Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf

Overview

General Information

Sample name:147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf
Analysis ID:1584657
MD5:299335bf48e233247ef1e4ae8300fd6b
SHA1:2264893f6b9aa0ee5249adb2aff058ce270e805a
SHA256:0294f19787a2bfb032765505d5b4df9b0ababf848127e9ff6df4e99d8ebf2e93
Tags:elfuser-threatquery
Infos:

Detection

Mirai
Score:80
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mirai
Sample is packed with UPX
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Sample tries to kill a process (SIGKILL)
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1584657
Start date and time:2025-01-06 06:29:06 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 58s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf
Detection:MAL
Classification:mal80.spre.troj.evad.linELF@0/1@2/0

Runtime Messages

Command:/tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf
PID:5407
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • wrapper-2.0 (PID: 5419, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5420, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 5421, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 5422, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 5441, Parent: 5422, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 5423, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 5424, Parent: 3147, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 5440, Parent: 5439, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 5450, Parent: 2935)
  • xfce4-notifyd (PID: 5450, Parent: 2935, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5410.1.00007febe0007000.00007febe000d000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x5a54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5a68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5a7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5a90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5aa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5ab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5acc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5ae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5af4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5ba8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5bbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5bd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5be4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5410.1.00007febe0007000.00007febe000d000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
  • 0x5fac:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
5407.1.00007febe0007000.00007febe000d000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x5a54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5a68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5a7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5a90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5aa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5ab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5acc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5ae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5af4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5ba8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5bbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5bd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5be4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
5407.1.00007febe0007000.00007febe000d000.r-x.sdmpLinux_Trojan_Gafgyt_ea92cca8unknownunknown
  • 0x5fac:$a: 53 65 6C 66 20 52 65 70 20 46 75 63 6B 69 6E 67 20 4E 65 54 69 53 20 61 6E 64
5413.1.00007febe0007000.00007febe000d000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
  • 0x5a54:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5a68:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5a7c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5a90:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5aa4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5ab8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5acc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5ae0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5af4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5b94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5ba8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5bbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5bd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
  • 0x5be4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
Click to see the 10 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elfAvira: detected
Multi AV Scanner detection for submitted file
Source: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elfVirustotal: Detection: 50%Perma Link
Source: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elfReversingLabs: Detection: 55%
Source: global trafficTCP traffic: 192.168.2.13:60584 -> 147.45.124.49:3778
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.124.49
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
Source: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elfString found in binary or memory: http://upx.sf.net

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 5410.1.00007febe0007000.00007febe000d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5410.1.00007febe0007000.00007febe000d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5407.1.00007febe0007000.00007febe000d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5407.1.00007febe0007000.00007febe000d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: 5413.1.00007febe0007000.00007febe000d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: 5413.1.00007febe0007000.00007febe000d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5407, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5407, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5410, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5410, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5413, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
Source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5413, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3104, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3161, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3162, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3163, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3164, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3165, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3170, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3182, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3208, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3212, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5413, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5419, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5420, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5421, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5422, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5423, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5424, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5440, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5450, result: successfulJump to behavior
Source: xfce4-panel.xml.new.29.drOLE indicator, VBA macros: true
Source: xfce4-panel.xml.new.29.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: LOAD without section mappingsProgram segment: 0x100000
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3104, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3161, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3162, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3163, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3164, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3165, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3170, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3182, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3208, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 3212, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5413, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5419, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5420, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5421, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5422, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5423, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5424, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5440, result: successfulJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)SIGKILL sent: pid: 5450, result: successfulJump to behavior
Source: 5410.1.00007febe0007000.00007febe000d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5410.1.00007febe0007000.00007febe000d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5407.1.00007febe0007000.00007febe000d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5407.1.00007febe0007000.00007febe000d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: 5413.1.00007febe0007000.00007febe000d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: 5413.1.00007febe0007000.00007febe000d000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5407, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5407, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5410, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5410, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5413, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
Source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5413, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16
Source: classification engineClassification label: mal80.spre.troj.evad.linELF@0/1@2/0

