Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
na.elf

Overview

General Information

Sample name:na.elf
Analysis ID:1528830
MD5:d67ab8e2b66b87b5665333176583e552
SHA1:571fb2b837941d8d3fb4bef82a09d850696dd856
SHA256:4244ef7ff56a2dab17f06c98131f61460ec9ca7eec6f7cb057d7e779c3079a65
Tags:elfMiraiuser-abuse_ch
Infos:

Detection

Score:88
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample tries to kill a massive number of system processes
Machine Learning detection for sample
Reads system files that contain records of logged in users
Sample deletes itself
Sample is packed with UPX
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to kill multiple processes (SIGKILL)
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "grep" command used to find patterns in files or piped streams
Executes the "ps" command used to list the status of processes
Executes the "rm" command used to delete files or directories
Reads CPU information from /sys indicative of miner or evasive malware
Reads system information from the proc file system
Sample contains only a LOAD segment without any section mappings
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1528830
Start date and time:2024-10-08 11:29:36 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 28s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:na.elf
Detection:MAL
Classification:mal88.spre.troj.evad.linELF@0/23@3/0

Warnings

  • Report size exceeded maximum capacity and may have missing behavior information.

Runtime Messages

Command:/tmp/na.elf
PID:5452
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Hello, World!
Standard Error:

Process Tree

  • system is lnxubuntu20
  • dash New Fork (PID: 5413, Parent: 3578)
  • rm (PID: 5413, Parent: 3578, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.nNPFxb16jB /tmp/tmp.JAVKQHsnD7 /tmp/tmp.JJECfR6OHN
  • dash New Fork (PID: 5414, Parent: 3578)
  • cat (PID: 5414, Parent: 3578, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.nNPFxb16jB
  • dash New Fork (PID: 5415, Parent: 3578)
  • head (PID: 5415, Parent: 3578, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5416, Parent: 3578)
  • tr (PID: 5416, Parent: 3578, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5417, Parent: 3578)
  • cut (PID: 5417, Parent: 3578, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5418, Parent: 3578)
  • cat (PID: 5418, Parent: 3578, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.nNPFxb16jB
  • dash New Fork (PID: 5419, Parent: 3578)
  • head (PID: 5419, Parent: 3578, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5420, Parent: 3578)
  • tr (PID: 5420, Parent: 3578, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5421, Parent: 3578)
  • cut (PID: 5421, Parent: 3578, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5422, Parent: 3578)
  • rm (PID: 5422, Parent: 3578, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.nNPFxb16jB /tmp/tmp.JAVKQHsnD7 /tmp/tmp.JJECfR6OHN
  • na.elf (PID: 5452, Parent: 5346, MD5: d67ab8e2b66b87b5665333176583e552) Arguments: /tmp/na.elf
    • na.elf New Fork (PID: 5453, Parent: 5452)
      • na.elf New Fork (PID: 5454, Parent: 5453)
      • na.elf New Fork (PID: 5455, Parent: 5453)
        • na.elf New Fork (PID: 5566, Parent: 5455)
        • sh (PID: 5566, Parent: 5455, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ps -A -o pid,cmd --no-headers"
          • sh New Fork (PID: 5567, Parent: 5566)
          • ps (PID: 5567, Parent: 5566, MD5: ab48054475a6f70f8e7fa847331f3327) Arguments: ps -A -o pid,cmd --no-headers
  • sh (PID: 5481, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
  • gsd-wacom (PID: 5481, Parent: 1588, MD5: 13778dd1a23a4e94ddc17ac9caa4fcc1) Arguments: /usr/libexec/gsd-wacom
  • sh (PID: 5483, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
  • gsd-sharing (PID: 5483, Parent: 1588, MD5: e29d9025d98590fbb69f89fdbd4438b3) Arguments: /usr/libexec/gsd-sharing
  • sh (PID: 5485, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
  • sh (PID: 5486, Parent: 1588, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
  • systemd New Fork (PID: 5487, Parent: 1)
  • upowerd (PID: 5487, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • gdm3 New Fork (PID: 5530, Parent: 1400)
  • Default (PID: 5530, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5531, Parent: 1400)
  • Default (PID: 5531, Parent: 1400, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • fusermount (PID: 5532, Parent: 3122, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -u -q -z -- /run/user/1000/gvfs
  • xfwm4 (PID: 5533, Parent: 2984, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
  • xfce4-panel (PID: 5536, Parent: 2984, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2d6b1caf2-8023-452b-bd0d-d23295482740
  • rm (PID: 5555, Parent: 2984, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /home/saturnino/.cache/sessions/Thunar-2ec7c2e14-9c4d-40f3-9704-8617ab831fb4
  • xfdesktop (PID: 5559, Parent: 2984, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528
  • xfwm4 (PID: 5565, Parent: 2984, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
  • systemd New Fork (PID: 5568, Parent: 1)
  • upowerd (PID: 5568, Parent: 1, MD5: 1253eea2fe5fe4017069664284e326cd) Arguments: /usr/lib/upower/upowerd
  • xfce4-panel (PID: 5576, Parent: 2984, MD5: a15b657c7d54ac1385f1f15004ea6784) Arguments: xfce4-panel --display :1.0 --sm-client-id 2d6b1caf2-8023-452b-bd0d-d23295482740
    • wrapper-2.0 (PID: 5718, Parent: 5576, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 6291464 systray "Notification Area" "Area where notification icons appear"
    • wrapper-2.0 (PID: 5719, Parent: 5576, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 6291465 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
    • wrapper-2.0 (PID: 5722, Parent: 5576, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 6291466 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
    • wrapper-2.0 (PID: 5724, Parent: 5576, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 6291467 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
      • xfpm-power-backlight-helper (PID: 5824, Parent: 5724, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
    • wrapper-2.0 (PID: 5726, Parent: 5576, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 6291468 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
    • wrapper-2.0 (PID: 5746, Parent: 5576, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 6291469 actions "Action Buttons" "Log out, lock or other system actions"
  • xfdesktop (PID: 5609, Parent: 2984, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528
  • systemd New Fork (PID: 5615, Parent: 2935)
  • gvfsd (PID: 5615, Parent: 2935, MD5: 1fa32dace8ba066189a8eadd21bb172a) Arguments: /usr/libexec/gvfsd
    • gvfsd New Fork (PID: 5629, Parent: 5615)
      • gvfsd New Fork (PID: 5630, Parent: 5629)
      • gvfsd-fuse (PID: 5630, Parent: 2935, MD5: d18fbf1cbf8eb57b17fac48b7b4be933) Arguments: /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
        • fusermount (PID: 5634, Parent: 5630, MD5: 576a1b135c82bdcbc97a91acea900566) Arguments: fusermount -o rw,nosuid,nodev,subtype=gvfsd-fuse -- /run/user/1000/gvfs
    • gvfsd New Fork (PID: 5833, Parent: 5615)
    • gvfsd-trash (PID: 5833, Parent: 5615, MD5: 7bd262bd2ff379d0da45f8595163824d) Arguments: /usr/libexec/gvfsd-trash --spawner :1.62 /org/gtk/gvfs/exec_spaw/0
  • xfconfd (PID: 5628, Parent: 5627, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • xfwm4 (PID: 5644, Parent: 2984, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
  • xfdesktop (PID: 5645, Parent: 2984, MD5: dfb13e1581f80065dcea16f2476f16f2) Arguments: xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528
  • systemd New Fork (PID: 5646, Parent: 1)
  • systemd-user-runtime-dir (PID: 5646, Parent: 1, MD5: d55f4b0847f88131dbcfb07435178e54) Arguments: /lib/systemd/systemd-user-runtime-dir stop 127
  • systemd New Fork (PID: 5680, Parent: 1)
  • journalctl (PID: 5680, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --smart-relinquish-var
  • xfwm4 (PID: 5681, Parent: 2984, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
  • systemd New Fork (PID: 5682, Parent: 1)
  • systemd-journald (PID: 5682, Parent: 1, MD5: 474667ece6cecb5e04c6eb897a1d0d9e) Arguments: /lib/systemd/systemd-journald
  • tumblerd (PID: 5692, Parent: 5691, MD5: 2ef099898845e9c5ec6f1a6fd3ad61af) Arguments: /usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd
  • xfwm4 (PID: 5697, Parent: 2984, MD5: 59defa3c00cc30d85ed77b738d55e9da) Arguments: xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
  • systemd New Fork (PID: 5700, Parent: 2935)
  • gvfs-udisks2-volume-monitor (PID: 5700, Parent: 2935, MD5: 4912ae23684d55062ac889dd671a8ab9) Arguments: /usr/libexec/gvfs-udisks2-volume-monitor
  • systemd New Fork (PID: 5745, Parent: 2935)
  • gvfs-mtp-volume-monitor (PID: 5745, Parent: 2935, MD5: 4ef31436eba465a14362dfe7e1d42ec3) Arguments: /usr/libexec/gvfs-mtp-volume-monitor
  • systemd New Fork (PID: 5748, Parent: 1)
  • journalctl (PID: 5748, Parent: 1, MD5: bf3a987344f3bacafc44efd882abda8b) Arguments: /usr/bin/journalctl --flush
  • systemd New Fork (PID: 5775, Parent: 2935)
  • gvfs-goa-volume-monitor (PID: 5775, Parent: 2935, MD5: 1c9b8b8b466cc3b27212ee9c1052a7b2) Arguments: /usr/libexec/gvfs-goa-volume-monitor
  • goa-daemon (PID: 5782, Parent: 5781, MD5: f442acdfc6465acfae3f9f0e05cf6fd3) Arguments: /usr/libexec/goa-daemon
  • systemd New Fork (PID: 5791, Parent: 2935)
  • Thunar (PID: 5791, Parent: 2935, MD5: ca35dca6175038f11f012b29178a4f46) Arguments: /usr/bin/Thunar --daemon
  • goa-identity-service (PID: 5796, Parent: 5795, MD5: 4e1e45c260caf0e8460ff7494a0e8553) Arguments: /usr/libexec/goa-identity-service
  • systemd New Fork (PID: 5814, Parent: 2935)
  • gvfs-afc-volume-monitor (PID: 5814, Parent: 2935, MD5: 724607394f380f47f39e25dd9e1d4825) Arguments: /usr/libexec/gvfs-afc-volume-monitor
  • systemd New Fork (PID: 5823, Parent: 2935)
  • gvfs-gphoto2-volume-monitor (PID: 5823, Parent: 2935, MD5: 8773afb2a78946b2c81024ed4c928353) Arguments: /usr/libexec/gvfs-gphoto2-volume-monitor
  • systemd New Fork (PID: 5844, Parent: 2935)
  • gvfsd-metadata (PID: 5844, Parent: 2935, MD5: 25b3740bd427cf3225e35be4bb2205aa) Arguments: /usr/libexec/gvfsd-metadata
  • systemd New Fork (PID: 5851, Parent: 2935)
  • xfce4-notifyd (PID: 5851, Parent: 2935, MD5: eee956f1b227c1d5031f9c61223255d1) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
  • systemd New Fork (PID: 5862, Parent: 1)
  • accounts-daemon (PID: 5862, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 5876, Parent: 5862, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 5877, Parent: 5876, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 5878, Parent: 5877, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 5879, Parent: 5878)
          • locale (PID: 5879, Parent: 5878, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 5880, Parent: 5878)
          • grep (PID: 5880, Parent: 5878, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5452.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Gafgyt_5bf62ce4unknownunknown
  • 0xb31f:$a: 89 E5 56 53 31 F6 8D 45 10 83 EC 10 89 45 F4 8B 55 F4 46 8D
5452.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Mirai_b14f4c5dunknownunknown
  • 0xb70:$a: 53 31 DB 8B 4C 24 0C 8B 54 24 08 83 F9 01 76 15 66 8B 02 83 E9 02 25 FF FF 00 00 83 C2 02 01 C3 83 F9 01 77 EB 49 75 05 0F BE 02 01 C3
5452.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Mirai_88de437funknownunknown
  • 0x7932:$a: 24 08 8B 4C 24 04 85 D2 74 0D 31 C0 89 F6 C6 04 08 00 40 39 D0
5452.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Mirai_389ee3e9unknownunknown
  • 0xb13c:$a: 89 45 00 EB 2C 8B 4B 04 8B 13 8B 7B 18 8B 01 01 02 8B 02 83
5452.1.0000000008048000.0000000008059000.r-x.sdmpLinux_Trojan_Mirai_cc93863bunknownunknown
  • 0x9704:$a: C3 57 8B 44 24 0C 8B 4C 24 10 8B 7C 24 08 F3 AA 8B 44 24 08
Click to see the 13 entries

