Create Interactive Tour

Linux Analysis Report
hanoi.i686.elf

Overview

General Information

Sample name:hanoi.i686.elf
Analysis ID:1649670
MD5:1e453d9426958e3353814d640fafb22a
SHA1:a64cf0f436c812f6c8558801b3708b2d5ef40778
SHA256:88677e76f60570994b338aefc77762fb0cb9dbf8918df8f3ddd3572d63097b26
Tags:elfuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Reads system files that contain records of logged in users
Sample is packed with UPX
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "rm" command used to delete files or directories
Reads CPU information from /sys indicative of miner or evasive malware
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1649670
Start date and time:2025-03-27 01:07:51 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 9s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:hanoi.i686.elf
Detection:MAL
Classification:mal64.spre.troj.evad.linELF@0/7@2/0
  • Report size exceeded maximum capacity and may have missing behavior information.
Command:/tmp/hanoi.i686.elf
PID:5435
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:
  • system is lnxubuntu20
  • sh (PID: 5462, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
  • gsd-wacom (PID: 5462, Parent: 1588, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
  • sh (PID: 5464, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
  • gsd-keyboard (PID: 5464, Parent: 1588, MD5: 8e288fd17c80bb0a1148b964b2ac2279) Arguments: /usr/libexec/gsd-keyboard
  • sh (PID: 5466, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • sh (PID: 5467, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
  • gsd-color (PID: 5467, Parent: 1588, MD5: ac2861ad93ce047283e8e87cefef9a19) Arguments: /usr/libexec/gsd-color
  • sh (PID: 5468, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
  • gsd-rfkill (PID: 5468, Parent: 1588, MD5: 88a16a3c0aba1759358c06215ecfb5cc) Arguments: /usr/libexec/gsd-rfkill
  • sh (PID: 5469, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
  • gsd-smartcard (PID: 5469, Parent: 1588, MD5: ea1fbd7f62e4cd0331eae2ef754ee605) Arguments: /usr/libexec/gsd-smartcard
  • sh (PID: 5470, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
  • gsd-datetime (PID: 5470, Parent: 1588, MD5: d80d39745740de37d6634d36e344d4bc) Arguments: /usr/libexec/gsd-datetime
  • sh (PID: 5471, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
  • gsd-media-keys (PID: 5471, Parent: 1588, MD5: a425448c135afb4b8bfd79cc0b6b74da) Arguments: /usr/libexec/gsd-media-keys
  • sh (PID: 5472, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
  • gsd-screensaver-proxy (PID: 5472, Parent: 1588, MD5: 77e309450c87dceee43f1a9e50cc0d02) Arguments: /usr/libexec/gsd-screensaver-proxy
  • sh (PID: 5475, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
  • gsd-sound (PID: 5475, Parent: 1588, MD5: 4c7d3fb993463337b4a0eb5c80c760ee) Arguments: /usr/libexec/gsd-sound
  • sh (PID: 5476, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
  • gsd-a11y-settings (PID: 5476, Parent: 1588, MD5: 18e243d2cf30ecee7ea89d1462725c5c) Arguments: /usr/libexec/gsd-a11y-settings
  • sh (PID: 5477, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
  • gsd-housekeeping (PID: 5477, Parent: 1588, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
  • sh (PID: 5478, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
  • gsd-power (PID: 5478, Parent: 1588, MD5: 28b8e1b43c3e7f1db6741ea1ecd978b7) Arguments: /usr/libexec/gsd-power
  • fusermount (PID: 5482, Parent: 3122, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • xfwm4 (PID: 5485, Parent: 2984, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
  • xfce4-panel (PID: 5508, Parent: 2984, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2d6b1caf2-8023-452b-bd0d-d23295482740
  • rm (PID: 5514, Parent: 2984, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /home/saturnino/.cache/sessions/Thunar-2ec7c2e14-9c4d-40f3-9704-8617ab831fb4
  • xfdesktop (PID: 5520, Parent: 2984, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528
  • systemd New Fork (PID: 5528, Parent: 1)
  • systemd-hostnamed (PID: 5528, Parent: 1, MD5: 2cc8a5576629a2d5bd98e49a4b8bef65) Arguments: /lib/systemd/systemd-hostnamed
  • gdm3 New Fork (PID: 5669, Parent: 1400)
  • Default (PID: 5669, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • xfwm4 (PID: 5670, Parent: 2984, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
  • gdm3 New Fork (PID: 5671, Parent: 1400)
  • Default (PID: 5671, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • xfce4-panel (PID: 5672, Parent: 2984, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2d6b1caf2-8023-452b-bd0d-d23295482740
    • wrapper-2.0 (PID: 5737, Parent: 5672, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 6291464 systray "Notification Area" "Area where notification icons appear"
    • wrapper-2.0 (PID: 5738, Parent: 5672, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 6291465 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
    • wrapper-2.0 (PID: 5742, Parent: 5672, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 6291466 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
    • wrapper-2.0 (PID: 5743, Parent: 5672, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 6291467 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • wrapper-2.0 (PID: 5746, Parent: 5672, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 6291468 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
    • wrapper-2.0 (PID: 5748, Parent: 5672, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 6291469 actions "Action Buttons" "Log out, lock or other system actions"
    • wrapper-2.0 (PID: 5800, Parent: 5672, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 6291464 systray "Notification Area" "Area where notification icons appear"
    • wrapper-2.0 (PID: 5801, Parent: 5672, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 6291465 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
    • wrapper-2.0 (PID: 5802, Parent: 5672, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 6291466 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
    • wrapper-2.0 (PID: 5803, Parent: 5672, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 6291467 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • wrapper-2.0 (PID: 5804, Parent: 5672, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 6291468 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
    • wrapper-2.0 (PID: 5805, Parent: 5672, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 6291469 actions "Action Buttons" "Log out, lock or other system actions"
  • xfdesktop (PID: 5673, Parent: 2984, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528
  • systemd New Fork (PID: 5681, Parent: 2935)
  • gvfsd (PID: 5681, Parent: 2935, MD5: 1fa32dace8ba066189a8eadd21bb172a) Arguments: /usr/libexec/gvfsd
    • gvfsd New Fork (PID: 5692, Parent: 5681)
      • gvfsd New Fork (PID: 5693, Parent: 5692)
      • gvfsd-fuse (PID: 5693, Parent: 2935, MD5: d18fbf1cbf8eb57b17fac48b7b4be933) Arguments: /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
        • fusermount (PID: 5694, Parent: 5693, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -o rw,nosuid,nodev,subtype=gvfsd-fuse -- /run/user/1000/gvfs
    • gvfsd New Fork (PID: 5853, Parent: 5681)
    • gvfsd-trash (PID: 5853, Parent: 5681, MD5: 7bd262bd2ff379d0da45f8595163824d) Arguments: /usr/libexec/gvfsd-trash --spawner :1.63 /org/gtk/gvfs/exec_spaw/0
  • xfconfd (PID: 5683, Parent: 5682, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • xfwm4 (PID: 5707, Parent: 2984, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
  • tumblerd (PID: 5709, Parent: 5708, MD5: 2ef099898845e9c5ec6f1a6fd3ad61af) Arguments: /usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd
  • systemd New Fork (PID: 5734, Parent: 1)
  • systemd-user-runtime-dir (PID: 5734, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 127
  • systemd New Fork (PID: 5747, Parent: 2935)
  • gvfs-udisks2-volume-monitor (PID: 5747, Parent: 2935, MD5: 4912ae23684d55062ac889dd671a8ab9) Arguments: /usr/libexec/gvfs-udisks2-volume-monitor
  • xfwm4 (PID: 5751, Parent: 2984, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
  • systemd New Fork (PID: 5755, Parent: 2935)
  • Thunar (PID: 5755, Parent: 2935, MD5: ca35dca6175038f11f012b29178a4f46) Arguments: /usr/bin/Thunar --daemon
  • xfconfd (PID: 5771, Parent: 5770, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 5780, Parent: 2935)
  • gvfs-mtp-volume-monitor (PID: 5780, Parent: 2935, MD5: 4ef31436eba465a14362dfe7e1d42ec3) Arguments: /usr/libexec/gvfs-mtp-volume-monitor
  • systemd New Fork (PID: 5794, Parent: 2935)
  • gvfs-goa-volume-monitor (PID: 5794, Parent: 2935, MD5: 1c9b8b8b466cc3b27212ee9c1052a7b2) Arguments: /usr/libexec/gvfs-goa-volume-monitor
  • xfwm4 (PID: 5797, Parent: 2984, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
  • goa-daemon (PID: 5799, Parent: 5798, MD5: f442acdfc6465acfae3f9f0e05cf6fd3) Arguments: /usr/libexec/goa-daemon
  • goa-identity-service (PID: 5814, Parent: 5813, MD5: 4e1e45c260caf0e8460ff7494a0e8553) Arguments: /usr/libexec/goa-identity-service
  • systemd New Fork (PID: 5840, Parent: 2935)
  • gvfs-afc-volume-monitor (PID: 5840, Parent: 2935, MD5: 724607394f380f47f39e25dd9e1d4825) Arguments: /usr/libexec/gvfs-afc-volume-monitor
  • systemd New Fork (PID: 5847, Parent: 2935)
  • gvfs-gphoto2-volume-monitor (PID: 5847, Parent: 2935, MD5: 8773afb2a78946b2c81024ed4c928353) Arguments: /usr/libexec/gvfs-gphoto2-volume-monitor
  • systemd New Fork (PID: 5865, Parent: 2935)
  • gvfsd-metadata (PID: 5865, Parent: 2935, MD5: 25b3740bd427cf3225e35be4bb2205aa) Arguments: /usr/libexec/gvfsd-metadata
  • xfconfd (PID: 5872, Parent: 5871, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • systemd New Fork (PID: 5878, Parent: 1)
  • accounts-daemon (PID: 5878, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 5892, Parent: 5878, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 5893, Parent: 5892, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 5894, Parent: 5893, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 5895, Parent: 5894)
          • locale (PID: 5895, Parent: 5894, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 5896, Parent: 5894)
          • grep (PID: 5896, Parent: 5894, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • cleanup
No yara matches
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: hanoi.i686.elfVirustotal: Detection: 16%Perma Link
Source: hanoi.i686.elfReversingLabs: Detection: 34%
Source: /usr/bin/xfwm4 (PID: 5670)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: global trafficTCP traffic: 192.168.2.13:49604 -> 103.230.121.85:3778
Source: /usr/libexec/gvfsd-trash (PID: 5853)Socket: unknown address familyJump to behavior
Source: unknownTCP traffic detected without corresponding DNS query: 103.230.121.85
Source: unknownTCP traffic detected without corresponding DNS query: 103.230.121.85
Source: unknownTCP traffic detected without corresponding DNS query: 103.230.121.85
Source: unknownTCP traffic detected without corresponding DNS query: 103.230.121.85
Source: unknownTCP traffic detected without corresponding DNS query: 103.230.121.85
Source: unknownTCP traffic detected without corresponding DNS query: 103.230.121.85
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
Source: hanoi.i686.elfString found in binary or memory: http://upx.sf.net