Data Obfuscation

barindex
Sample is packed with UPX
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5419)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5440)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5440)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5440)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5440)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5450)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5450)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5450)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5450)Directory: /home/saturnino/.configJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/5420/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/5421/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/5389/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/5422/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/5543/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3122/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3117/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3114/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/5413/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/914/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/518/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/519/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3636/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/917/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/5419/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3770/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3134/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3375/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3132/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/5390/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3095/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1745/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1866/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1588/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/884/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1982/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/765/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3246/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/767/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/800/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/5423/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/5544/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1906/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/5424/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/802/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/803/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1748/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/5440/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3420/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1482/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/490/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1480/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1755/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1238/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1875/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/2964/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3413/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1751/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1872/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/2961/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1475/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/656/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/778/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/657/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/658/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/659/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/418/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/936/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/419/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/816/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1879/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/5450/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1891/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3310/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3153/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/780/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/660/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1921/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3704/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3705/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/783/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1765/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/2974/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1400/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1884/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3424/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/2972/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3147/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/2970/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1881/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3146/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3300/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1805/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1925/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1804/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1648/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3702/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1922/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3429/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3703/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3442/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3165/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3164/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3163/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3162/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/790/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3161/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/792/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/793/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/672/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1930/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/795/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/674/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/3315/cmdlineJump to behavior
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5409)File opened: /proc/1411/cmdlineJump to behavior
Source: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elfSubmission file: segment LOAD with 7.9086 entropy (max. 8.0)
Source: /tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf (PID: 5407)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5419)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5420)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5421)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5422)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5423)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5424)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5450)Queries kernel information via 'uname': Jump to behavior
Source: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf, 5407.1.00007ffc7d4bb000.00007ffc7d4dc000.rw-.sdmp, 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf, 5410.1.00007ffc7d4bb000.00007ffc7d4dc000.rw-.sdmp, 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf, 5413.1.00007ffc7d4bb000.00007ffc7d4dc000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-ppc/tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf
Source: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf, 5407.1.000055e02ca4c000.000055e02cafc000.rw-.sdmp, 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf, 5413.1.000055e02ca4c000.000055e02cafc000.rw-.sdmpBinary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
Source: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf, 5410.1.000055e02ca4c000.000055e02cafc000.rw-.sdmpBinary or memory string: !/etc/qemu-binfmt/ppc1
Source: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf, 5407.1.000055e02ca4c000.000055e02cafc000.rw-.sdmp, 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf, 5410.1.000055e02ca4c000.000055e02cafc000.rw-.sdmp, 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf, 5413.1.000055e02ca4c000.000055e02cafc000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/ppc
Source: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf, 5407.1.00007ffc7d4bb000.00007ffc7d4dc000.rw-.sdmp, 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf, 5410.1.00007ffc7d4bb000.00007ffc7d4dc000.rw-.sdmp, 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf, 5413.1.00007ffc7d4bb000.00007ffc7d4dc000.rw-.sdmpBinary or memory string: /usr/bin/qemu-ppc

Stealing of Sensitive Information

barindex
Yara detected Mirai
Source: Yara matchFile source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5407, type: MEMORYSTR
Source: Yara matchFile source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5410, type: MEMORYSTR
Source: Yara matchFile source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5413, type: MEMORYSTR

Remote Access Functionality

barindex
Yara detected Mirai
Source: Yara matchFile source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5407, type: MEMORYSTR
Source: Yara matchFile source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5410, type: MEMORYSTR
Source: Yara matchFile source: Process Memory Space: 147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf PID: 5413, type: MEMORYSTR

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path Interception1
Hidden Files and Directories		1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
Obfuscated Files or Information		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf51%VirustotalBrowse
147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf55%ReversingLabsLinux.Trojan.Mirai
147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf100%AviraEXP/ELF.Agent.F.118

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.25
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://upx.sf.net147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elffalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      147.45.124.49
      		unknownRussian Federation
      		2895FREE-NET-ASFREEnetEUtrue