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: na.elfVirustotal: Detection: 52%Perma Link
Source: na.elfReversingLabs: Detection: 47%
Machine Learning detection for sample
Source: na.elfJoe Sandbox ML: detected
Source: /usr/bin/ps (PID: 5567)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd (PID: 5692)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: global trafficTCP traffic: 192.168.2.13:44972 -> 194.120.230.54:57899
Source: /usr/libexec/gvfsd-trash (PID: 5833)Socket: unknown address familyJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)Socket: unknown address familyJump to behavior
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: cnc.merisprivate.net
Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
Source: na.elfString found in binary or memory: http://upx.sf.net

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 5452.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
Source: 5452.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5452.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5452.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5452.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5452.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5454.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
Source: 5454.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5454.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5454.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5454.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5454.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Source: 5455.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown
Source: 5455.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown
Source: 5455.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f Author: unknown
Source: 5455.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown
Source: 5455.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b Author: unknown
Source: 5455.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown
Sample tries to kill a massive number of system processes
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 660, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 726, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 727, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 778, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 780, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 790, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 792, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 797, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 802, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 803, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 855, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 884, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 914, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 3, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 4, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 9, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 11, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 21, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 22, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 23, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 24, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 25, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 27, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 28, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 77, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 78, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 79, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 80, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 81, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 82, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 83, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 84, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 85, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 89, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 91, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 124, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 125, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 126, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 127, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 128, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 131, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 142, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 158, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 203, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 204, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 205, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 206, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 207, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 216, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 219, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 220, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 221, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 222, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 223, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 224, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 225, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 226, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 227, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 228, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 229, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 230, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 231, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 232, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 233, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 234, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 235, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 236, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 237, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 238, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 239, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 240, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 241, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 242, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 243, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 244, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 245, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 246, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 247, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 248, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 249, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 250, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 251, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 252, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 253, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 254, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 255, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 256, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 257, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 258, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 259, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 260, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 261, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 262, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 263, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 264, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 265, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 266, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 267, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 268, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 269, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 270, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 271, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 272, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 273, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 274, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 275, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 327, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 328, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 347, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 378, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 418, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 419, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 490, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 656, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 657, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 658, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 659, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 672, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 674, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 678, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 679, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 680, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 765, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 767, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 800, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent to PID below 1000: pid: 917, result: successfulJump to behavior
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 660, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 726, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 727, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 778, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 780, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 790, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 792, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 797, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 802, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 803, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 855, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 884, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 914, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1400, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1444, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1475, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1480, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1482, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1563, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1588, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1604, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1745, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1751, result: no such processJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1765, result: no such processJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1804, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1805, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1832, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1847, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1866, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1879, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1881, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1884, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1891, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1906, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1925, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1930, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1940, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1944, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1946, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1969, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1982, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2926, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2961, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2964, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2972, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2974, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2984, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3069, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3095, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3104, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3114, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3117, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3122, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3132, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3134, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3146, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3147, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3153, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3158, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3161, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3181, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3182, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3183, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3185, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3203, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3208, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3209, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3212, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3220, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3225, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3246, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3300, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3310, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3327, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3336, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3342, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3375, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3413, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3420, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3424, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3429, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3434, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3448, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3619, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 5403, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 5404, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 5487, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 5533, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 5536, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 5559, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 4, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 9, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 11, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 21, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 22, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 23, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 24, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 25, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 27, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 28, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 77, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 78, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 79, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 80, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 81, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 82, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 83, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 84, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 85, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 89, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 91, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 124, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 125, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 126, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 127, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 128, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 131, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 142, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 158, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 203, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 204, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 205, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 206, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 207, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 216, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 219, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 220, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 221, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 222, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 223, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 224, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 225, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 226, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 227, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 228, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 229, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 230, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 231, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 232, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 233, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 234, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 235, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 236, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 237, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 238, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 239, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 240, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 241, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 242, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 243, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 244, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 245, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 246, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 247, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 248, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 249, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 250, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 251, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 252, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 253, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 254, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 255, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 256, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 257, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 258, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 259, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 260, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 261, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 262, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 263, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 264, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 265, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 266, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 267, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 268, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 269, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 270, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 271, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 272, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 273, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 274, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 275, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 327, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 328, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 347, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 378, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 418, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 419, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 490, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 656, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 657, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 658, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 659, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 672, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 674, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 678, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 679, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 680, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 765, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 767, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 800, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1238, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1320, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1648, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2496, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2935, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2936, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3164, result: successfulJump to behavior
Source: LOAD without section mappingsProgram segment: 0xc01000
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 660, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 726, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 727, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 778, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 780, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 790, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 792, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 797, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 802, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 803, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 855, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 884, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 914, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1400, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1444, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1475, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1480, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1482, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1563, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1588, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1604, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1745, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1751, result: no such processJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1765, result: no such processJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1804, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1805, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1832, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1847, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1866, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1879, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1881, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1884, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1891, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1906, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1925, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1930, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1940, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1944, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1946, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1969, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1982, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2926, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2961, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2964, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2972, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2974, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2984, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3069, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3095, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3104, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3114, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3117, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3122, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3132, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3134, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3146, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3147, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3153, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3158, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3161, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3181, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3182, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3183, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3185, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3203, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3208, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3209, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3212, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3220, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3225, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3246, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3300, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3310, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3327, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3336, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3342, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3375, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3413, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3420, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3424, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3429, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3434, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3448, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3619, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 5403, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 5404, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 5487, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 5533, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 5536, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 5559, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 4, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 9, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 11, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 21, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 22, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 23, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 24, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 25, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 27, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 28, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 77, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 78, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 79, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 80, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 81, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 82, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 83, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 84, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 85, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 89, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 91, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 124, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 125, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 126, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 127, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 128, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 131, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 142, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 158, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 203, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 204, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 205, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 206, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 207, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 216, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 219, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 220, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 221, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 222, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 223, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 224, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 225, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 226, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 227, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 228, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 229, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 230, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 231, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 232, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 233, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 234, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 235, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 236, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 237, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 238, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 239, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 240, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 241, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 242, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 243, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 244, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 245, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 246, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 247, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 248, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 249, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 250, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 251, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 252, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 253, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 254, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 255, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 256, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 257, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 258, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 259, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 260, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 261, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 262, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 263, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 264, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 265, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 266, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 267, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 268, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 269, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 270, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 271, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 272, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 273, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 274, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 275, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 327, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 328, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 347, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 378, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 418, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 419, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 490, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 656, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 657, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 658, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 659, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 672, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 674, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 678, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 679, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 680, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 765, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 767, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 800, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 917, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1238, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1320, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 1648, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2496, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2935, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 2936, result: successfulJump to behavior
Source: /tmp/na.elf (PID: 5455)SIGKILL sent: pid: 3164, result: successfulJump to behavior
Source: 5452.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5452.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5452.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5452.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5454.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
Source: 5454.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5454.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5454.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5454.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5454.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: 5455.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16
Source: 5455.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16
Source: 5455.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16
Source: 5455.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26
Source: 5455.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26
Source: 5455.1.0000000008048000.0000000008059000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26
Source: classification engineClassification label: mal88.spre.troj.evad.linELF@0/23@3/0