System Summary

barindex
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 726, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 727, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 792, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 797, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 884, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1588, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1604, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1745, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1748, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1751, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1755, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1765, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1805, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1847, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1872, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1875, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1879, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1881, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1884, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1891, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1906, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1921, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1922, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1925, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1930, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1940, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1944, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1946, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1969, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1982, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 2961, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 2964, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 2984, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3095, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3114, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3117, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3122, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3132, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3134, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3146, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3147, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3153, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3158, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3181, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3183, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3185, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3203, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3208, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3209, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3220, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3225, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3300, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3310, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3327, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3336, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3375, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3413, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3420, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3424, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3429, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3434, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3448, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3637, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 5414, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 5462, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 5464, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 5466, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 5485, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 5508, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 5520, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 3104, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 3182, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 3212, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5436, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5439, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5683, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5709, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5737, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5738, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5742, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5743, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5746, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5748, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5771, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5800, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5801, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5802, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5803, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5804, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5805, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5872, result: successfulJump to behavior
Source: LOAD without section mappingsProgram segment: 0x8048000
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 726, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 727, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 792, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 797, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 884, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1588, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1604, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1745, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1748, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1751, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1755, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1765, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1805, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1847, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1872, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1875, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1879, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1881, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1884, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1891, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1906, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1921, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1922, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1925, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1930, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1940, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1944, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1946, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1969, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 1982, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 2961, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 2964, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 2984, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3095, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3114, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3117, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3122, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3132, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3134, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3146, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3147, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3153, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3158, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3181, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3183, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3185, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3203, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3208, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3209, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3220, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3225, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3300, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3310, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3327, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3336, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3375, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3413, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3420, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3424, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3429, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3434, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3448, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 3637, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 5414, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 5462, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 5464, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 5466, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 5485, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 5508, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)SIGKILL sent: pid: 5520, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 3104, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 3182, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 3212, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5436, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5439, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5683, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5709, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5737, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5738, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5742, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5743, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5746, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5748, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5771, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5800, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5801, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5802, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5803, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5804, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5805, result: successfulJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5437)SIGKILL sent: pid: 5872, result: successfulJump to behavior
Source: classification engineClassification label: mal64.spre.troj.evad.linELF@0/7@2/0