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      daisy.ubuntu.comarm7.elfGet hashmaliciousMiraiBrowse
      • 162.213.35.25
      arm5.elfGet hashmaliciousMiraiBrowse
      • 162.213.35.24
      la.bot.sh4.elfGet hashmaliciousMiraiBrowse
      • 162.213.35.24
      103.6.170.65-boatnet.mpsl-2025-01-05T14_12_40.elfGet hashmaliciousMiraiBrowse
      • 162.213.35.25
      ppc.elfGet hashmaliciousMiraiBrowse
      • 162.213.35.25
      la.bot.m68k.elfGet hashmaliciousMiraiBrowse
      • 162.213.35.24
      spc.elfGet hashmaliciousMiraiBrowse
      • 162.213.35.24
      mips.elfGet hashmaliciousMiraiBrowse
      • 162.213.35.24
      arm5.elfGet hashmaliciousMiraiBrowse
      • 162.213.35.24
      arm6.elfGet hashmaliciousUnknownBrowse
      • 162.213.35.24

      ASNs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      FREE-NET-ASFREEnetEUAura.exeGet hashmaliciousLummaC, PureLog StealerBrowse
      • 147.45.47.81
      cZO.exeGet hashmaliciousUnknownBrowse
      • 193.233.193.76
      iviewers.dllGet hashmaliciousDcRat, KeyLogger, StormKitty, Strela Stealer, VenomRATBrowse
      • 147.45.44.131
      wrcaf.ps1Get hashmaliciousDcRat, KeyLogger, StormKitty, Strela Stealer, VenomRATBrowse
      • 147.45.44.131
      iubn.ps1Get hashmaliciousDcRat, KeyLogger, StormKitty, Strela Stealer, VenomRATBrowse
      • 147.45.44.131
      rwvg1.exeGet hashmaliciousDcRat, KeyLogger, StormKitty, VenomRATBrowse
      • 147.45.44.131
      2 ps1.ps1Get hashmaliciousKeyLogger, StormKitty, Strela Stealer, VenomRATBrowse
      • 147.45.44.131
      lDO4WBEQyL.exeGet hashmaliciousGO BackdoorBrowse
      • 147.45.196.157
      vfrcxq.ps1Get hashmaliciousAveMaria, DcRat, KeyLogger, StormKitty, Strela Stealer, VenomRATBrowse
      • 147.45.44.131
      vfdjo.exeGet hashmaliciousAveMaria, DcRat, KeyLogger, StormKitty, VenomRATBrowse
      • 147.45.44.131

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      /home/saturnino/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml.new

      Download File
      Process:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
      File Type:XML 1.0 document, ASCII text
      Category:dropped
      Size (bytes):5128
      Entropy (8bit):4.457618060812407
      Encrypted:false
      SSDEEP:96:R14GBdYLSNUH+ZAFQrSRR6dn0tWlTDFwIfM/vfzPpjT9I3jZ/qeH2Wg:74GnYLSNUH+ZAyrSRRYn0taTDKIfMPzv
      MD5:2A2A7C34B585CDAE5E123F3C5100C253
      SHA1:E814B1B1531B25581DB76CB813C85E53E1390BA4
      SHA-256:BCA18B654D038B69B25ACDF84CFF99BF521A1B54F482F1DE2B54CE13AC219A04
      SHA-512:CEC7A3A7A6AD6C2A6D101A3BF6D89A01EBDCEB0121AA3DE1CEA024268410B39E4E9188382439C7C3FD734C66764B66B13F1D277700B00A2FCB35CB67E31996DD
      Malicious:false
      Reputation:moderate, very likely benign file
      Preview:<?xml version="1.0" encoding="UTF-8"?>..<channel name="xfce4-panel" version="1.0">. <property name="configver" type="int" value="2"/>. <property name="panels" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <property name="panel-1" type="empty">. <property name="position" type="string" value="p=6;x=0;y=0"/>. <property name="length" type="uint" value="100"/>. <property name="position-locked" type="bool" value="true"/>. <property name="icon-size" type="uint" value="16"/>. <property name="size" type="uint" value="26"/>. <property name="plugin-ids" type="array">. <value type="int" value="1"/>. <value type="int" value="2"/>. <value type="int" value="3"/>. <value type="int" value="4"/>. <value type="int" value="5"/>. <value type="int" value="6"/>. <value type="int" value="7"/>. <value type="int" value="8"/>. <value type="int" value="9"/>. <value type="in