Data Obfuscation

barindex
Sample is packed with UPX
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Persistence and Installation Behavior

barindex
Sample reads /proc/mounts (often used for finding a writable filesystem)
Source: /bin/fusermount (PID: 5532)File: /proc/5532/mountsJump to behavior
Source: /bin/fusermount (PID: 5634)File: /proc/5634/mountsJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /home/saturnino/.drircJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /home/saturnino/.localJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/upower/upowerd (PID: 5568)Directory: <invalid fd (12)>/..Jump to behavior
Source: /usr/lib/upower/upowerd (PID: 5568)Directory: <invalid fd (11)>/..Jump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /home/saturnino/.localJump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5718)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5719)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /home/saturnino/.cacheJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /home/saturnino/.localJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Directory: /home/saturnino/.configJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/fonts-orya-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/fonts-telu-extra/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/fonts-yrsa-rasa/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/freefont/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/kacst/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/kacst-one/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/lao/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/lato/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/liberation/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/liberation2/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/lohit-assamese/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/lohit-bengali/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/lohit-devanagari/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/lohit-gujarati/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/lohit-kannada/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/lohit-malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/lohit-oriya/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/lohit-punjabi/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/lohit-tamil/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/lohit-tamil-classical/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/lohit-telugu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/malayalam/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/noto/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/openoffice/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/padauk/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/pagul/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/samyak/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/samyak-fonts/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/sinhala/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/tibetan-machine/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/tlwg/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/ttf-khmeros-core/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/truetype/ubuntu/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/type1/urw-base35/.uuidJump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Directory: /usr/share/fonts/X11/encodings/large/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /home/saturnino/.Xdefaults-galassiaJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /home/saturnino/.hiddenJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /.hiddenJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /home/.hiddenJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /home/saturnino/.local/share/fonts/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /home/saturnino/.fonts/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/X11/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/cMap/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/cmap/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/opentype/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/type1/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/X11/Type1/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/X11/encodings/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/X11/misc/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/X11/util/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/cmap/adobe-cns1/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/cmap/adobe-gb1/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/cmap/adobe-japan1/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/cmap/adobe-japan2/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/cmap/adobe-korea1/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/opentype/malayalam/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/opentype/mathjax/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/opentype/noto/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/opentype/urw-base35/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/Gargi/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/Gubbi/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/Nakula/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/Navilu/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/Sahadeva/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/Sarai/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/abyssinica/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/ancient-scripts/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/dejavu/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/droid/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/fonts-beng-extra/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/fonts-deva-extra/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/fonts-gujr-extra/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/fonts-guru-extra/.uuidJump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Directory: /usr/share/fonts/truetype/fonts-kalapi/.uuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5681/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5681/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5681/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5681/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5681/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5681/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5681/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5682/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5682/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5682/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5682/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5682/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5682/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5782/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5782/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5782/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5782/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5782/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5782/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5782/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5684/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5684/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5684/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5684/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5684/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5684/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5684/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5685/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5685/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5685/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5685/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5685/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5685/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5685/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5565/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5565/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5565/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5565/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5565/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5565/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5565/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5862/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5862/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5862/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5862/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5862/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5862/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5862/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/3164/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/3164/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/3164/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/3164/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/3164/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/3164/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/3164/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5718/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5718/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5718/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5718/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5718/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5718/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5718/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5719/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5719/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5719/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5719/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5719/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5719/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5719/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5692/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5692/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5692/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5692/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5692/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5692/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5692/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5791/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5791/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5791/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5791/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5791/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5791/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5791/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5697/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5697/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5697/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5697/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5697/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5697/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5697/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5851/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5851/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5851/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5851/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5851/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5851/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/5851/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cgroupJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/statusJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/commJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cmdlineJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/attr/currentJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/sessionidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/loginuidJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)File opened: /proc/660/cgroupJump to behavior
Source: /tmp/na.elf (PID: 5566)Shell command executed: sh -c "ps -A -o pid,cmd --no-headers"Jump to behavior
Source: /usr/share/language-tools/language-options (PID: 5878)Shell command executed: sh -c "locale -a | grep -F .utf8 "
Source: /bin/sh (PID: 5880)Grep executable: /usr/bin/grep -> grep -F .utf8
Source: /bin/sh (PID: 5567)Ps executable: /usr/bin/ps -> ps -A -o pid,cmd --no-headersJump to behavior
Source: /usr/bin/dash (PID: 5413)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.nNPFxb16jB /tmp/tmp.JAVKQHsnD7 /tmp/tmp.JJECfR6OHNJump to behavior
Source: /usr/bin/dash (PID: 5422)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.nNPFxb16jB /tmp/tmp.JAVKQHsnD7 /tmp/tmp.JJECfR6OHNJump to behavior
Source: /usr/bin/xfce4-session (PID: 5555)Rm executable: /usr/bin/rm -> rm -f /home/saturnino/.cache/sessions/Thunar-2ec7c2e14-9c4d-40f3-9704-8617ab831fb4Jump to behavior
Source: /usr/bin/ps (PID: 5567)Reads from proc file: /proc/meminfoJump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)Reads from proc file: /proc/meminfoJump to behavior
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5862)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5862)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)

Hooking and other Techniques for Hiding and Protection

barindex
Sample deletes itself
Source: /tmp/na.elf (PID: 5452)File: /tmp/na.elfJump to behavior
Source: na.elfSubmission file: segment LOAD with 7.8803 entropy (max. 8.0)
Source: /usr/bin/ps (PID: 5567)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd (PID: 5692)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
Source: /usr/bin/xfwm4 (PID: 5565)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfce4-panel (PID: 5576)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5718)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5719)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5722)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5724)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5726)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5746)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfdesktop (PID: 5609)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5644)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfdesktop (PID: 5645)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5681)Queries kernel information via 'uname': Jump to behavior
Source: /lib/systemd/systemd-journald (PID: 5682)Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd (PID: 5692)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/xfwm4 (PID: 5697)Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/Thunar (PID: 5791)Queries kernel information via 'uname':
Source: /usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd (PID: 5851)Queries kernel information via 'uname':
Source: na.elf, 5455.1.0000000008059000.000000000805c000.rw-.sdmpBinary or memory string: [DEBUG] Checking process: PID=727, Path=/usr/bin/vmtoolsdrvicemd-journald
Source: na.elf, 5455.1.0000000008528000.0000000008529000.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsdrvicemd-journald
Source: na.elf, 5455.1.0000000008059000.000000000805c000.rw-.sdmpBinary or memory string: [DEBUG] Killing process: PID=727, Path=/usr/bin/vmtoolsdrvicemd-journald

Language, Device and Operating System Detection

barindex
Reads system files that contain records of logged in users
Source: /usr/lib/accountsservice/accounts-daemon (PID: 5862)Logged in records file read: /var/log/wtmp

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		Path Interception1
File and Directory Permissions Modification		1
OS Credential Dumping		11
Security Software Discovery		Remote ServicesData from Local System1
Non-Standard Port		Exfiltration Over Other Network Medium2
Service Stop
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Hidden Files and Directories		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Obfuscated Files or Information		Security Account Manager1
System Owner/User Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
File Deletion		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets2
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528830 Sample: na.elf Startdate: 08/10/2024 Architecture: LINUX Score: 88 59 cnc.merisprivate.net 194.120.230.54, 44972, 57899 HKKFGL-AS-APHKKwaifongGroupLimitedHK unknown 2->59 61 daisy.ubuntu.com 2->61 65 Malicious sample detected (through community Yara rule) 2->65 67 Multi AV Scanner detection for submitted file 2->67 69 Machine Learning detection for sample 2->69 71 Sample is packed with UPX 2->71 10 dash rm na.elf 2->10         started        13 systemd gvfsd 2->13         started        15 systemd accounts-daemon 2->15         started        17 45 other processes 2->17 signatures3 process4 signatures5 77 Sample deletes itself 10->77 19 na.elf 10->19         started        21 gvfsd 13->21         started        23 gvfsd gvfsd-trash 13->23         started        79 Reads system files that contain records of logged in users 15->79 25 accounts-daemon language-validate 15->25         started        81 Sample reads /proc/mounts (often used for finding a writable filesystem) 17->81 27 xfce4-panel wrapper-2.0 17->27         started        29 xfce4-panel wrapper-2.0 17->29         started        31 xfce4-panel wrapper-2.0 17->31         started        33 3 other processes 17->33 process6 process7 35 na.elf 19->35         started        38 na.elf 19->38         started        40 gvfsd gvfsd-fuse 21->40         started        42 language-validate language-options 25->42         started        44 wrapper-2.0 xfpm-power-backlight-helper 27->44         started        signatures8 73 Sample tries to kill a massive number of system processes 35->73 75 Sample tries to kill multiple processes (SIGKILL) 35->75 46 na.elf sh 35->46         started        48 gvfsd-fuse fusermount 40->48         started        51 language-options sh 42->51         started        process9 signatures10 53 sh ps 46->53         started        63 Sample reads /proc/mounts (often used for finding a writable filesystem) 48->63 55 sh locale 51->55         started        57 sh grep 51->57         started        process11

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
na.elf52%VirustotalBrowse
na.elf47%ReversingLabsLinux.Trojan.Mirai
na.elf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
daisy.ubuntu.com0%VirustotalBrowse
cnc.merisprivate.net15%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://upx.sf.net0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
daisy.ubuntu.com
162.213.35.25
truefalseunknown
cnc.merisprivate.net
194.120.230.54
truefalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://upx.sf.netna.elftrue
  • URL Reputation: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
194.120.230.54
cnc.merisprivate.netunknown
133115HKKFGL-AS-APHKKwaifongGroupLimitedHKfalse

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
194.120.230.54r3M3VGE5AG.elfGet hashmaliciousUnknownBrowse
    na.elfGet hashmaliciousUnknownBrowse

      Domains

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      daisy.ubuntu.comna.elfGet hashmaliciousUnknownBrowse
      • 162.213.35.24
      na.elfGet hashmaliciousUnknownBrowse
      • 162.213.35.24
      na.elfGet hashmaliciousUnknownBrowse
      • 162.213.35.25
      na.elfGet hashmaliciousUnknownBrowse
      • 162.213.35.25
      na.elfGet hashmaliciousUnknownBrowse
      • 162.213.35.25
      na.elfGet hashmaliciousUnknownBrowse
      • 162.213.35.24
      na.elfGet hashmaliciousUnknownBrowse
      • 162.213.35.24
      na.elfGet hashmaliciousUnknownBrowse
      • 162.213.35.24
      na.elfGet hashmaliciousUnknownBrowse
      • 162.213.35.25
      na.elfGet hashmaliciousUnknownBrowse
      • 162.213.35.24
      cnc.merisprivate.netna.elfGet hashmaliciousUnknownBrowse
      • 194.120.230.54