Data Obfuscation

barindex
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 5.00 Copyright (C) 1996-2025 the UPX Team. All Rights Reserved. $

Persistence and Installation Behavior

barindex
Source: /bin/fusermount (PID: 5482)File: /proc/5482/mountsJump to behavior
Source: /bin/fusermount (PID: 5694)File: /proc/5694/mountsJump to behavior
Source: /usr/libexec/gsd-wacom (PID: 5462)Directory: /var/lib/gdm3/.XdefaultsJump to behavior
Source: /usr/libexec/gsd-wacom (PID: 5462)Directory: /var/lib/gdm3/.Xdefaults-galassiaJump to behavior
Source: /usr/libexec/gsd-keyboard (PID: 5464)Directory: /var/lib/gdm3/.XdefaultsJump to behavior
Source: /usr/libexec/gsd-keyboard (PID: 5464)Directory: /var/lib/gdm3/.Xdefaults-galassiaJump to behavior
Source: /usr/libexec/gsd-color (PID: 5467)Directory: /var/lib/gdm3/.XdefaultsJump to behavior
Source: /usr/libexec/gsd-color (PID: 5467)Directory: /var/lib/gdm3/.Xdefaults-galassiaJump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 5468)Directory: <invalid fd (9)>/..Jump to behavior
Source: /usr/libexec/gsd-rfkill (PID: 5468)Directory: <invalid fd (8)>/..Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 5528)Directory: <invalid fd (10)>/..Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /home/saturnino/.drircJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /home/saturnino/.localJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /home/saturnino/.configJump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /home/saturnino/.localJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5737)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5738)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5743)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /home/saturnino/.hiddenJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /.hiddenJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /home/.hiddenJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /home/saturnino/.localJump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Directory: /home/saturnino/.configJump to behavior
Source: /bin/fusermount (PID: 5694)Directory: /gvfs/.Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5683)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5683)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5683)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5683)Directory: /home/saturnino/.configJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /home/saturnino/.localJump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd (PID: 5709)Directory: /home/saturnino/.lv2Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /home/saturnino/.localJump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Directory: /home/saturnino/.configJump to behavior
Source: /usr/bin/Thunar (PID: 5755)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/Thunar (PID: 5755)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/bin/Thunar (PID: 5755)Directory: /home/saturnino/.localJump to behavior
Source: /usr/bin/Thunar (PID: 5755)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5771)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5771)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5771)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5771)Directory: /home/saturnino/.configJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /home/saturnino/.localJump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Directory: /home/saturnino/.configJump to behavior
Source: /usr/libexec/gvfsd-metadata (PID: 5865)Directory: <invalid fd (9)>/..
Source: /usr/libexec/gvfsd-metadata (PID: 5865)Directory: <invalid fd (8)>/..
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5872)Directory: /home/saturnino/.cache
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5872)Directory: /home/saturnino/.local
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5872)Directory: /home/saturnino/.config
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5872)Directory: /home/saturnino/.config
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5878)Directory: /root/.cache
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3122/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3122/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3117/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3117/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3114/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3114/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/5413/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/5414/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/5414/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/914/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/917/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3637/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3637/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/10/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/5272/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/11/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/12/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/13/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/14/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3134/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3134/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3375/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3375/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3132/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3132/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3095/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3095/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1866/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1745/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1745/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/2/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1588/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1588/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/884/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/884/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/4/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1982/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1982/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/5/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/765/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3246/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/6/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/7/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/800/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/767/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/8/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1906/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1906/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/9/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/802/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/803/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1748/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1748/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/5442/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/5443/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/5444/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3420/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3420/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1482/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/490/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1480/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1755/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1755/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1875/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1875/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/2964/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/2964/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3413/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3413/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1751/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1751/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1872/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1872/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/2961/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/2961/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1475/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/778/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/936/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/816/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1879/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1879/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/5450/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/5451/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/5452/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3792/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/5453/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/5454/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/5455/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1891/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1891/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3310/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3310/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3153/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/3153/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/780/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/660/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1921/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1921/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/783/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1765/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1765/net/tcpJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/2974/cmdlineJump to behavior
Source: /tmp/hanoi.i686.elf (PID: 5436)File opened: /proc/1400/cmdlineJump to behavior
Source: /usr/share/language-tools/language-options (PID: 5894)Shell command executed: sh -c "locale -a | grep -F .utf8 "
Source: /bin/sh (PID: 5896)Grep executable: /usr/bin/grep -> grep -F .utf8
Source: /usr/bin/xfce4-session (PID: 5514)Rm executable: /usr/bin/rm -> rm -f /home/saturnino/.cache/sessions/Thunar-2ec7c2e14-9c4d-40f3-9704-8617ab831fb4Jump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5878)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5878)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)
Source: hanoi.i686.elfSubmission file: segment LOAD with 7.8845 entropy (max. 8.0)
Source: hanoi.i686.elfSubmission file: segment LOAD with 7.9876 entropy (max. 8.0)
Source: /usr/bin/xfwm4 (PID: 5670)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/libexec/gsd-wacom (PID: 5462)Queries kernel information via 'uname': Jump to behavior
Source: /usr/libexec/gsd-keyboard (PID: 5464)Queries kernel information via 'uname': Jump to behavior
Source: /usr/libexec/gsd-color (PID: 5467)Queries kernel information via 'uname': Jump to behavior
Source: /usr/libexec/gsd-smartcard (PID: 5469)Queries kernel information via 'uname': Jump to behavior
Source: /usr/libexec/gsd-media-keys (PID: 5471)Queries kernel information via 'uname': Jump to behavior
Source: /usr/libexec/gsd-power (PID: 5478)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5485)Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-hostnamed (PID: 5528)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5670)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfce4-panel (PID: 5672)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5737)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5738)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5742)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5743)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5800)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5801)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5802)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5803)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5804)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5805)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfdesktop (PID: 5673)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5707)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd (PID: 5709)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5751)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/Thunar (PID: 5755)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5797)Queries kernel information via 'uname': Jump to behavior