      Static File Info

      General

      File type:ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (GNU/Linux), statically linked, no section header
      Entropy (8bit):7.904186454865522
      TrID:
      • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
      • ELF Executable and Linkable format (generic) (4004/1) 49.84%
      File name:147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf
      File size:21'884 bytes
      MD5:299335bf48e233247ef1e4ae8300fd6b
      SHA1:2264893f6b9aa0ee5249adb2aff058ce270e805a
      SHA256:0294f19787a2bfb032765505d5b4df9b0ababf848127e9ff6df4e99d8ebf2e93
      SHA512:b874e334bae4a3239bd4551d5aee833537eb40e5acaf656b50d7c333e91af0d72bd3c741f054b78eac954edce30b8145b74ee33cc43e790a97ef7d7890046265
      SSDEEP:384:m/JywWc84Tp2YshxqlDeAkSqjGJLeCE5zRW6C5v0M4uVcqgw05VxJs:mRxsSVsMD6xiJJE5zRWN54uVcqgw09W
      TLSH:66A2D025D345AEF9DFAF9D9052C1C2C276E543C6278AC8E340EEAF016506046F788D59
      File Content Preview:.ELF......................B....4.........4. ...(......................Tx..Tx...............D...D...D................dt.Q................................UPX!...........\...\.......R.......?.E.h4...@b............./.}....D*aN.........t.w..X.^6>....d........+

      Static ELF Info

      ELF header

      Class:ELF32
      Data:2's complement, big endian
      Version:1 (current)
      Machine:PowerPC
      Version Number:0x1
      Type:EXEC (Executable file)
      OS/ABI:UNIX - Linux
      ABI Version:0
      Entry Point Address:0x104290
      Flags:0x0
      ELF Header Size:52
      Program Header Offset:52
      Program Header Size:32
      Number of Program Headers:3
      Section Header Offset:0
      Section Header Size:40
      Number of Section Headers:0
      Header String Table Index:0