      ASNs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      HKKFGL-AS-APHKKwaifongGroupLimitedHKr3M3VGE5AG.elfGet hashmaliciousUnknownBrowse
      • 194.120.230.54
      na.elfGet hashmaliciousGafgytBrowse
      • 103.218.208.171
      na.elfGet hashmaliciousGafgytBrowse
      • 103.218.19.2
      na.elfGet hashmaliciousGafgytBrowse
      • 103.218.19.0
      na.elfGet hashmaliciousGafgytBrowse
      • 103.218.208.182
      na.elfGet hashmaliciousGafgytBrowse
      • 103.218.89.105
      na.elfGet hashmaliciousGafgytBrowse
      • 103.218.208.188
      na.elfGet hashmaliciousUnknownBrowse
      • 194.120.230.54
      https://asbdjdas-asd.top/Get hashmaliciousUnknownBrowse
      • 39.109.126.218
      https://qwehikd-asdu.xyz/Get hashmaliciousUnknownBrowse
      • 39.109.126.218

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      /run/systemd/journal/streams/.#9:64623cOsG8P

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):223
      Entropy (8bit):5.533464487189194
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm+i4E6dXhWXAVNrqjq:SbFuFyLVIg1BG+f+M+4eNrqji4s
      MD5:B6F20957C3D7535C11C539B6B470326B
      SHA1:4750EFAAB25292D110838C266B6AF6BF9968CB13
      SHA-256:0EB040BB439602A50A04A70D6495D6DD4BF29CCE5F394A2F9462251BE7A8E1F6
      SHA-512:DA0FF06169005E70910BC6050C9496BE983934CEE7A3ADDF46833250D96A027CFBDADE92722998A35D3194E2E7DE1234E657725EC948B961DF5679723312FE88
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=40e758496e134887826df5d4332e2ef7.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

      /run/systemd/journal/streams/.#9:64646xQJskQ

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):228
      Entropy (8bit):5.465884763917617
      Encrypted:false
      SSDEEP:6:SbFuFyLVIg1BG+f+M9yQS31X3F2jdCt/rRMtq:qgFq6g10+f+M0Qed3FcCDL
      MD5:4AA99796AA6C3C4BCE4848DEF81B82E5
      SHA1:44681174BDEDC8A62D287BE09CFF37D9E2488750
      SHA-256:0CEB85D8ACEA9695AE4EB5274C88CB74BD400D1437E3482ADE275B054D5B24C2
      SHA-512:AF191365F416A16B453026BF409AB9DC9D96FC2078724D91FF56E7AA537110D3E68CA22A07BA104AB1A168E9E68A85826E0D940819EBF7B524B7A8F8A1550B86
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=a6d6be25737d49e5b40f75736ec12bf6.IDENTIFIER=whoopsie-upload-all.UNIT=apport-autoreport.service.

      /run/systemd/journal/streams/.#9:64662vLMv2P

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):208
      Entropy (8bit):5.379442931430704
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmusxe3FrsM8v8jsmNm:SbFuFyLVIg1BG+f+Musxe60jdCLKzK
      MD5:2B7AD279294938DBA4E2583770724A5D
      SHA1:BEADB55D26C2B92194870A84A1C252BD383B77D8
      SHA-256:638AE19743CE44DF6BB55D3288316C3ECC756890E566B82A530A17FCBBCB6F16
      SHA-512:C4E2070269D471CF5185A3D434E2CF788DC38153DA00E0778C8F6F9DCEE66F470FD8D738EE047B74758B01C4B6DBED9A8C0FEC3CA634834D1221D3280A728F33
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=dd929eae021f4334a7dc113977b4f5b9.IDENTIFIER=whoopsie.UNIT=whoopsie.service.

      /run/systemd/journal/streams/.#9:64663sYhzMS

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):216
      Entropy (8bit):5.4533417298859845
      Encrypted:false
      SSDEEP:6:SbFuFyLVK6g7/+BG+f+MonzdOACjFSBzfLRM/:qgFqo6g7/+0+f+Moz9ASBrLi/
      MD5:8D2FCF3E77541111198D401D8611C0A6
      SHA1:BE9463682D592F2034017A300ED4EFD07DFFCB8E
      SHA-256:AF8CD4273C48DEA8F9110474ADE90196E9A788269B05DCD339C84A3BD4A6E179
      SHA-512:8410873E9B3A0B567919D1BF1CA906F2032F99861B6B5F7F8E13A7B5508F8A65929B129DA1FC3AB6E9D97BAC049EE4C6EA20B7B58160103E74041CBFFC7A0333
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b1132abe7df24a15ba63f18ffbc4e3a0.IDENTIFIER=org.freedesktop.thumbnails.Thumbnailer1.

      /run/systemd/journal/streams/.#9:64666jJD8vQ

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):216
      Entropy (8bit):5.479118565508533
      Encrypted:false
      SSDEEP:6:SbFuFyLVI6g7/+BG+f+MAfDYcBqjFSBzfLRM/:qgFqdg7/+0+f+MArYu4SBrLi/
      MD5:1B6A3D5A50F5DDC6DBC04B5FDCBFF027
      SHA1:CFA0A24F42B30B0B7AB6373BE9C6983324FEFEEF
      SHA-256:84970C32DC47B7146BD31190E7153E20AB83F8A6534C8A79A6BBFD523CFDA8F1
      SHA-512:3C07C03D3A2FD63FB02EA53DCCD70E9095699E0EBB2E42807678CC1D6886006F2DA14E21CD2B901D4C29637397D7DAB75E96559285BF592ACF8FA17CD372FDC9
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=e1df437a56b2456d93a311dbb1f42675.IDENTIFIER=org.freedesktop.thumbnails.Thumbnailer1.

      /run/systemd/journal/streams/.#9:64686mRoq8P

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):205
      Entropy (8bit):5.5066311487436135
      Encrypted:false
      SSDEEP:6:SbFuFyLVIg1BG+f+MasUQJkHeG0jN/oIMv:qgFq6g10+f+MNoS/5Mv
      MD5:8125E7D429A9C863A514B4C7AB1DCE96
      SHA1:CC8080F8992FCB2B5E1AD5BB4D41F2C9DCA7DF7A
      SHA-256:3383381BAFC7511E6F958FC95C177B34DDFBC9518A8333985440BD82C025C9E5
      SHA-512:0E8EEC69DF5A0F107F6EE35CC6A1C3427BD5B16EA6E144BE988E5F7D0F18C93442A38255FAA0FD76379FD73FC0C9A6058F9389213D2852E6EB42AA48DF7C6256
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=32b3f098d780419c924059ea3bab1b56.IDENTIFIER=gvfs-udisks2-volume-monitor.

      /run/systemd/journal/streams/.#9:64687jxbULQ

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):201
      Entropy (8bit):5.407390000374536
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm5VH2dDuDvvswsjs2M:SbFuFyLVIg1BG+f+MH2dDuzv8jNUIbMv
      MD5:B3C003E5AD99886C49460B846520E617
      SHA1:AD995A87DE180CB361C045B8E5EEBA2EE4CE8C69
      SHA-256:13953267A50A2CC48120B5CE15FF2ED0B14566D930C32A97D6647051FA7ADD40
      SHA-512:1E872226E6285E09FEE2B81C7B584F1CAB0BC4AF70B68A89625E4F1B4A6E15929A97A02717BBFDD2F649417706DFDFFCFF0D9A90ECDCE2E9744F0B3D13363214
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=381cef9b81dc48c1a1a93d48d0e0f8cc.IDENTIFIER=gvfs-mtp-volume-monitor.

      /run/systemd/journal/streams/.#9:64688vmwmvP

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):223
      Entropy (8bit):5.4687962372148915
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm/hmDOztllkTjs7Lbr:SbFuFyLVIg1BG+f+MQDOztTkTji4s
      MD5:40FE4DAD3FAE3E8E4F8FB6329B954DFB
      SHA1:0E77FDBABA3E1469353E5DCF4B8F3F00E195B9BA
      SHA-256:C0D16BD807017B94D5332E0F5ECEF270B394C663118AE3EF8B461856E88F7FE8
      SHA-512:C548F787B605230202009E1C0169C18DED191A19B89AEB7B993D97BEE8C37F36F300F2FEB70F680E0943981F211D128DDEA3F5F3E4E610D487378EFE89C822B8
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=5eac9a64233a4bb0bcc08caebcfca8bf.IDENTIFIER=journalctl.UNIT=systemd-journal-flush.service.

      /run/systemd/journal/streams/.#9:64689Bs55PQ

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):201
      Entropy (8bit):5.451811825714937
      Encrypted:false
      SSDEEP:6:SbFuFyLVIg1BG+f+M40KnHTcWAjNpFHMv:qgFq6g10+f+M4hE/HMv
      MD5:B11216FDCD5D938E9D8503105AA5E58C
      SHA1:8091C106FE7DC8C2E6A8B371B1E970067F76F20E
      SHA-256:BA7BAEE701247401C104282A8C010B01B2374DD5FC70F93734437DCFC1703A93
      SHA-512:D5309ED8FE3EEAA8B49A11A20263F73248E50C6A7BE757AA6D89772C67F53EC2F7D35489705368D522FF540082A5FEA83A22BFC9BEAF22811235F5F3A0B8CA32
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=18cf438811cd429c964e9caf228e88c7.IDENTIFIER=gvfs-goa-volume-monitor.