Language, Device and Operating System Detection

barindex
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5878)Logged in records file read: /var/log/wtmp
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
Valid AccountsWindows Management Instrumentation1
Scripting
Path Interception1
File and Directory Permissions Modification
1
OS Credential Dumping
1
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network Medium1
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Hidden Files and Directories
LSASS Memory1
System Owner/User Discovery
Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Obfuscated Files or Information
Security Account Manager1
File and Directory Discovery
SMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
File Deletion
NTDS1
System Information Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1649670 Sample: hanoi.i686.elf Startdate: 27/03/2025 Architecture: LINUX Score: 64 53 103.230.121.85, 3778, 49604 VPSQUANUS Hong Kong 2->53 55 daisy.ubuntu.com 2->55 61 Multi AV Scanner detection for submitted file 2->61 63 Sample is packed with UPX 2->63 10 systemd gvfsd 2->10         started        12 hanoi.i686.elf 2->12         started        14 xfce4-session xfce4-panel 2->14         started        16 41 other processes 2->16 signatures3 process4 signatures5 19 gvfsd 10->19         started        21 gvfsd gvfsd-trash 10->21         started        23 hanoi.i686.elf 12->23         started        26 hanoi.i686.elf 12->26         started        34 2 other processes 12->34 28 xfce4-panel wrapper-2.0 14->28         started        36 11 other processes 14->36 57 Sample reads /proc/mounts (often used for finding a writable filesystem) 16->57 59 Reads system files that contain records of logged in users 16->59 30 accounts-daemon language-validate 16->30         started        32 gsd-print-notifications 16->32         started        process6 signatures7 38 gvfsd gvfsd-fuse 19->38         started        65 Sample tries to kill multiple processes (SIGKILL) 23->65 40 language-validate language-options 30->40         started        42 gsd-print-notifications gsd-printer 32->42         started        process8 process9 44 gvfsd-fuse fusermount 38->44         started        47 language-options sh 40->47         started        signatures10 67 Sample reads /proc/mounts (often used for finding a writable filesystem) 44->67 49 sh locale 47->49         started        51 sh grep 47->51         started        process11

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
hanoi.i686.elf17%VirustotalBrowse
hanoi.i686.elf34%ReversingLabsLinux.Backdoor.Mirai
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.25
truefalse
    high
    NameSourceMaliciousAntivirus DetectionReputation
    http://upx.sf.nethanoi.i686.elffalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      103.230.121.85
      unknownHong Kong
      62468VPSQUANUSfalse
      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      103.230.121.85hanoi.ppc.elfGet hashmaliciousUnknownBrowse
        hanoi.x86.elfGet hashmaliciousUnknownBrowse
          hanoi.arm7.elfGet hashmaliciousUnknownBrowse
            hanoi.spc.elfGet hashmaliciousMirai, Okiru, XmrigBrowse
              hanoi.arm5.elfGet hashmaliciousUnknownBrowse
                hanoi.sh4.elfGet hashmaliciousMirai, Okiru, XmrigBrowse
                  hanoi.m68k.elfGet hashmaliciousMirai, Okiru, XmrigBrowse
                    hanoi.x86_64.elfGet hashmaliciousUnknownBrowse
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      daisy.ubuntu.comhanoi.x86.elfGet hashmaliciousUnknownBrowse
                      • 162.213.35.25
                      hanoi.arm.elfGet hashmaliciousUnknownBrowse
                      • 162.213.35.25
                      hanoi.sh4.elfGet hashmaliciousMirai, Okiru, XmrigBrowse
                      • 162.213.35.25
                      resgod.arm5.elfGet hashmaliciousMiraiBrowse
                      • 162.213.35.24
                      resgod.x86.elfGet hashmaliciousMiraiBrowse
                      • 162.213.35.24
                      resgod.arm.elfGet hashmaliciousMiraiBrowse
                      • 162.213.35.24
                      resgod.arm6.elfGet hashmaliciousMiraiBrowse
                      • 162.213.35.24
                      sora.arm6.elfGet hashmaliciousMiraiBrowse
                      • 162.213.35.25
                      sora.m68k.elfGet hashmaliciousMiraiBrowse
                      • 162.213.35.25
                      sora.x86.elfGet hashmaliciousMiraiBrowse
                      • 162.213.35.25
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      VPSQUANUShanoi.ppc.elfGet hashmaliciousUnknownBrowse
                      • 103.230.121.85
                      hanoi.x86.elfGet hashmaliciousUnknownBrowse
                      • 103.230.121.85
                      hanoi.arm7.elfGet hashmaliciousUnknownBrowse
                      • 103.230.121.85
                      hanoi.spc.elfGet hashmaliciousMirai, Okiru, XmrigBrowse
                      • 103.230.121.85
                      hanoi.arm5.elfGet hashmaliciousUnknownBrowse
                      • 103.230.121.85
                      hanoi.sh4.elfGet hashmaliciousMirai, Okiru, XmrigBrowse
                      • 103.230.121.85
                      hanoi.m68k.elfGet hashmaliciousMirai, Okiru, XmrigBrowse
                      • 103.230.121.85
                      hanoi.x86_64.elfGet hashmaliciousUnknownBrowse
                      • 103.230.121.85
                      nabppc.elfGet hashmaliciousUnknownBrowse
                      • 23.251.46.113
                      morte.x86.elfGet hashmaliciousUnknownBrowse
                      • 103.239.72.22
                      No context
                      No context
                      Process:/tmp/hanoi.i686.elf
                      File Type:data
                      Category:dropped
                      Size (bytes):6501
                      Entropy (8bit):6.497544961336459
                      Encrypted:false
                      SSDEEP:96:HSNwtpYHpb5yQzlJqdAK0gJrwpm/Ko2BD4/U9VDX19B2dAtRy5Fag9RWssNJcyuC:yNwMHKclJq5Im/Ko2BaKFDMUoLag9ic+
                      MD5:55F9FB7A5A632E6BD2C4CA5178795955
                      SHA1:3B22C1708E5789ADE9B79516878BF8E00EF27C91
                      SHA-256:6A7E9243A338B8188B1865B3668D43664092976FFA3DF32B9741E3BC16B86368
                      SHA-512:2AA33D073132BA427D325E4BC2B10D3167C8955686BC12353875AAE158A6D65BDB14C77563C7F5DDE814AE4D045CE8EA4381ED57EEB70BC92CDD94F3BCD1749F
                      Malicious:false
                      Reputation:low
                      Preview:....L...".......[S.%.....X............Y........t.............u.........j.Y.U....u.W...u......u.W.....u....t._Yj..D$.....@.........H..)}.WV...../proc/self/exe.[).j.X..D$(.......jUX...y........t...._O.... =......E..8...^..)..1....).Z.......I...O.1.).........X]X...^]......TWUVP.@.....Mh..f.}..u..-.z....[.s..........1...XY_[VQPRW[..x#S).j.^j.Z....1.).)...;...[...3..._).<..u.[YPPPPPPPP.[.'WVS..|$....@.9...s.j.[j.X.....t.....F..B...C.....)..C...[^_.U..WV..S.....:.........}..:.E..E.P.C..v....P..........uy.U.;U.uq.E.)..C....V.)....tEj.....a....E.Y..t:.M..tB9.w>;.w:9.r......V.Q.8....U.X...V.)....u..e.[^_..}.UPX!u.....t.j.[j.X...U..WVS.t$.t<..u8............9.t....t(..t......9.u.C..p.u..u...t..U..u.[^_]......j.[j.X...U..WVS.............u..].VSW.....j.j.j2j..u.S.u.....$VWS.........e.[^_..U..WVS..x.E.U.}.]..E......E..U..M..E......U.M..E..............P4..E.+Z(f.x.........].J.....E.j[X..k....M..E.....f.Q,f..........E....E..... ;E...f....M....~.......
                      Process:/usr/libexec/goa-daemon
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:93B885ADFE0DA089CDF634904FD59F71
                      SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                      SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                      SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview:.
                      Process:/usr/libexec/gsd-housekeeping
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:93B885ADFE0DA089CDF634904FD59F71
                      SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                      SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                      SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview:.
                      File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
                      Entropy (8bit):7.986281336321516
                      TrID:
                      • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                      • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                      File name:hanoi.i686.elf
                      File size:39'592 bytes
                      MD5:1e453d9426958e3353814d640fafb22a
                      SHA1:a64cf0f436c812f6c8558801b3708b2d5ef40778
                      SHA256:88677e76f60570994b338aefc77762fb0cb9dbf8918df8f3ddd3572d63097b26
                      SHA512:37b04109423ad467aeb1bb5ff34bd13e35eece8dca6ce86c27a455629085d1e60f93d15d3d9217acf126be779b9ecaa8c8b76add2664947eaa240119fe0fa872
                      SSDEEP:768:97VStzjE3zVU3imPuJ82K1+4PxUVy17uIlRPXqNC9jCNr2VAHFyIY:9ZAzj7sg84PxUVy17uMPXqNC9jCJ26la
                      TLSH:B7030272A771F4B4C236C2BA64B49F6B1412F971226493F2961EFB47F81D2452BD0A0F
                      File Content Preview:.ELF....................Xv..4...........4. ..............................j..........................................Q.td................................UPX!\........d...Y......W..........?..k.I/.j....\.W'".....l...q..}..........x8bby......Z...0..OR.....G.