      Program Segments

      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
      LOAD0x00x1000000x1000000x54780x54787.90860x5R E0x10000
      LOAD0xd5440x1001d5440x1001d5440x00x00.00000x6RW 0x10000
      GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jan 6, 2025 06:29:50.354068041 CET605843778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:50.359164953 CET377860584147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:50.359249115 CET605843778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:50.401906013 CET605843778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:50.406696081 CET377860584147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:50.406733990 CET605843778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:50.411624908 CET377860584147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:50.932055950 CET377860584147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:50.932224035 CET605843778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:50.932485104 CET605843778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:50.932917118 CET605863778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:50.937705994 CET377860586147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:50.937777042 CET605863778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:50.938510895 CET605863778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:50.943269968 CET377860586147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:50.943306923 CET605863778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:50.948163033 CET377860586147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:51.529843092 CET377860586147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:51.529964924 CET605863778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:51.529964924 CET605863778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:51.530610085 CET605883778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:51.535762072 CET377860588147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:51.535830975 CET605883778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:51.536648035 CET605883778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:51.541488886 CET377860588147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:51.541563988 CET605883778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:51.546359062 CET377860588147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:52.109479904 CET377860588147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:52.109595060 CET605883778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:52.109595060 CET605883778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:52.109982014 CET605903778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:52.114784002 CET377860590147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:52.114849091 CET605903778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:52.115662098 CET605903778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:52.120898962 CET377860590147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:52.120954037 CET605903778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:52.125778913 CET377860590147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:52.695132971 CET377860590147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:52.695235968 CET605903778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:52.695235968 CET605903778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:52.695873976 CET605923778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:52.700783014 CET377860592147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:52.700834036 CET605923778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:52.701636076 CET605923778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:52.706371069 CET377860592147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:52.706413031 CET605923778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:52.711203098 CET377860592147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:53.271657944 CET377860592147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:53.271811008 CET605923778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:53.271811008 CET605923778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:53.272150040 CET605943778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:53.276890039 CET377860594147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:53.276961088 CET605943778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:53.277654886 CET605943778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:53.282469988 CET377860594147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:53.282516003 CET605943778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:53.287342072 CET377860594147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:53.848715067 CET377860594147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:53.848802090 CET605943778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:53.848830938 CET605943778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:53.849323034 CET605963778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:53.854104996 CET377860596147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:53.854151964 CET605963778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:53.854895115 CET605963778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:53.859667063 CET377860596147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:53.859709978 CET605963778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:53.864460945 CET377860596147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:54.428051949 CET377860596147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:54.428132057 CET605963778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:54.428149939 CET605963778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:54.428592920 CET605983778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:54.433368921 CET377860598147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:54.433432102 CET605983778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:54.434231997 CET605983778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:54.438976049 CET377860598147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:54.439023972 CET605983778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:54.443878889 CET377860598147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:55.004378080 CET377860598147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:55.004550934 CET605983778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:55.004580021 CET605983778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:55.004967928 CET606003778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:55.009818077 CET377860600147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:55.009871960 CET606003778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:55.010550976 CET606003778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:55.015408993 CET377860600147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:55.015458107 CET606003778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:55.020279884 CET377860600147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:55.599926949 CET377860600147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:55.599987030 CET606003778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:55.600011110 CET606003778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:55.600421906 CET606023778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:55.605249882 CET377860602147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:55.605302095 CET606023778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:55.606201887 CET606023778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:55.611006021 CET377860602147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:55.611043930 CET606023778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:55.615797997 CET377860602147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:55.762933969 CET606023778192.168.2.13147.45.124.49
      Jan 6, 2025 06:29:55.810477018 CET377860602147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:56.046727896 CET377860602147.45.124.49192.168.2.13
      Jan 6, 2025 06:29:56.046786070 CET606023778192.168.2.13147.45.124.49

      UDP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jan 6, 2025 06:32:36.623258114 CET3709753192.168.2.138.8.8.8
      Jan 6, 2025 06:32:36.623310089 CET3497953192.168.2.138.8.8.8
      Jan 6, 2025 06:32:36.629636049 CET53349798.8.8.8192.168.2.13
      Jan 6, 2025 06:32:36.629937887 CET53370978.8.8.8192.168.2.13

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Jan 6, 2025 06:32:36.623258114 CET192.168.2.138.8.8.80x9bafStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
      Jan 6, 2025 06:32:36.623310089 CET192.168.2.138.8.8.80x1ae1Standard query (0)daisy.ubuntu.com28IN (0x0001)false

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Jan 6, 2025 06:32:36.629937887 CET8.8.8.8192.168.2.130x9bafNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
      Jan 6, 2025 06:32:36.629937887 CET8.8.8.8192.168.2.130x9bafNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

      System Behavior

      General

      Start time (UTC):05:29:49
      Start date (UTC):06/01/2025
      Path:/tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf
      Arguments:/tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf
      File size:5388968 bytes
      MD5 hash:ae65271c943d3451b7f026d1fadccea6

      Chronological Activities


      General

      Start time (UTC):05:29:49
      Start date (UTC):06/01/2025
      Path:/tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf
      Arguments:-
      File size:5388968 bytes
      MD5 hash:ae65271c943d3451b7f026d1fadccea6

      Chronological Activities


      General

      Start time (UTC):05:29:49
      Start date (UTC):06/01/2025
      Path:/tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf
      Arguments:-
      File size:5388968 bytes
      MD5 hash:ae65271c943d3451b7f026d1fadccea6