      /run/systemd/journal/streams/.#9:64690bODurP

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):201
      Entropy (8bit):5.433780540828672
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOdvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm4A8RcWVEm6TlsjR:SbFuFyLVK6g7/+BG+f+M4AAz76qjFma
      MD5:A95E7D6632367F955565E142E89C720E
      SHA1:3790E812E1E55C891B2F9CCA415388FC59976904
      SHA-256:8B403AE395C2109BBABC5CDB59524BCBE0800DE373624ECFE35FF196965D148A
      SHA-512:23E409526F6779EF82E60B8560184B7AA8F787937774621D210BF1D2E036CCE6C04380C67404005D6F154C419FF0554944BEA29CA901A9869721034C3195DAFF
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=23bd05b68f1149cd82ac2f662ebd4e1b.IDENTIFIER=org.gnome.OnlineAccounts.

      /run/systemd/journal/streams/.#9:64691zJkajS

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):201
      Entropy (8bit):5.425564200259502
      Encrypted:false
      SSDEEP:6:SbFuFyLVI6g7/+BG+f+MocRZcAVLXwXrqjFma:qgFqdg7/+0+f+MoWZftwb4T
      MD5:B1D20B7A1290CDA20D3AFB063869EF29
      SHA1:27C4E2916A3600B3C82FB3F21CE5EF6617B0F0F3
      SHA-256:882F67185C4810726448D1B24EFE794ED8D374F5D86111B9227CE28AAF6D5AF1
      SHA-512:3930C9D52DD7FEE57CD51EA9226E5FCE7272BE74BBF8F5EF0D96BD42A5E763DBA6270902B30EDE9487AEBA94CE1BCE95D19608BE64D54DCB6379989785CD6E77
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=b65334cd349946b0a0f962dc16908b19.IDENTIFIER=org.gnome.OnlineAccounts.

      /run/systemd/journal/streams/.#9:64742dOFzNR

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):184
      Entropy (8bit):5.38045979878751
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm/UWGvq3ckV+sjsz:SbFuFyLVIg1BG+f+MaAckVTjA
      MD5:1C4AC1AE43AD26535183C158BF726FFF
      SHA1:CA06209BB23F8145B4DD6326C35A99FB7B7A18BD
      SHA-256:D92C26EE9D8A4A6B1E20A8B3AA736922AEF80D37CD34245FF35935C3743EF787
      SHA-512:E3D9421989CC13E66A4D40527A8CE922621148B375209867E2FAB61F69AA7AE35620652EE1952851BD4ABC532ABFCFCAB87C312F715F7DEF65FE115295BCA643
      Malicious:false
      Reputation:low
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=5f4c469c79894bd8b549d536f4209721.IDENTIFIER=Thunar.

      /run/systemd/journal/streams/.#9:64766DervMS

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):195
      Entropy (8bit):5.357202599553909
      Encrypted:false
      SSDEEP:6:SbFuFyLVK6g7/+BG+f+M8ov9MTnZjFmCuqE:qgFqo6g7/+0+f+M8olkQv
      MD5:E5E56D353E2C814C0DF98E47D21D75A8
      SHA1:B85D177F5BA43D24E44E473246E89989931E205D
      SHA-256:518BCFA951E35991D2763F0DFFB5FE6E1D737448D8759770F4D5689ACB63BD96
      SHA-512:4D90519E26191CBFE205AB21E199E57491AAEB635DBEF419AC5A24DF71CCD5CEEB346291E93F1D25DB92C1628205C6CF5D722444D3A1BBC5885798F843D87194
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=6.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=619a2a438b1a44a1a57667a0262712af.IDENTIFIER=org.gnome.Identity.

      /run/systemd/journal/streams/.#9:64767fTC4ZP

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):195
      Entropy (8bit):5.409404880703052
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOfvP69ms947z+h6SnLAqC+h6KV+h6CQzuxm4VU2PxhWG1uxsjU:SbFuFyLVI6g7/+BG+f+M4+yQqjFmCuqE
      MD5:D4E20AA2B4666BC6160D3BB8F7793AFD
      SHA1:963DC28319349A0AC73F27096CD00B70340C37A3
      SHA-256:D875030135DB8C6F4DBC101D27C98E4AD1C678C0055900E100A3DBF9A72CBEB1
      SHA-512:B9C3B8ADEB61066E877BA3EFC5F3E25EA82F08D440073E1FC25D91E6E3941487E2399F8513A0F6BFEEB551B0664018EB6EC91942B83A2FAD8CC7BF173C2AB092
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=4.LEVEL_PREFIX=0.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=28218d6fb57c49819d509ebda98ccb2a.IDENTIFIER=org.gnome.Identity.

      /run/systemd/journal/streams/.#9:648139XnuaQ

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):201
      Entropy (8bit):5.448667873248522
      Encrypted:false
      SSDEEP:6:SbFuFyLVIg1BG+f+MoGuRBhXJr4shTjN+Mv:qgFq6g10+f+MoGuZJcAF+Mv
      MD5:EFBBC344E78AFD52BA1495D5CE74CF0B
      SHA1:9F19B6B9DE5D849E0BE22698BE39F76B4E63E61E
      SHA-256:8D0EB668F00811506BA7B59DCBBF50B19179381B07EF6200CFA740AC5929F6BE
      SHA-512:4FC6A5B26E12433A89FEAC3FC73747F3581A72C7D04DFB281AB2C2E65E04D051A5874C6F7D6CF4BCCD77641DC79CD3AB6FF6E734EE07180A05ECC0FF1D40A965
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=bc59c3db218542e49f7aaac200dcc9ec.IDENTIFIER=gvfs-afc-volume-monitor.

      /run/systemd/journal/streams/.#9:64832vSLcMR

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):205
      Entropy (8bit):5.4547814390700005
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm5q197cA6EZh+sjs2E:SbFuFyLVIg1BG+f+MI1lY4jNxLjTMv
      MD5:8A702165B016DFC5D6A9E4552EB9970B
      SHA1:F13228398AB3485F78A20EAEB7CD59076C7A201E
      SHA-256:EC12313891AE23BC94E78BBBC4AF459AB3FC70E0505FDF0AB9D122328765CB74
      SHA-512:437B467D35A0F83B46C3864AEE20D46F28459A2BF5664627D696B2367A1C20E1EC3BC4265B6E51BBF46ECEA70392D6466CC8B051F60E820C92C7F76F95E52B08
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=3afb044b580e4958bdbee1c7901011f0.IDENTIFIER=gvfs-gphoto2-volume-monitor.

      /run/systemd/journal/streams/.#9:64868imKUKO

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):192
      Entropy (8bit):5.3577867016826595
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxm+DAQhRf9Sk4U8js2q:SbFuFyLVIg1BG+f+M+DbR1Skv8jNI0vG
      MD5:7BC6A981612CB5B668CC9ACD5A90A815
      SHA1:D051FB22F52EFC5C172D46FECBC5DD98FC724399
      SHA-256:21A2FB487BFDC553605A47104D337115FB83D05DECED573D9A59B9E30B919C78
      SHA-512:1269C3FD76B064F23995C11EE450254B11BD11BD2203DED4E7E3B8891DECCE3DD4E80E37411BB36A35CD74AA757E95A87E539518BC56EA61421C416B121DBA62
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=425db908e5dd441ca17727033471837e.IDENTIFIER=gvfsd-metadata.

      /run/systemd/journal/streams/.#9:649132pRsgP

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):191
      Entropy (8bit):5.390864608944674
      Encrypted:false
      SSDEEP:3:SbFVVmFyinKMsPOYsn9ms954Hh6SnLAqC+h6KV+h6CQzuxmpuSuXXHHRAGHADAEM:SbFuFyLVIg1BG+f+M0LHHGGgDXMqjw9B
      MD5:0462BFD2E1DCF4BF17004C898117046D
      SHA1:8E6A71B3E572F099A2EC953DC361DE216727A47E
      SHA-256:EF0099070E5CB65713FD27510844074275C4ED2B26724509971279E590D1A2F2
      SHA-512:C35043DE3D24ED9BDB6940F546ED0A467826ED5DE9BF3BC7287F2055C54A6106EE4180B994895981FD1B7D4A79A3A532E783B83C9ACBEBA54779AD8E55B062BF
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=c1cc7782b2bb4e408ebe8123ea5c8867.IDENTIFIER=xfce4-notifyd.

      /run/systemd/journal/streams/.#9:64966XK1sVQ

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:ASCII text
      Category:dropped
      Size (bytes):222
      Entropy (8bit):5.43359383713503
      Encrypted:false
      SSDEEP:6:SbFuFyLVIg1BG+f+MhUApd6RqjLTTIWTIL:qgFq6g10+f+MhZmsEWEL
      MD5:973B21A956923B751C6B3ECE574BCAEE
      SHA1:D97C539CBEA1BE1E813670E08F6E4B2F703FE030
      SHA-256:5F8685BEBE79B157E3B2BF7E3E8708F1BEADC1D69AC377F995B3325ABBD60ABC
      SHA-512:A598B79B67C565DD86E0E714301B7FEBFE70C14AE390B47D5CB9392A80EBA841834CECF7DAE4D306556D8F90B4A5752DDDB63A7B33F90171C6AE886F3FA8B546
      Malicious:false
      Preview:# This is private data. Do not parse.PRIORITY=30.LEVEL_PREFIX=1.FORWARD_TO_SYSLOG=0.FORWARD_TO_KMSG=0.FORWARD_TO_CONSOLE=0.STREAM_ID=309b654d669645a68898cedbf682d9a3.IDENTIFIER=accounts-daemon.UNIT=accounts-daemon.service.

      /run/user/1000/dconf/user

      Download File
      Process:/usr/libexec/goa-daemon
      File Type:very short file (no magic)
      Category:dropped
      Size (bytes):1
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:3::
      MD5:93B885ADFE0DA089CDF634904FD59F71
      SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
      SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
      SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
      Malicious:false
      Preview:.