                      ELF header

                      Class:ELF32
                      Data:2's complement, little endian
                      Version:1 (current)
                      Machine:Intel 80386
                      Version Number:0x1
                      Type:EXEC (Executable file)
                      OS/ABI:UNIX - Linux
                      ABI Version:0
                      Entry Point Address:0x8067658
                      Flags:0x0
                      ELF Header Size:52
                      Program Header Offset:52
                      Program Header Size:32
                      Number of Program Headers:3
                      Section Header Offset:0
                      Section Header Size:0
                      Number of Section Headers:0
                      Header String Table Index:0
                      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                      LOAD0x00x80480000x80480000x10000x16ae87.88450x6RW 0x1000
                      LOAD0x00x805f0000x805f0000x99a60x99a67.98760x5R E0x1000
                      GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                      Download Network PCAP: filteredfull

                      • Total Packets: 8
                      • 3778 undefined
                      • 53 (DNS)
                      TimestampSource PortDest PortSource IPDest IP
                      Mar 27, 2025 01:08:44.641958952 CET496043778192.168.2.13103.230.121.85
                      Mar 27, 2025 01:08:44.977811098 CET377849604103.230.121.85192.168.2.13
                      Mar 27, 2025 01:08:44.977921009 CET496043778192.168.2.13103.230.121.85
                      Mar 27, 2025 01:08:44.978014946 CET496043778192.168.2.13103.230.121.85
                      Mar 27, 2025 01:08:45.312025070 CET377849604103.230.121.85192.168.2.13
                      Mar 27, 2025 01:08:45.312064886 CET377849604103.230.121.85192.168.2.13
                      Mar 27, 2025 01:08:45.312164068 CET496043778192.168.2.13103.230.121.85
                      Mar 27, 2025 01:08:45.645903111 CET377849604103.230.121.85192.168.2.13
                      Mar 27, 2025 01:08:54.878585100 CET496043778192.168.2.13103.230.121.85
                      Mar 27, 2025 01:08:55.213388920 CET377849604103.230.121.85192.168.2.13
                      Mar 27, 2025 01:08:55.213452101 CET496043778192.168.2.13103.230.121.85
                      TimestampSource PortDest PortSource IPDest IP
                      Mar 27, 2025 01:11:28.724570036 CET4554253192.168.2.131.1.1.1
                      Mar 27, 2025 01:11:28.724570036 CET4561653192.168.2.131.1.1.1
                      Mar 27, 2025 01:11:28.812875986 CET53456161.1.1.1192.168.2.13
                      Mar 27, 2025 01:11:28.812926054 CET53455421.1.1.1192.168.2.13
                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Mar 27, 2025 01:11:28.724570036 CET192.168.2.131.1.1.10x7493Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                      Mar 27, 2025 01:11:28.724570036 CET192.168.2.131.1.1.10xe55eStandard query (0)daisy.ubuntu.com28IN (0x0001)false
                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Mar 27, 2025 01:11:28.812926054 CET1.1.1.1192.168.2.130x7493No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
                      Mar 27, 2025 01:11:28.812926054 CET1.1.1.1192.168.2.130x7493No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

                      System Behavior

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/tmp/hanoi.i686.elf
                      Arguments:/tmp/hanoi.i686.elf
                      File size:39592 bytes
                      MD5 hash:1e453d9426958e3353814d640fafb22a

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/tmp/hanoi.i686.elf
                      Arguments:-
                      File size:39592 bytes
                      MD5 hash:1e453d9426958e3353814d640fafb22a

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/tmp/hanoi.i686.elf
                      Arguments:-
                      File size:39592 bytes
                      MD5 hash:1e453d9426958e3353814d640fafb22a

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/tmp/hanoi.i686.elf
                      Arguments:-
                      File size:39592 bytes
                      MD5 hash:1e453d9426958e3353814d640fafb22a

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/tmp/hanoi.i686.elf
                      Arguments:-
                      File size:39592 bytes
                      MD5 hash:1e453d9426958e3353814d640fafb22a
                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gnome-session-binary
                      Arguments:-
                      File size:334664 bytes
                      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-wacom
                      Arguments:/usr/libexec/gsd-wacom
                      File size:39520 bytes
                      MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gnome-session-binary
                      Arguments:-
                      File size:334664 bytes
                      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-keyboard
                      Arguments:/usr/libexec/gsd-keyboard
                      File size:39760 bytes
                      MD5 hash:8e288fd17c80bb0a1148b964b2ac2279

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gnome-session-binary
                      Arguments:-
                      File size:334664 bytes
                      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-print-notifications
                      Arguments:/usr/libexec/gsd-print-notifications
                      File size:51840 bytes
                      MD5 hash:71539698aa691718cee775d6b9450ae2

                      Start time (UTC):00:08:48
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-print-notifications
                      Arguments:-
                      File size:51840 bytes
                      MD5 hash:71539698aa691718cee775d6b9450ae2