      Chronological Activities


      General

      Start time (UTC):05:29:49
      Start date (UTC):06/01/2025
      Path:/tmp/147.45.124.49-boatnet.ppc-2025-01-06T05_00_23.elf
      Arguments:-
      File size:5388968 bytes
      MD5 hash:ae65271c943d3451b7f026d1fadccea6

      Chronological Activities


      General

      Start time (UTC):05:29:55
      Start date (UTC):06/01/2025
      Path:/usr/bin/xfce4-panel
      Arguments:-
      File size:375768 bytes
      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

      Chronological Activities


      General

      Start time (UTC):05:29:55
      Start date (UTC):06/01/2025
      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
      File size:35136 bytes
      MD5 hash:ac0b8a906f359a8ae102244738682e76

      Chronological Activities


      General

      Start time (UTC):05:29:55
      Start date (UTC):06/01/2025
      Path:/usr/bin/xfce4-panel
      Arguments:-
      File size:375768 bytes
      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

      Chronological Activities


      General

      Start time (UTC):05:29:55
      Start date (UTC):06/01/2025
      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
      File size:35136 bytes
      MD5 hash:ac0b8a906f359a8ae102244738682e76

      Chronological Activities


      General

      Start time (UTC):05:29:55
      Start date (UTC):06/01/2025
      Path:/usr/bin/xfce4-panel
      Arguments:-
      File size:375768 bytes
      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

      Chronological Activities


      General

      Start time (UTC):05:29:55
      Start date (UTC):06/01/2025
      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
      File size:35136 bytes
      MD5 hash:ac0b8a906f359a8ae102244738682e76

      Chronological Activities


      General

      Start time (UTC):05:29:55
      Start date (UTC):06/01/2025
      Path:/usr/bin/xfce4-panel
      Arguments:-
      File size:375768 bytes
      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

      Chronological Activities


      General

      Start time (UTC):05:29:55
      Start date (UTC):06/01/2025
      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
      File size:35136 bytes
      MD5 hash:ac0b8a906f359a8ae102244738682e76

      Chronological Activities


      General

      Start time (UTC):05:30:00
      Start date (UTC):06/01/2025
      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
      Arguments:-
      File size:35136 bytes
      MD5 hash:ac0b8a906f359a8ae102244738682e76

      Chronological Activities


      General

      Start time (UTC):05:30:00
      Start date (UTC):06/01/2025
      Path:/usr/sbin/xfpm-power-backlight-helper
      Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
      File size:14656 bytes
      MD5 hash:3d221ad23f28ca3259f599b1664e2427

      Chronological Activities


      General

      Start time (UTC):05:29:55
      Start date (UTC):06/01/2025
      Path:/usr/bin/xfce4-panel
      Arguments:-
      File size:375768 bytes
      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

      Chronological Activities


      General

      Start time (UTC):05:29:55
      Start date (UTC):06/01/2025
      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
      File size:35136 bytes
      MD5 hash:ac0b8a906f359a8ae102244738682e76

      Chronological Activities


      General

      Start time (UTC):05:29:55
      Start date (UTC):06/01/2025
      Path:/usr/bin/xfce4-panel
      Arguments:-
      File size:375768 bytes
      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

      Chronological Activities


      General

      Start time (UTC):05:29:55
      Start date (UTC):06/01/2025
      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
      File size:35136 bytes
      MD5 hash:ac0b8a906f359a8ae102244738682e76

      Chronological Activities


      General

      Start time (UTC):05:29:59
      Start date (UTC):06/01/2025
      Path:/usr/bin/dbus-daemon
      Arguments:-
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      Chronological Activities


      General

      Start time (UTC):05:29:59
      Start date (UTC):06/01/2025
      Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
      File size:112880 bytes
      MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

      Chronological Activities


      General

      Start time (UTC):05:30:02
      Start date (UTC):06/01/2025
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Chronological Activities


      General

      Start time (UTC):05:30:02
      Start date (UTC):06/01/2025
      Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
      File size:112872 bytes
      MD5 hash:eee956f1b227c1d5031f9c61223255d1

      Chronological Activities