      /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/system.journal

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:data
      Category:dropped
      Size (bytes):240
      Entropy (8bit):1.4365686235991302
      Encrypted:false
      SSDEEP:3:F31HlE+Jam0+//W+Jam0O//l:F30u0+Gu0O
      MD5:58469F1E386F4CAFC9C8BDC89F4EA244
      SHA1:E1202A56415377FB4A6031D3F7D0732DBC43B240
      SHA-256:548E86D7169556F99B19BD7A54F7D0F000ED0DC87786D7B35934FE7B032D31E5
      SHA-512:4EF379AFD66F38B906E86FF334D9004B4551D60286993329897B3D5E3F10EA68CA901D7A99C007A6B14FF1253D73630809A81FB36BBDBFF2A134A1CDFC180621
      Malicious:false
      Preview:LPKSHHRH.................R..|.J..S....k..................................R..|.J..S....k.........................................................................................................................................................

      /var/log/journal/ee49dfd4fa47433baee88884e2d7de7c/user-1000.journal

      Download File
      Process:/lib/systemd/systemd-journald
      File Type:data
      Category:dropped
      Size (bytes):240
      Entropy (8bit):1.459526019450492
      Encrypted:false
      SSDEEP:3:F31HlwQsV1o/KQsV1I:F3ARI/KR
      MD5:C2361CF5D7CE7DF60D6280175D119DE9
      SHA1:1E29E9486B3810DAE61D89B151749EB74FB25B40
      SHA-256:A08248AF2B423F1F35B005E2D2E139244D4824953F6B6A1FB4998DDF54A70CEB
      SHA-512:1EE4794BD0421E236C03E4BB8F6B504C5343074531FFDDCFF6A577101468DB17B07F4DF18B9A1D5163185DC38341B5A7288D62B6DBBBD6C73211460E9E74A588
      Malicious:false
      Preview:LPKSHHRH.................._d..M...=Zx...................................._d..M...=Zx..........................................................................................................................................................

      Static File Info

      General

      File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, no section header
      Entropy (8bit):7.8764361925820925
      TrID:
      • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
      • ELF Executable and Linkable format (generic) (4004/1) 49.84%
      File name:na.elf
      File size:35'724 bytes
      MD5:d67ab8e2b66b87b5665333176583e552
      SHA1:571fb2b837941d8d3fb4bef82a09d850696dd856
      SHA256:4244ef7ff56a2dab17f06c98131f61460ec9ca7eec6f7cb057d7e779c3079a65
      SHA512:4f3c3328163658af306c94d6d695dfbdf6acccb8ecd1bdd9d0a7fb8a5cddfa42e4d60c0bf0dc11b41ede464f6d8d7410df8417729702407a1f0788771c31e1c0
      SSDEEP:768:GQkMOB5/ZGQ9v6iSx515ZFT7jb6IBJ6V25I/LYPYDc:FkFB5ZGF/D7jb6u1IM9
      TLSH:94F2F1D2D1E3737CC416C17B820F5BE4B5266961BACE5EE36904DB960872C9076B0F11
      File Content Preview:.ELF........................4...........4. ...(.....................................................................Q.td...............................4UPX!....................`........?d..ELF.......d...m...4. ... .(......m..-.#.%....................*.}..

      Static ELF Info

      ELF header

      Class:ELF32
      Data:2's complement, little endian
      Version:1 (current)
      Machine:Intel 80386
      Version Number:0x1
      Type:EXEC (Executable file)
      OS/ABI:UNIX - Linux
      ABI Version:0
      Entry Point Address:0xc092a0
      Flags:0x0
      ELF Header Size:52
      Program Header Offset:52
      Program Header Size:32
      Number of Program Headers:3
      Section Header Offset:0
      Section Header Size:40
      Number of Section Headers:0
      Header String Table Index:0

      Program Segments

      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
      LOAD0x00xc010000xc010000x8a830x8a837.88030x5R E0x1000
      LOAD0x9800x805b9800x805b9800x00x00.00000x6RW 0x1000
      GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Oct 8, 2024 11:30:17.245333910 CEST4497257899192.168.2.13194.120.230.54
      Oct 8, 2024 11:30:17.250358105 CEST5789944972194.120.230.54192.168.2.13
      Oct 8, 2024 11:30:17.250447035 CEST4497257899192.168.2.13194.120.230.54
      Oct 8, 2024 11:30:17.250474930 CEST4497257899192.168.2.13194.120.230.54
      Oct 8, 2024 11:30:17.255426884 CEST5789944972194.120.230.54192.168.2.13
      Oct 8, 2024 11:30:17.255469084 CEST4497257899192.168.2.13194.120.230.54
      Oct 8, 2024 11:30:17.260354042 CEST5789944972194.120.230.54192.168.2.13
      Oct 8, 2024 11:30:27.259018898 CEST4497257899192.168.2.13194.120.230.54
      Oct 8, 2024 11:30:27.264179945 CEST5789944972194.120.230.54192.168.2.13
      Oct 8, 2024 11:30:27.432888985 CEST5789944972194.120.230.54192.168.2.13
      Oct 8, 2024 11:30:27.432944059 CEST4497257899192.168.2.13194.120.230.54
      Oct 8, 2024 11:30:27.767026901 CEST5789944972194.120.230.54192.168.2.13
      Oct 8, 2024 11:30:27.767108917 CEST4497257899192.168.2.13194.120.230.54
      Oct 8, 2024 11:31:27.815133095 CEST4497257899192.168.2.13194.120.230.54
      Oct 8, 2024 11:31:27.820216894 CEST5789944972194.120.230.54192.168.2.13
      Oct 8, 2024 11:31:27.989217997 CEST5789944972194.120.230.54192.168.2.13
      Oct 8, 2024 11:31:27.989280939 CEST4497257899192.168.2.13194.120.230.54
      Oct 8, 2024 11:31:28.767709970 CEST5789944972194.120.230.54192.168.2.13
      Oct 8, 2024 11:31:28.767777920 CEST4497257899192.168.2.13194.120.230.54

      UDP Packets

      TimestampSource PortDest PortSource IPDest IP
      Oct 8, 2024 11:30:17.237942934 CEST3793253192.168.2.138.8.8.8
      Oct 8, 2024 11:30:17.245141983 CEST53379328.8.8.8192.168.2.13
      Oct 8, 2024 11:30:44.160531998 CEST4441953192.168.2.131.1.1.1
      Oct 8, 2024 11:30:44.160531998 CEST5903753192.168.2.131.1.1.1
      Oct 8, 2024 11:30:44.168226004 CEST53590371.1.1.1192.168.2.13
      Oct 8, 2024 11:30:44.168246031 CEST53444191.1.1.1192.168.2.13

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Oct 8, 2024 11:30:17.237942934 CEST192.168.2.138.8.8.80x0Standard query (0)cnc.merisprivate.netA (IP address)IN (0x0001)false
      Oct 8, 2024 11:30:44.160531998 CEST192.168.2.131.1.1.10xd35aStandard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
      Oct 8, 2024 11:30:44.160531998 CEST192.168.2.131.1.1.10xa93bStandard query (0)daisy.ubuntu.com28IN (0x0001)false

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Oct 8, 2024 11:30:17.245141983 CEST8.8.8.8192.168.2.130x0No error (0)cnc.merisprivate.net194.120.230.54A (IP address)IN (0x0001)false
      Oct 8, 2024 11:30:44.168246031 CEST1.1.1.1192.168.2.130xd35aNo error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false
      Oct 8, 2024 11:30:44.168246031 CEST1.1.1.1192.168.2.130xd35aNo error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false

      System Behavior

      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/dash
      Arguments:-
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/rm
      Arguments:rm -f /tmp/tmp.nNPFxb16jB /tmp/tmp.JAVKQHsnD7 /tmp/tmp.JJECfR6OHN
      File size:72056 bytes
      MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/dash
      Arguments:-
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/cat
      Arguments:cat /tmp/tmp.nNPFxb16jB
      File size:43416 bytes
      MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/dash
      Arguments:-
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/head
      Arguments:head -n 10
      File size:47480 bytes
      MD5 hash:fd96a67145172477dd57131396fc9608

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/dash
      Arguments:-
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/tr
      Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
      File size:51544 bytes
      MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/dash
      Arguments:-
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/cut
      Arguments:cut -c -80
      File size:47480 bytes
      MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/dash
      Arguments:-
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/cat
      Arguments:cat /tmp/tmp.nNPFxb16jB
      File size:43416 bytes
      MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/dash
      Arguments:-
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/head
      Arguments:head -n 10
      File size:47480 bytes
      MD5 hash:fd96a67145172477dd57131396fc9608

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/dash
      Arguments:-
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/tr
      Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
      File size:51544 bytes
      MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/dash
      Arguments:-
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:11
      Start date (UTC):08/10/2024
      Path:/usr/bin/cut
      Arguments:cut -c -80
      File size:47480 bytes
      MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

      Chronological Activities


      General

      Start time (UTC):09:30:12
      Start date (UTC):08/10/2024
      Path:/usr/bin/dash
      Arguments:-
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:12
      Start date (UTC):08/10/2024
      Path:/usr/bin/rm
      Arguments:rm -f /tmp/tmp.nNPFxb16jB /tmp/tmp.JAVKQHsnD7 /tmp/tmp.JJECfR6OHN
      File size:72056 bytes
      MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

      Chronological Activities


      General

      Start time (UTC):09:30:16
      Start date (UTC):08/10/2024
      Path:/tmp/na.elf
      Arguments:/tmp/na.elf
      File size:35724 bytes
      MD5 hash:d67ab8e2b66b87b5665333176583e552

      Chronological Activities


      General

      Start time (UTC):09:30:16
      Start date (UTC):08/10/2024
      Path:/tmp/na.elf
      Arguments:-
      File size:35724 bytes
      MD5 hash:d67ab8e2b66b87b5665333176583e552

      Chronological Activities


      General

      Start time (UTC):09:30:16
      Start date (UTC):08/10/2024
      Path:/tmp/na.elf
      Arguments:-
      File size:35724 bytes
      MD5 hash:d67ab8e2b66b87b5665333176583e552

      Chronological Activities


      General

      Start time (UTC):09:30:16
      Start date (UTC):08/10/2024
      Path:/tmp/na.elf
      Arguments:-
      File size:35724 bytes
      MD5 hash:d67ab8e2b66b87b5665333176583e552