                      Start time (UTC):00:08:48
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-print-notifications
                      Arguments:-
                      File size:51840 bytes
                      MD5 hash:71539698aa691718cee775d6b9450ae2

                      Start time (UTC):00:08:49
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-printer
                      Arguments:/usr/libexec/gsd-printer
                      File size:31120 bytes
                      MD5 hash:7995828cf98c315fd55f2ffb3b22384d

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gnome-session-binary
                      Arguments:-
                      File size:334664 bytes
                      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-color
                      Arguments:/usr/libexec/gsd-color
                      File size:92832 bytes
                      MD5 hash:ac2861ad93ce047283e8e87cefef9a19

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gnome-session-binary
                      Arguments:-
                      File size:334664 bytes
                      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-rfkill
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-rfkill
                      Arguments:/usr/libexec/gsd-rfkill
                      File size:51808 bytes
                      MD5 hash:88a16a3c0aba1759358c06215ecfb5cc

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gnome-session-binary
                      Arguments:-
                      File size:334664 bytes
                      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-smartcard
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-smartcard
                      Arguments:/usr/libexec/gsd-smartcard
                      File size:109152 bytes
                      MD5 hash:ea1fbd7f62e4cd0331eae2ef754ee605

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gnome-session-binary
                      Arguments:-
                      File size:334664 bytes
                      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-datetime
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:44
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-datetime
                      Arguments:/usr/libexec/gsd-datetime
                      File size:76736 bytes
                      MD5 hash:d80d39745740de37d6634d36e344d4bc

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gnome-session-binary
                      Arguments:-
                      File size:334664 bytes
                      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-media-keys
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:44
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-media-keys
                      Arguments:/usr/libexec/gsd-media-keys
                      File size:232936 bytes
                      MD5 hash:a425448c135afb4b8bfd79cc0b6b74da

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gnome-session-binary
                      Arguments:-
                      File size:334664 bytes
                      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                      Start time (UTC):00:08:43
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-screensaver-proxy
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:44
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-screensaver-proxy
                      Arguments:/usr/libexec/gsd-screensaver-proxy
                      File size:27232 bytes
                      MD5 hash:77e309450c87dceee43f1a9e50cc0d02

                      Start time (UTC):00:08:44
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gnome-session-binary
                      Arguments:-
                      File size:334664 bytes
                      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                      Start time (UTC):00:08:44
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sound
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:44
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-sound
                      Arguments:/usr/libexec/gsd-sound
                      File size:31248 bytes
                      MD5 hash:4c7d3fb993463337b4a0eb5c80c760ee

                      Start time (UTC):00:08:44
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gnome-session-binary
                      Arguments:-
                      File size:334664 bytes
                      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                      Start time (UTC):00:08:44
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-a11y-settings
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:44
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-a11y-settings
                      Arguments:/usr/libexec/gsd-a11y-settings
                      File size:23056 bytes
                      MD5 hash:18e243d2cf30ecee7ea89d1462725c5c

                      Start time (UTC):00:08:44
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gnome-session-binary
                      Arguments:-
                      File size:334664 bytes
                      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                      Start time (UTC):00:08:44
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:45
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-housekeeping
                      Arguments:/usr/libexec/gsd-housekeeping
                      File size:51840 bytes
                      MD5 hash:b55f3394a84976ddb92a2915e5d76914

                      Start time (UTC):00:08:44
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gnome-session-binary
                      Arguments:-
                      File size:334664 bytes
                      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                      Start time (UTC):00:08:44
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-power
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:45
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gsd-power
                      Arguments:/usr/libexec/gsd-power
                      File size:88672 bytes
                      MD5 hash:28b8e1b43c3e7f1db6741ea1ecd978b7

                      Start time (UTC):00:08:45
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gvfsd-fuse
                      Arguments:-
                      File size:47632 bytes
                      MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                      Start time (UTC):00:08:45
                      Start date (UTC):27/03/2025
                      Path:/bin/fusermount
                      Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
                      File size:39144 bytes
                      MD5 hash:576a1b135c82bdcbc97a91acea900566

                      Start time (UTC):00:08:45
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-session
                      Arguments:-
                      File size:264752 bytes
                      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                      Start time (UTC):00:08:46
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfwm4
                      Arguments:xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
                      File size:420424 bytes
                      MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                      Start time (UTC):00:08:46
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-session
                      Arguments:-
                      File size:264752 bytes
                      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                      Start time (UTC):00:08:47
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-panel
                      Arguments:xfce4-panel --display :1.0 --sm-client-id 2d6b1caf2-8023-452b-bd0d-d23295482740
                      File size:375768 bytes
                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                      Start time (UTC):00:08:47
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-session
                      Arguments:-
                      File size:264752 bytes
                      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                      Start time (UTC):00:08:47
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/rm
                      Arguments:rm -f /home/saturnino/.cache/sessions/Thunar-2ec7c2e14-9c4d-40f3-9704-8617ab831fb4
                      File size:72056 bytes
                      MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                      Start time (UTC):00:08:48
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-session
                      Arguments:-
                      File size:264752 bytes
                      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                      Start time (UTC):00:08:48
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfdesktop
                      Arguments:xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528
                      File size:473520 bytes
                      MD5 hash:dfb13e1581f80065dcea16f2476f16f2

                      Start time (UTC):00:08:49
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/systemd/systemd
                      Arguments:-
                      File size:1620224 bytes
                      MD5 hash:9b2bec7092a40488108543f9334aab75

                      Start time (UTC):00:08:49
                      Start date (UTC):27/03/2025
                      Path:/lib/systemd/systemd-hostnamed
                      Arguments:/lib/systemd/systemd-hostnamed
                      File size:35040 bytes
                      MD5 hash:2cc8a5576629a2d5bd98e49a4b8bef65

