031 CET377850464104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:21.367336035 CET504643778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:21.372145891 CET377850464104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:21.847604990 CET377850464104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:21.847779036 CET504643778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:21.847908974 CET504643778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:21.848588943 CET504663778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:21.853418112 CET377850466104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:21.853488922 CET504663778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:21.854305983 CET504663778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:21.859080076 CET377850466104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:21.859139919 CET504663778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:21.863985062 CET377850466104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:22.319581985 CET377850466104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:22.319632053 CET504663778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:22.319667101 CET504663778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:22.346576929 CET504683778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:22.351603031 CET377850468104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:22.351654053 CET504683778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:22.458098888 CET504683778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:38:22.462977886 CET377850468104.168.45.33192.168.2.14
                          Dec 30, 2024 22:38:22.463011980 CET504683778192.168.2.14104.168.45.33
                          Dec 30, 2024 22:41:02.869990110 CET4518453192.168.2.148.8.8.8
                          Dec 30, 2024 22:41:02.874917030 CET53451848.8.8.8192.168.2.14
                          Dec 30, 2024 22:41:02.874989986 CET4518453192.168.2.148.8.8.8
                          Dec 30, 2024 22:41:02.875014067 CET4518453192.168.2.148.8.8.8
                          Dec 30, 2024 22:41:02.875014067 CET4518453192.168.2.148.8.8.8
                          Dec 30, 2024 22:41:02.879905939 CET53451848.8.8.8192.168.2.14
                          Dec 30, 2024 22:41:02.879920959 CET53451848.8.8.8192.168.2.14
                          Dec 30, 2024 22:41:03.319619894 CET53451848.8.8.8192.168.2.14
                          Dec 30, 2024 22:41:03.319680929 CET4518453192.168.2.148.8.8.8
                          Dec 30, 2024 22:41:05.320424080 CET53451848.8.8.8192.168.2.14
                          Dec 30, 2024 22:41:05.320877075 CET4518453192.168.2.148.8.8.8
                          Dec 30, 2024 22:41:05.325733900 CET53451848.8.8.8192.168.2.14

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Dec 30, 2024 22:41:02.875014067 CET192.168.2.148.8.8.80xea2cStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                          Dec 30, 2024 22:41:02.875014067 CET192.168.2.148.8.8.80x61b4Standard query (0)daisy.ubuntu.com28IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Dec 30, 2024 22:41:03.319619894 CET8.8.8.8192.168.2.140xea2cNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                          Dec 30, 2024 22:41:03.319619894 CET8.8.8.8192.168.2.140xea2cNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                          System Behavior

                          General

                          Start time (UTC):21:38:16
                          Start date (UTC):30/12/2024
                          Path:/tmp/boatnet.sh4.elf
                          Arguments:/tmp/boatnet.sh4.elf
                          File size:4139976 bytes
                          MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                          Chronological Activities


                          General

                          Start time (UTC):21:38:16
                          Start date (UTC):30/12/2024
                          Path:/tmp/boatnet.sh4.elf
                          Arguments:-
                          File size:4139976 bytes
                          MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                          Chronological Activities


                          General

                          Start time (UTC):21:38:16
                          Start date (UTC):30/12/2024
                          Path:/tmp/boatnet.sh4.elf
                          Arguments:-
                          File size:4139976 bytes
                          MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                          Chronological Activities


                          General

                          Start time (UTC):21:38:16
                          Start date (UTC):30/12/2024
                          Path:/tmp/boatnet.sh4.elf
                          Arguments:-
                          File size:4139976 bytes
                          MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                          Chronological Activities


                          General

                          Start time (UTC):21:38:21
                          Start date (UTC):30/12/2024
                          Path:/usr/bin/xfce4-panel
                          Arguments:-
                          File size:375768 bytes
                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                          Chronological Activities


                          General

                          Start time (UTC):21:38:21
                          Start date (UTC):30/12/2024
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
                          File size:35136 bytes
                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                          Chronological Activities


                          General

                          Start time (UTC):21:38:21
                          Start date (UTC):30/12/2024
                          Path:/usr/bin/xfce4-panel
                          Arguments:-
                          File size:375768 bytes
                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                          Chronological Activities


                          General

                          Start time (UTC):21:38:21
                          Start date (UTC):30/12/2024
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                          File size:35136 bytes
                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                          Chronological Activities


                          General

                          Start time (UTC):21:38:21
                          Start date (UTC):30/12/2024
                          Path:/usr/bin/xfce4-panel
                          Arguments:-
                          File size:375768 bytes
                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                          Chronological Activities


                          General

                          Start time (UTC):21:38:21
                          Start date (UTC):30/12/2024
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                          File size:35136 bytes
                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                          Chronological Activities


                          General

                          Start time (UTC):21:38:21
                          Start date (UTC):30/12/2024
                          Path:/usr/bin/xfce4-panel
                          Arguments:-
                          File size:375768 bytes
                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                          Chronological Activities


                          General

                          Start time (UTC):21:38:21
                          Start date (UTC):30/12/2024
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                          File size:35136 bytes
                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                          Chronological Activities


                          General

                          Start time (UTC):21:38:27
                          Start date (UTC):30/12/2024
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                          Arguments:-
                          File size:35136 bytes
                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                          Chronological Activities


                          General

                          Start time (UTC):21:38:27
                          Start date (UTC):30/12/2024
                          Path:/usr/sbin/xfpm-power-backlight-helper
                          Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
                          File size:14656 bytes
                          MD5 hash:3d221ad23f28ca3259f599b1664e2427

                          Chronological Activities


                          General

                          Start time (UTC):21:38:21
                          Start date (UTC):30/12/2024
                          Path:/usr/bin/xfce4-panel
                          Arguments:-
                          File size:375768 bytes
                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                          Chronological Activities


                          General

                          Start time (UTC):21:38:21
                          Start date (UTC):30/12/2024
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                          File size:35136 bytes
                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                          Chronological Activities


                          General

                          Start time (UTC):21:38:21
                          Start date (UTC):30/12/2024
                          Path:/usr/bin/xfce4-panel
                          Arguments:-
                          File size:375768 bytes
                          MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                          Chronological Activities


                          General

                          Start time (UTC):21:38:21
                          Start date (UTC):30/12/2024
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
                          File size:35136 bytes
                          MD5 hash:ac0b8a906f359a8ae102244738682e76

                          Chronological Activities


                          General

                          Start time (UTC):21:38:27
                          Start date (UTC):30/12/2024
                          Path:/usr/bin/dbus-daemon
                          Arguments:-
                          File size:249032 bytes
                          MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                          Chronological Activities


                          General

                          Start time (UTC):21:38:27
                          Start date (UTC):30/12/2024
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                          File size:112880 bytes
                          MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                          Chronological Activities


                          General

                          Start time (UTC):21:38:30
                          Start date (UTC):30/12/2024
                          Path:/usr/lib/systemd/systemd
                          Arguments:-
                          File size:1620224 bytes
                          MD5 hash:9b2bec7092a40488108543f9334aab75

                          Chronological Activities


                          General

                          Start time (UTC):21:38:30
                          Start date (UTC):30/12/2024
                          Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                          Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
                          File size:112872 bytes
                          MD5 hash:eee956f1b227c1d5031f9c61223255d1

                          Chronological Activities