      Chronological Activities


      General

      Start time (UTC):09:30:21
      Start date (UTC):08/10/2024
      Path:/tmp/na.elf
      Arguments:-
      File size:35724 bytes
      MD5 hash:d67ab8e2b66b87b5665333176583e552

      Chronological Activities


      General

      Start time (UTC):09:30:21
      Start date (UTC):08/10/2024
      Path:/bin/sh
      Arguments:sh -c "ps -A -o pid,cmd --no-headers"
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:21
      Start date (UTC):08/10/2024
      Path:/bin/sh
      Arguments:-
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:21
      Start date (UTC):08/10/2024
      Path:/usr/bin/ps
      Arguments:ps -A -o pid,cmd --no-headers
      File size:137688 bytes
      MD5 hash:ab48054475a6f70f8e7fa847331f3327

      Chronological Activities


      General

      Start time (UTC):09:30:19
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gnome-session-binary
      Arguments:-
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      Chronological Activities


      General

      Start time (UTC):09:30:19
      Start date (UTC):08/10/2024
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-wacom
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:19
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gsd-wacom
      Arguments:/usr/libexec/gsd-wacom
      File size:39520 bytes
      MD5 hash:13778dd1a23a4e94ddc17ac9caa4fcc1

      Chronological Activities


      General

      Start time (UTC):09:30:19
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gnome-session-binary
      Arguments:-
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      Chronological Activities


      General

      Start time (UTC):09:30:19
      Start date (UTC):08/10/2024
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-sharing
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:19
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gsd-sharing
      Arguments:/usr/libexec/gsd-sharing
      File size:35424 bytes
      MD5 hash:e29d9025d98590fbb69f89fdbd4438b3

      Chronological Activities


      General

      Start time (UTC):09:30:19
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gnome-session-binary
      Arguments:-
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      Chronological Activities


      General

      Start time (UTC):09:30:19
      Start date (UTC):08/10/2024
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-keyboard
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:19
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gnome-session-binary
      Arguments:-
      File size:334664 bytes
      MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

      Chronological Activities


      General

      Start time (UTC):09:30:19
      Start date (UTC):08/10/2024
      Path:/bin/sh
      Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-color
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/usr/lib/upower/upowerd
      Arguments:/usr/lib/upower/upowerd
      File size:260328 bytes
      MD5 hash:1253eea2fe5fe4017069664284e326cd

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/usr/sbin/gdm3
      Arguments:-
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/etc/gdm3/PrimeOff/Default
      Arguments:/etc/gdm3/PrimeOff/Default
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/usr/sbin/gdm3
      Arguments:-
      File size:453296 bytes
      MD5 hash:2492e2d8d34f9377e3e530a61a15674f

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/etc/gdm3/PrimeOff/Default
      Arguments:/etc/gdm3/PrimeOff/Default
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gvfsd-fuse
      Arguments:-
      File size:47632 bytes
      MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/bin/fusermount
      Arguments:fusermount -u -q -z -- /run/user/1000/gvfs
      File size:39144 bytes
      MD5 hash:576a1b135c82bdcbc97a91acea900566

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-session
      Arguments:-
      File size:264752 bytes
      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfwm4
      Arguments:xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
      File size:420424 bytes
      MD5 hash:59defa3c00cc30d85ed77b738d55e9da

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-session
      Arguments:-
      File size:264752 bytes
      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-panel
      Arguments:xfce4-panel --display :1.0 --sm-client-id 2d6b1caf2-8023-452b-bd0d-d23295482740
      File size:375768 bytes
      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-session
      Arguments:-
      File size:264752 bytes
      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/usr/bin/rm
      Arguments:rm -f /home/saturnino/.cache/sessions/Thunar-2ec7c2e14-9c4d-40f3-9704-8617ab831fb4
      File size:72056 bytes
      MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-session
      Arguments:-
      File size:264752 bytes
      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

      Chronological Activities


      General

      Start time (UTC):09:30:20
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfdesktop
      Arguments:xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528
      File size:473520 bytes
      MD5 hash:dfb13e1581f80065dcea16f2476f16f2

      Chronological Activities


      General

      Start time (UTC):09:30:21
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-session
      Arguments:-
      File size:264752 bytes
      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

      Chronological Activities


      General

      Start time (UTC):09:30:21
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfwm4
      Arguments:xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
      File size:420424 bytes
      MD5 hash:59defa3c00cc30d85ed77b738d55e9da

      Chronological Activities


      General

      Start time (UTC):09:30:21
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Chronological Activities


      General

      Start time (UTC):09:30:21
      Start date (UTC):08/10/2024
      Path:/usr/lib/upower/upowerd
      Arguments:/usr/lib/upower/upowerd
      File size:260328 bytes
      MD5 hash:1253eea2fe5fe4017069664284e326cd

      Chronological Activities


      General

      Start time (UTC):09:30:21
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-session
      Arguments:-
      File size:264752 bytes
      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

      Chronological Activities


      General

      Start time (UTC):09:30:21
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-panel
      Arguments:xfce4-panel --display :1.0 --sm-client-id 2d6b1caf2-8023-452b-bd0d-d23295482740
      File size:375768 bytes
      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

      Chronological Activities


      General

      Start time (UTC):09:30:56
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-panel
      Arguments:-
      File size:375768 bytes
      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

      Chronological Activities


      General

      Start time (UTC):09:30:56
      Start date (UTC):08/10/2024
      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 6291464 systray "Notification Area" "Area where notification icons appear"
      File size:35136 bytes
      MD5 hash:ac0b8a906f359a8ae102244738682e76

      Chronological Activities


      General

      Start time (UTC):09:30:56
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-panel
      Arguments:-
      File size:375768 bytes
      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

      Chronological Activities


      General

      Start time (UTC):09:30:57
      Start date (UTC):08/10/2024
      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 6291465 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
      File size:35136 bytes
      MD5 hash:ac0b8a906f359a8ae102244738682e76

      Chronological Activities


      General

      Start time (UTC):09:30:57
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-panel
      Arguments:-
      File size:375768 bytes
      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

      Chronological Activities


      General

      Start time (UTC):09:30:57
      Start date (UTC):08/10/2024
      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 6291466 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
      File size:35136 bytes
      MD5 hash:ac0b8a906f359a8ae102244738682e76

      Chronological Activities


      General

      Start time (UTC):09:30:57
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-panel
      Arguments:-
      File size:375768 bytes
      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

      Chronological Activities


      General

      Start time (UTC):09:30:58
      Start date (UTC):08/10/2024
      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 6291467 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
      File size:35136 bytes
      MD5 hash:ac0b8a906f359a8ae102244738682e76

      Chronological Activities


      General

      Start time (UTC):09:31:24
      Start date (UTC):08/10/2024
      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
      Arguments:-
      File size:35136 bytes
      MD5 hash:ac0b8a906f359a8ae102244738682e76

      Chronological Activities


      General

      Start time (UTC):09:31:24
      Start date (UTC):08/10/2024
      Path:/usr/sbin/xfpm-power-backlight-helper
      Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
      File size:14656 bytes
      MD5 hash:3d221ad23f28ca3259f599b1664e2427

      Chronological Activities


      General

      Start time (UTC):09:30:58
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-panel
      Arguments:-
      File size:375768 bytes
      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

      Chronological Activities


      General

      Start time (UTC):09:30:58
      Start date (UTC):08/10/2024
      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 6291468 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
      File size:35136 bytes
      MD5 hash:ac0b8a906f359a8ae102244738682e76

      Chronological Activities


      General

      Start time (UTC):09:31:02
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-panel
      Arguments:-
      File size:375768 bytes
      MD5 hash:a15b657c7d54ac1385f1f15004ea6784

      Chronological Activities


      General

      Start time (UTC):09:31:02
      Start date (UTC):08/10/2024
      Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 6291469 actions "Action Buttons" "Log out, lock or other system actions"
      File size:35136 bytes
      MD5 hash:ac0b8a906f359a8ae102244738682e76

      Chronological Activities


      General

      Start time (UTC):09:30:21
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-session
      Arguments:-
      File size:264752 bytes
      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

      Chronological Activities


      General

      Start time (UTC):09:30:21
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfdesktop
      Arguments:xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528
      File size:473520 bytes
      MD5 hash:dfb13e1581f80065dcea16f2476f16f2

      Chronological Activities


      General

      Start time (UTC):09:30:25
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Chronological Activities


      General

      Start time (UTC):09:30:25
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gvfsd
      Arguments:/usr/libexec/gvfsd
      File size:39224 bytes
      MD5 hash:1fa32dace8ba066189a8eadd21bb172a

      Chronological Activities


      General

      Start time (UTC):09:30:27
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gvfsd
      Arguments:-
      File size:39224 bytes
      MD5 hash:1fa32dace8ba066189a8eadd21bb172a

      Chronological Activities


      General

      Start time (UTC):09:30:27
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gvfsd
      Arguments:-
      File size:39224 bytes
      MD5 hash:1fa32dace8ba066189a8eadd21bb172a

      Chronological Activities


      General

      Start time (UTC):09:30:27
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gvfsd-fuse
      Arguments:/usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
      File size:47632 bytes
      MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

      Chronological Activities


      General

      Start time (UTC):09:30:28
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gvfsd-fuse
      Arguments:-
      File size:47632 bytes
      MD5 hash:d18fbf1cbf8eb57b17fac48b7b4be933

      Chronological Activities


      General

      Start time (UTC):09:30:28
      Start date (UTC):08/10/2024
      Path:/bin/fusermount
      Arguments:fusermount -o rw,nosuid,nodev,subtype=gvfsd-fuse -- /run/user/1000/gvfs
      File size:39144 bytes
      MD5 hash:576a1b135c82bdcbc97a91acea900566

      Chronological Activities


      General

      Start time (UTC):09:31:26
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gvfsd
      Arguments:-
      File size:39224 bytes
      MD5 hash:1fa32dace8ba066189a8eadd21bb172a

      Chronological Activities


      General

      Start time (UTC):09:31:26
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gvfsd-trash
      Arguments:/usr/libexec/gvfsd-trash --spawner :1.62 /org/gtk/gvfs/exec_spaw/0
      File size:55608 bytes
      MD5 hash:7bd262bd2ff379d0da45f8595163824d