                      Start time (UTC):00:08:53
                      Start date (UTC):27/03/2025
                      Path:/usr/sbin/gdm3
                      Arguments:-
                      File size:453296 bytes
                      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                      Start time (UTC):00:08:53
                      Start date (UTC):27/03/2025
                      Path:/etc/gdm3/PrimeOff/Default
                      Arguments:/etc/gdm3/PrimeOff/Default
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:53
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-session
                      Arguments:-
                      File size:264752 bytes
                      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                      Start time (UTC):00:08:53
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfwm4
                      Arguments:xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
                      File size:420424 bytes
                      MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                      Start time (UTC):00:08:53
                      Start date (UTC):27/03/2025
                      Path:/usr/sbin/gdm3
                      Arguments:-
                      File size:453296 bytes
                      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                      Start time (UTC):00:08:53
                      Start date (UTC):27/03/2025
                      Path:/etc/gdm3/PrimeOff/Default
                      Arguments:/etc/gdm3/PrimeOff/Default
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                      Start time (UTC):00:08:53
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-session
                      Arguments:-
                      File size:264752 bytes
                      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                      Start time (UTC):00:08:53
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-panel
                      Arguments:xfce4-panel --display :1.0 --sm-client-id 2d6b1caf2-8023-452b-bd0d-d23295482740
                      File size:375768 bytes
                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                      Start time (UTC):00:09:04
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-panel
                      Arguments:-
                      File size:375768 bytes
                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                      Start time (UTC):00:09:04
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 6291464 systray "Notification Area" "Area where notification icons appear"
                      File size:35136 bytes
                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                      Start time (UTC):00:09:04
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-panel
                      Arguments:-
                      File size:375768 bytes
                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                      Start time (UTC):00:09:04
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 6291465 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                      File size:35136 bytes
                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                      Start time (UTC):00:09:04
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-panel
                      Arguments:-
                      File size:375768 bytes
                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                      Start time (UTC):00:09:04
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 6291466 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                      File size:35136 bytes
                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                      Start time (UTC):00:09:04
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-panel
                      Arguments:-
                      File size:375768 bytes
                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                      Start time (UTC):00:09:05
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 6291467 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                      File size:35136 bytes
                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                      Start time (UTC):00:09:05
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-panel
                      Arguments:-
                      File size:375768 bytes
                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                      Start time (UTC):00:09:05
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 6291468 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                      File size:35136 bytes
                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                      Start time (UTC):00:09:06
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-panel
                      Arguments:-
                      File size:375768 bytes
                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                      Start time (UTC):00:09:07
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 6291469 actions "Action Buttons" "Log out, lock or other system actions"
                      File size:35136 bytes
                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                      Start time (UTC):00:09:18
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-panel
                      Arguments:-
                      File size:375768 bytes
                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                      Start time (UTC):00:09:18
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 6291464 systray "Notification Area" "Area where notification icons appear"
                      File size:35136 bytes
                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                      Start time (UTC):00:09:18
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-panel
                      Arguments:-
                      File size:375768 bytes
                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                      Start time (UTC):00:09:19
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 6291465 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
                      File size:35136 bytes
                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                      Start time (UTC):00:09:19
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-panel
                      Arguments:-
                      File size:375768 bytes
                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                      Start time (UTC):00:09:19
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 6291466 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
                      File size:35136 bytes
                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                      Start time (UTC):00:09:19
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-panel
                      Arguments:-
                      File size:375768 bytes
                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                      Start time (UTC):00:09:19
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 6291467 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
                      File size:35136 bytes
                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                      Start time (UTC):00:09:20
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-panel
                      Arguments:-
                      File size:375768 bytes
                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                      Start time (UTC):00:09:20
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 6291468 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
                      File size:35136 bytes
                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                      Start time (UTC):00:09:20
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-panel
                      Arguments:-
                      File size:375768 bytes
                      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

                      Start time (UTC):00:09:20
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 6291469 actions "Action Buttons" "Log out, lock or other system actions"
                      File size:35136 bytes
                      MD5 hash:ac0b8a906f359a8ae102244738682e76

                      Start time (UTC):00:08:53
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-session
                      Arguments:-
                      File size:264752 bytes
                      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                      Start time (UTC):00:08:53
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfdesktop
                      Arguments:xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528
                      File size:473520 bytes
                      MD5 hash:dfb13e1581f80065dcea16f2476f16f2

                      Start time (UTC):00:08:55
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/systemd/systemd
                      Arguments:-
                      File size:1620224 bytes
                      MD5 hash:9b2bec7092a40488108543f9334aab75

                      Start time (UTC):00:08:55
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gvfsd
                      Arguments:/usr/libexec/gvfsd
                      File size:39224 bytes
                      MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                      Start time (UTC):00:08:56
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gvfsd
                      Arguments:-
                      File size:39224 bytes
                      MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                      Start time (UTC):00:08:56
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gvfsd
                      Arguments:-
                      File size:39224 bytes
                      MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                      Start time (UTC):00:08:56
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gvfsd-fuse
                      Arguments:/usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
                      File size:47632 bytes
                      MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                      Start time (UTC):00:08:56
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gvfsd-fuse
                      Arguments:-
                      File size:47632 bytes
                      MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

                      Start time (UTC):00:08:56
                      Start date (UTC):27/03/2025
                      Path:/bin/fusermount
                      Arguments:fusermount -o rw,nosuid,nodev,subtype=gvfsd-fuse -- /run/user/1000/gvfs
                      File size:39144 bytes
                      MD5 hash:576a1b135c82bdcbc97a91acea900566

                      Start time (UTC):00:09:28
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gvfsd
                      Arguments:-
                      File size:39224 bytes
                      MD5 hash:1fa32dace8ba066189a8eadd21bb172a

                      Start time (UTC):00:09:28
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gvfsd-trash
                      Arguments:/usr/libexec/gvfsd-trash --spawner :1.63 /org/gtk/gvfs/exec_spaw/0
                      File size:55608 bytes
                      MD5 hash:7bd262bd2ff379d0da45f8595163824d

                      Start time (UTC):00:08:55
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/dbus-daemon
                      Arguments:-
                      File size:249032 bytes
                      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                      Start time (UTC):00:08:55
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                      File size:112880 bytes
                      MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                      Start time (UTC):00:09:01
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-session
                      Arguments:-
                      File size:264752 bytes
                      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                      Start time (UTC):00:09:01
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfwm4
                      Arguments:xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
                      File size:420424 bytes
                      MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                      Start time (UTC):00:09:02
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/dbus-daemon
                      Arguments:-
                      File size:249032 bytes
                      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                      Start time (UTC):00:09:02
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd
                      Arguments:/usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd
                      File size:149888 bytes
                      MD5 hash:2ef099898845e9c5ec6f1a6fd3ad61af

                      Start time (UTC):00:09:03
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/systemd/systemd
                      Arguments:-
                      File size:1620224 bytes
                      MD5 hash:9b2bec7092a40488108543f9334aab75

                      Start time (UTC):00:09:03
                      Start date (UTC):27/03/2025
                      Path:/lib/systemd/systemd-user-runtime-dir
                      Arguments:/lib/systemd/systemd-user-runtime-dir stop 127
                      File size:22672 bytes
                      MD5 hash:d55f4b0847f88131dbcfb07435178e54

                      Start time (UTC):00:09:06
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/systemd/systemd
                      Arguments:-
                      File size:1620224 bytes
                      MD5 hash:9b2bec7092a40488108543f9334aab75

                      Start time (UTC):00:09:06
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gvfs-udisks2-volume-monitor
                      Arguments:/usr/libexec/gvfs-udisks2-volume-monitor
                      File size:199648 bytes
                      MD5 hash:4912ae23684d55062ac889dd671a8ab9