      Chronological Activities


      General

      Start time (UTC):09:30:26
      Start date (UTC):08/10/2024
      Path:/usr/bin/dbus-daemon
      Arguments:-
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      Chronological Activities


      General

      Start time (UTC):09:30:26
      Start date (UTC):08/10/2024
      Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
      File size:112880 bytes
      MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9

      Chronological Activities


      General

      Start time (UTC):09:30:29
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-session
      Arguments:-
      File size:264752 bytes
      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

      Chronological Activities


      General

      Start time (UTC):09:30:29
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfwm4
      Arguments:xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
      File size:420424 bytes
      MD5 hash:59defa3c00cc30d85ed77b738d55e9da

      Chronological Activities


      General

      Start time (UTC):09:30:29
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-session
      Arguments:-
      File size:264752 bytes
      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

      Chronological Activities


      General

      Start time (UTC):09:30:30
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfdesktop
      Arguments:xfdesktop --display :1.0 --sm-client-id 260d40b3c-9c6a-4cb1-bbe4-3557725aa528
      File size:473520 bytes
      MD5 hash:dfb13e1581f80065dcea16f2476f16f2

      Chronological Activities


      General

      Start time (UTC):09:30:30
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Chronological Activities


      General

      Start time (UTC):09:30:30
      Start date (UTC):08/10/2024
      Path:/lib/systemd/systemd-user-runtime-dir
      Arguments:/lib/systemd/systemd-user-runtime-dir stop 127
      File size:22672 bytes
      MD5 hash:d55f4b0847f88131dbcfb07435178e54

      Chronological Activities


      General

      Start time (UTC):09:30:37
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Chronological Activities


      General

      Start time (UTC):09:30:37
      Start date (UTC):08/10/2024
      Path:/usr/bin/journalctl
      Arguments:/usr/bin/journalctl --smart-relinquish-var
      File size:80120 bytes
      MD5 hash:bf3a987344f3bacafc44efd882abda8b

      Chronological Activities


      General

      Start time (UTC):09:30:37
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-session
      Arguments:-
      File size:264752 bytes
      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

      Chronological Activities


      General

      Start time (UTC):09:30:38
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfwm4
      Arguments:xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
      File size:420424 bytes
      MD5 hash:59defa3c00cc30d85ed77b738d55e9da

      Chronological Activities


      General

      Start time (UTC):09:30:38
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      Chronological Activities


      General

      Start time (UTC):09:30:38
      Start date (UTC):08/10/2024
      Path:/lib/systemd/systemd-journald
      Arguments:/lib/systemd/systemd-journald
      File size:162032 bytes
      MD5 hash:474667ece6cecb5e04c6eb897a1d0d9e

      Chronological Activities


      General

      Start time (UTC):09:30:43
      Start date (UTC):08/10/2024
      Path:/usr/bin/dbus-daemon
      Arguments:-
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      Chronological Activities


      General

      Start time (UTC):09:30:43
      Start date (UTC):08/10/2024
      Path:/usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd
      Arguments:/usr/lib/x86_64-linux-gnu/tumbler-1/tumblerd
      File size:149888 bytes
      MD5 hash:2ef099898845e9c5ec6f1a6fd3ad61af

      Chronological Activities


      General

      Start time (UTC):09:30:46
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfce4-session
      Arguments:-
      File size:264752 bytes
      MD5 hash:648919f03ad356720c8c27f5aaaf75d1

      Chronological Activities


      General

      Start time (UTC):09:30:46
      Start date (UTC):08/10/2024
      Path:/usr/bin/xfwm4
      Arguments:xfwm4 --display :1.0 --sm-client-id 27575c7dd-2dac-48f0-9f3a-eff67ec043e5
      File size:420424 bytes
      MD5 hash:59defa3c00cc30d85ed77b738d55e9da

      Chronological Activities


      General

      Start time (UTC):09:30:49
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      General

      Start time (UTC):09:30:49
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gvfs-udisks2-volume-monitor
      Arguments:/usr/libexec/gvfs-udisks2-volume-monitor
      File size:199648 bytes
      MD5 hash:4912ae23684d55062ac889dd671a8ab9

      General

      Start time (UTC):09:31:01
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      General

      Start time (UTC):09:31:01
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gvfs-mtp-volume-monitor
      Arguments:/usr/libexec/gvfs-mtp-volume-monitor
      File size:113032 bytes
      MD5 hash:4ef31436eba465a14362dfe7e1d42ec3

      General

      Start time (UTC):09:31:04
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      General

      Start time (UTC):09:31:04
      Start date (UTC):08/10/2024
      Path:/usr/bin/journalctl
      Arguments:/usr/bin/journalctl --flush
      File size:80120 bytes
      MD5 hash:bf3a987344f3bacafc44efd882abda8b

      General

      Start time (UTC):09:31:08
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      General

      Start time (UTC):09:31:08
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gvfs-goa-volume-monitor
      Arguments:/usr/libexec/gvfs-goa-volume-monitor
      File size:117128 bytes
      MD5 hash:1c9b8b8b466cc3b27212ee9c1052a7b2

      General

      Start time (UTC):09:31:09
      Start date (UTC):08/10/2024
      Path:/usr/bin/dbus-daemon
      Arguments:-
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      General

      Start time (UTC):09:31:09
      Start date (UTC):08/10/2024
      Path:/usr/libexec/goa-daemon
      Arguments:/usr/libexec/goa-daemon
      File size:55776 bytes
      MD5 hash:f442acdfc6465acfae3f9f0e05cf6fd3

      General

      Start time (UTC):09:31:14
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      General

      Start time (UTC):09:31:14
      Start date (UTC):08/10/2024
      Path:/usr/bin/Thunar
      Arguments:/usr/bin/Thunar --daemon
      File size:901328 bytes
      MD5 hash:ca35dca6175038f11f012b29178a4f46

      General

      Start time (UTC):09:31:15
      Start date (UTC):08/10/2024
      Path:/usr/bin/dbus-daemon
      Arguments:-
      File size:249032 bytes
      MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

      General

      Start time (UTC):09:31:15
      Start date (UTC):08/10/2024
      Path:/usr/libexec/goa-identity-service
      Arguments:/usr/libexec/goa-identity-service
      File size:158096 bytes
      MD5 hash:4e1e45c260caf0e8460ff7494a0e8553

      General

      Start time (UTC):09:31:21
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      General

      Start time (UTC):09:31:21
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gvfs-afc-volume-monitor
      Arguments:/usr/libexec/gvfs-afc-volume-monitor
      File size:113032 bytes
      MD5 hash:724607394f380f47f39e25dd9e1d4825

      General

      Start time (UTC):09:31:24
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      General

      Start time (UTC):09:31:24
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gvfs-gphoto2-volume-monitor
      Arguments:/usr/libexec/gvfs-gphoto2-volume-monitor
      File size:117128 bytes
      MD5 hash:8773afb2a78946b2c81024ed4c928353

      General

      Start time (UTC):09:31:33
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      General

      Start time (UTC):09:31:33
      Start date (UTC):08/10/2024
      Path:/usr/libexec/gvfsd-metadata
      Arguments:/usr/libexec/gvfsd-metadata
      File size:88456 bytes
      MD5 hash:25b3740bd427cf3225e35be4bb2205aa

      General

      Start time (UTC):09:31:35
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      General

      Start time (UTC):09:31:35
      Start date (UTC):08/10/2024
      Path:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
      Arguments:/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
      File size:112872 bytes
      MD5 hash:eee956f1b227c1d5031f9c61223255d1

      General

      Start time (UTC):09:31:47
      Start date (UTC):08/10/2024
      Path:/usr/lib/systemd/systemd
      Arguments:-
      File size:1620224 bytes
      MD5 hash:9b2bec7092a40488108543f9334aab75

      General

      Start time (UTC):09:31:47
      Start date (UTC):08/10/2024
      Path:/usr/lib/accountsservice/accounts-daemon
      Arguments:/usr/lib/accountsservice/accounts-daemon
      File size:203192 bytes
      MD5 hash:01a899e3fb5e7e434bea1290255a1f30

      General

      Start time (UTC):09:31:49
      Start date (UTC):08/10/2024
      Path:/usr/lib/accountsservice/accounts-daemon
      Arguments:-
      File size:203192 bytes
      MD5 hash:01a899e3fb5e7e434bea1290255a1f30

      General

      Start time (UTC):09:31:49
      Start date (UTC):08/10/2024
      Path:/usr/share/language-tools/language-validate
      Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time (UTC):09:31:49
      Start date (UTC):08/10/2024
      Path:/usr/share/language-tools/language-validate
      Arguments:-
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time (UTC):09:31:49
      Start date (UTC):08/10/2024
      Path:/usr/share/language-tools/language-options
      Arguments:/usr/share/language-tools/language-options
      File size:3478464 bytes
      MD5 hash:16a21f464119ea7fad1d3660de963637

      General

      Start time (UTC):09:31:49
      Start date (UTC):08/10/2024
      Path:/usr/share/language-tools/language-options
      Arguments:-
      File size:3478464 bytes
      MD5 hash:16a21f464119ea7fad1d3660de963637

      General

      Start time (UTC):09:31:49
      Start date (UTC):08/10/2024
      Path:/bin/sh
      Arguments:sh -c "locale -a | grep -F .utf8 "
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time (UTC):09:31:49
      Start date (UTC):08/10/2024
      Path:/bin/sh
      Arguments:-
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time (UTC):09:31:49
      Start date (UTC):08/10/2024
      Path:/usr/bin/locale
      Arguments:locale -a
      File size:58944 bytes
      MD5 hash:c72a78792469db86d91369c9057f20d2

      General

      Start time (UTC):09:31:49
      Start date (UTC):08/10/2024
      Path:/bin/sh
      Arguments:-
      File size:129816 bytes
      MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

      General

      Start time (UTC):09:31:49
      Start date (UTC):08/10/2024
      Path:/usr/bin/grep
      Arguments:grep -F .utf8
      File size:199136 bytes
      MD5 hash:1e6ebb9dd094f774478f72727bdba0f5