                      Start time (UTC):00:09:09
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-session
                      Arguments:-
                      File size:264752 bytes
                      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                      Start time (UTC):00:09:09
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfwm4
                      Arguments:xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
                      File size:420424 bytes
                      MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                      Start time (UTC):00:09:11
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/systemd/systemd
                      Arguments:-
                      File size:1620224 bytes
                      MD5 hash:9b2bec7092a40488108543f9334aab75

                      Start time (UTC):00:09:11
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/Thunar
                      Arguments:/usr/bin/Thunar --daemon
                      File size:901328 bytes
                      MD5 hash:ca35dca6175038f11f012b29178a4f46

                      Start time (UTC):00:09:13
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/dbus-daemon
                      Arguments:-
                      File size:249032 bytes
                      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                      Start time (UTC):00:09:13
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                      File size:112880 bytes
                      MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

                      Start time (UTC):00:09:16
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/systemd/systemd
                      Arguments:-
                      File size:1620224 bytes
                      MD5 hash:9b2bec7092a40488108543f9334aab75

                      Start time (UTC):00:09:16
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gvfs-mtp-volume-monitor
                      Arguments:/usr/libexec/gvfs-mtp-volume-monitor
                      File size:113032 bytes
                      MD5 hash:4ef31436eba465a14362dfe7e1d42ec3

                      Start time (UTC):00:09:17
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/systemd/systemd
                      Arguments:-
                      File size:1620224 bytes
                      MD5 hash:9b2bec7092a40488108543f9334aab75

                      Start time (UTC):00:09:17
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gvfs-goa-volume-monitor
                      Arguments:/usr/libexec/gvfs-goa-volume-monitor
                      File size:117128 bytes
                      MD5 hash:1c9b8b8b466cc3b27212ee9c1052a7b2

                      Start time (UTC):00:09:18
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfce4-session
                      Arguments:-
                      File size:264752 bytes
                      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                      Start time (UTC):00:09:18
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/xfwm4
                      Arguments:xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
                      File size:420424 bytes
                      MD5 hash:59defa3c00cc30d85ed77b738d55e9da

                      Start time (UTC):00:09:18
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/dbus-daemon
                      Arguments:-
                      File size:249032 bytes
                      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                      Start time (UTC):00:09:18
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/goa-daemon
                      Arguments:/usr/libexec/goa-daemon
                      File size:55776 bytes
                      MD5 hash:f442acdfc6465acfae3f9f0e05cf6fd3

                      Start time (UTC):00:09:22
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/dbus-daemon
                      Arguments:-
                      File size:249032 bytes
                      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                      Start time (UTC):00:09:22
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/goa-identity-service
                      Arguments:/usr/libexec/goa-identity-service
                      File size:158096 bytes
                      MD5 hash:4e1e45c260caf0e8460ff7494a0e8553

                      Start time (UTC):00:09:24
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/systemd/systemd
                      Arguments:-
                      File size:1620224 bytes
                      MD5 hash:9b2bec7092a40488108543f9334aab75
                      Start time (UTC):00:09:24
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gvfs-afc-volume-monitor
                      Arguments:/usr/libexec/gvfs-afc-volume-monitor
                      File size:113032 bytes
                      MD5 hash:724607394f380f47f39e25dd9e1d4825
                      Start time (UTC):00:09:26
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/systemd/systemd
                      Arguments:-
                      File size:1620224 bytes
                      MD5 hash:9b2bec7092a40488108543f9334aab75
                      Start time (UTC):00:09:26
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gvfs-gphoto2-volume-monitor
                      Arguments:/usr/libexec/gvfs-gphoto2-volume-monitor
                      File size:117128 bytes
                      MD5 hash:8773afb2a78946b2c81024ed4c928353
                      Start time (UTC):00:09:30
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/systemd/systemd
                      Arguments:-
                      File size:1620224 bytes
                      MD5 hash:9b2bec7092a40488108543f9334aab75
                      Start time (UTC):00:09:30
                      Start date (UTC):27/03/2025
                      Path:/usr/libexec/gvfsd-metadata
                      Arguments:/usr/libexec/gvfsd-metadata
                      File size:88456 bytes
                      MD5 hash:25b3740bd427cf3225e35be4bb2205aa
                      Start time (UTC):00:09:33
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/dbus-daemon
                      Arguments:-
                      File size:249032 bytes
                      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c
                      Start time (UTC):00:09:33
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
                      File size:112880 bytes
                      MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9
                      Start time (UTC):00:09:37
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/systemd/systemd
                      Arguments:-
                      File size:1620224 bytes
                      MD5 hash:9b2bec7092a40488108543f9334aab75
                      Start time (UTC):00:09:37
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/accountsservice/accounts-daemon
                      Arguments:/usr/lib/accountsservice/accounts-daemon
                      File size:203192 bytes
                      MD5 hash:01a899e3fb5e7e434bea1290255a1f30
                      Start time (UTC):00:09:38
                      Start date (UTC):27/03/2025
                      Path:/usr/lib/accountsservice/accounts-daemon
                      Arguments:-
                      File size:203192 bytes
                      MD5 hash:01a899e3fb5e7e434bea1290255a1f30
                      Start time (UTC):00:09:38
                      Start date (UTC):27/03/2025
                      Path:/usr/share/language-tools/language-validate
                      Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                      Start time (UTC):00:09:38
                      Start date (UTC):27/03/2025
                      Path:/usr/share/language-tools/language-validate
                      Arguments:-
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                      Start time (UTC):00:09:38
                      Start date (UTC):27/03/2025
                      Path:/usr/share/language-tools/language-options
                      Arguments:/usr/share/language-tools/language-options
                      File size:3478464 bytes
                      MD5 hash:16a21f464119ea7fad1d3660de963637
                      Start time (UTC):00:09:38
                      Start date (UTC):27/03/2025
                      Path:/usr/share/language-tools/language-options
                      Arguments:-
                      File size:3478464 bytes
                      MD5 hash:16a21f464119ea7fad1d3660de963637
                      Start time (UTC):00:09:38
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:sh -c "locale -a | grep -F .utf8 "
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                      Start time (UTC):00:09:38
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:-
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                      Start time (UTC):00:09:38
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/locale
                      Arguments:locale -a
                      File size:58944 bytes
                      MD5 hash:c72a78792469db86d91369c9057f20d2
                      Start time (UTC):00:09:38
                      Start date (UTC):27/03/2025
                      Path:/bin/sh
                      Arguments:-
                      File size:129816 bytes
                      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c
                      Start time (UTC):00:09:38
                      Start date (UTC):27/03/2025
                      Path:/usr/bin/grep
                      Arguments:grep -F .utf8
                      File size:199136 bytes
                      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5